[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. django135

    django135 Network Newbie Member

    Found another bug with MultiWAN and MultiWAN routing.
    Tomato creates the WANn routing tables but it only adds a route for br0 network in those new tables, so in case of creating a virtual wireless with a new bridge and then using multiwan routing to route the ip range of the new bridge to WAN2 for example, DNS doesn't work because there's no route for the new bridge in the WANn routing table.

    Example:
    br0 - Main bridge - IP Range 192.168.1.0/24
    br1 - Second bridge - IP Range 192.168.46.0/24 ( 46 = 4G ).

    The desire is to let br1 always have its traffic go out over the 4G interface (eth3).

    Tomato MultiWAN mechanism creates the following rules:
    # ip rule show
    Code:
    root@zankoku:/tmp/home/root# ip rule show
    0:      from all lookup local
    101:    from ISP.WAN1.IP lookup WAN1
    102:    from 4G.WAN2.IP lookup WAN2
    111:    from all to ISP.DNS1.IP lookup WAN1
    111:    from all to ISP.DNS2.IP lookup WAN1
    112:    from all to 4G.DNS.IP lookup WAN2
    121:    from all fwmark 0x100/0xf00 lookup WAN1
    122:    from all fwmark 0x200/0xf00 lookup WAN2
    32766:  from all lookup main
    32767:  from all lookup default
    
    When you add a rule to route 192.168.46.0/24 to WAN2 in the MultiWAN routing section in the GUI it adds an entry in iptables mangle table, WAN_PBR chain to mark the connection 0x200.

    Code:
    -P PREROUTING ACCEPT
    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -P POSTROUTING ACCEPT
    -N WAN_1
    -N WAN_2
    -N WAN_PBR
    -A PREROUTING -i eth3 -j DSCP --set-dscp 0x00
    -A PREROUTING -i ppp0 -j DSCP --set-dscp 0x00
    -A PREROUTING -d 192.168.1.0/24 -i ppp0 -j DROP
    -A PREROUTING -d 192.168.46.0/24 -i ppp0 -j DROP
    -A PREROUTING -d 192.168.1.0/24 -i eth3 -j DROP
    -A PREROUTING -d 192.168.46.0/24 -i eth3 -j DROP
    -A PREROUTING -i ppp0 -j WAN_1
    -A PREROUTING -i eth3 -j WAN_2
    -A PREROUTING -i br+ -j WAN_PBR
    -A PREROUTING -i br+ -m conntrack --ctstate RELATED,ESTABLISHED -j CONNMARK --re                                   store-mark --nfmask 0xffffffff --ctmask 0xffffffff
    -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j CONNMARK --restore-mark                                    --nfmask 0xffffffff --ctmask 0xffffffff
    -A POSTROUTING -o ppp0 -j WAN_1
    -A POSTROUTING -o eth3 -j WAN_2
    -A WAN_1 -m conntrack --ctstate NEW -j CONNMARK --set-return 0x100/0xf00
    -A WAN_2 -m conntrack --ctstate NEW -j CONNMARK --set-return 0x200/0xf00
    -A WAN_PBR -m state --state RELATED,ESTABLISHED -j RETURN
    -A WAN_PBR -s 192.168.46.0/24 -j WAN_2
    
    so this causes the packet to be marked with 0x200/0xf00 which is processed by the ip rule above to be routed according to WAN2 table.

    # ip route show table WAN2
    Code:
    ISP.GW.IP dev ppp0  proto kernel  scope link  src ISP.WAN1.IP
    192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
    192.168.8.0/24 dev eth3  proto kernel  scope link  src 192.168.8.100
    127.0.0.0/8 dev lo  scope link
    default via 192.168.8.1 dev eth3
    
    There is no route for 192.168.46.0 added (the other bridge), only added for the primary bridge br0. So DNS in the 192.168.46.x network doesn't work because dnsmasq tries to reply to 192.168.46.x but because there's no route, the reply is sent out over the default route which is the eth3 interface.

    Solution:
    When creating WANx multiwan routing tables, loop over all configured bridges and add routes to them, not just the primary bridge.
     
  2. encore2097

    encore2097 Network Guru Member

    UPnP / NAT-PMP seems to be having issues as well. Works when freshly enabled (off, wait then on) stops working shortly after.
     
  3. Mikey32230

    Mikey32230 New Member Member

    It seems the NGINX Custom Configuration boxes in the web GUI do not work at all for me. Does anyone know of/ have this issue?

    If i add anything to any of the custom configuration textboxes, save the changes and restart the nginx service, nothing gets added to the /etc/nginx/nginx.conf file. However, I'm able to manually edit and add to the nginx.conf file as long as the "keep config files" box is checked.

    According to the Help Notes, it seems these text boxes should insert/append their contents to the respective sections of the nginx.conf file:

    • NGINX Custom Configuration: You can add other values to nginx.conf to suit your needs.
    • NGINX HTTP Section Custom Configuration: You can add other values to nginx.conf in declaration of http {} to suit your needs.
    • NGINX SERVER Section Custom Configuration: You can add other values to nginx.conf in declaration of server {} to suit your

    I have the latest FreshTomato build on a netgear R7000. Anyone have the issue?
     
  4. Elfew

    Elfew Network Guru Member

    I dont think so :(
     
  5. swaaye

    swaaye Network Guru Member

    I think CTF is incompatible with QOS on Merlin too. CTF is just very limiting in what it allows you to do beyond the bare essentials.
     
    Last edited: Jun 3, 2019
  6. hery71

    hery71 Serious Server Member

    MYSQL problem cannot access it remotly from internet wih public_address:3306
    Try to change my.cnf because skip-external-locking is not commented!
    Te realley problem is after reboot my.cnf will change to the same originall file.
    If someone have a solution ?
    I will be very good
    Hery
     
  7. Bunsen

    Bunsen Reformed Router Member

    Please start a new post in the appropriate thread - It doesn't belong in this thread which is for discussion of the FreshTomato firmware.
    Thanks and good luck!
     
  8. hery71

    hery71 Serious Server Member

    @Bunsen the problem is on Freshtomato Firmware :
    my configuration is
    Netgear R7000
    FreshTomato Firmware 2019.1 K26ARM USB AIO-64K
    Best regards
    Hery
     
  9. Justio

    Justio Addicted to LI Member

    Maybe it is, maybe not. It depends....

    For your info, this thread (FreshTomato MIPS also) has become bloated with random posts of users not knowing how to correctly open a "new thread" for their particular problem, so... the people with the knowledge have become tired and, in the last months, they do not bother to reply anymore....which, from my point of view, is a good thing.

    It's your choice!
    Always ;)

    Apologies in advance to kille and pedro for the off-topic.

    regards.
     
    Last edited: Jun 6, 2019
  10. encore2097

    encore2097 Network Guru Member

    On Merlin, with CTF enabled you can only use the "automated" Trend Micro QoS, which has pre-defined categories like: Gaming, VOIP, Web, P2P, etc..

    which helps but is not great. With CTF on bandwidth monitoring, UPnP+NAT/PMP work as well.

    If backport is too difficult, then maybe its easier to find a low power x86 or dual gigabit NIC ARM device and run a minimal linux distro with iptables.
     
  11. ipse

    ipse Network Guru Member

    Apologies if this has been asked and answered before - if it did, I couldn't find it.
    Haven't looked at this forum in over 2 years and I'm reasonably happy with Shibby 132 but it's really outdated and despite not being paranoid, I'm concerned with security fixes that I'm missing.

    So: can I drop the latest Fresh Tomato OVER the existing Shibby install (and retain the config) or do i have to start from scratch (back to factory, flash initial FT, flash current one).

    (yes, you'd be right to call me lazy...but I built an extensive static DHCP db, a massive QoS config, scripts, etc)
     
    Last edited: Jun 7, 2019
  12. Jose C

    Jose C Serious Server Member

    sometimes you can just drop fresh tomato over shibby but you might get weird issues, best thing is start clean
     
    ipse likes this.
  13. pedro311

    pedro311 Addicted to LI Member

    You can always try to dirty flash from tomato 132 to latest FreshTomato.
    BUT if you run into ANY problems, don't report here before you do CLEAN install of FreshTomato.
    Thanks.
     
  14. oby-1k

    oby-1k Connected Client Member

    I've compiled the latest source code up to 06/06 (arm branch) with same results.

    When I use compilation made on 05/05, The VPN Client works flawlessly, but with the same configuration, the selective routing under routing policy basically does not work. I've tried both Enabling and Disabling the internal firewall (and I reckon I should be using this option disabled) but no luck.

    I've compared IPTables and I can see all the rules created under the INPUT, FORWARD and POSTROUTING chains.

    Here is my VPN Client config:
    Code:
    vpn_client2_digest=default
    vpn_client2_noexec=1
    vpn_client2_nm=255.255.255.0
    vpn_client2_rgw=0
    vpn_client2_route=1
    vpn_client2_fw=0
    vpn_client2_username=****
    vpn_client2_gw=
    vpn_client2_port=****
    vpn_client2_nobind=1
    vpn_client2_crt=
    vpn_client2_hmac=1
    vpn_client2_cipher=default
    vpn_client2_crypt=tls
    vpn_client2_nat=1
    vpn_client2_ncp_enable=1
    vpn_client2_if=tun
    vpn_client2_proto=udp
    vpn_client2_poll=3
    vpn_client2_rg=0
    vpn_client2_rdnsmasq=1
    vpn_client2_static=
    vpn_client2_br=br0
    vpn_client2_ncp_ciphers=AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
    vpn_client2_key=
    vpn_client2_addr=****
    vpn_client2_local=*****
    vpn_client2_ca=
    vpn_client2_useronly=0
    vpn_client2_comp=-1
    vpn_client2_cn=
    vpn_client2_custom=fast-io
    vpn_client2_remote=*****
    vpn_client2_firewall=auto
    vpn_client2_nopull=1
    vpn_client2_routing_val=1<3<www.whatismyip.net>*****
    vpn_client2_password=*****
    vpn_client2_adns=1
    vpn_client2_tlsremote=0
    vpn_client2_bridge=1
    vpn_client2_reneg=-1
    vpn_client2_userauth=1
    vpn_client2_retry=-1
     
  15. pedro311

    pedro311 Addicted to LI Member

    M_ars and kille72 like this.
  16. oby-1k

    oby-1k Connected Client Member

    There must be something wrong with my build then, I can still see the options

    "route-nopull" and "route-noexec" under the advanced tab.

    Will check that.

    Thank you
     
  17. pedro311

    pedro311 Addicted to LI Member

    Ctrl+F5 and/or clean browser cache (just said it 100+ times).
     
  18. oby-1k

    oby-1k Connected Client Member

    It turned out that the head of my local repository was stuck on a bitbucket commit on 22/05, missing the latest fixes for OpenVPN. So although my compilation was done a few days ago, the code was old.

    Had to refresh the whole repository.

    Now it's working like charm.

    Thanks for the help.
     
  19. Botho

    Botho Networkin' Nut Member

    It should be nice to write DNS and not IP in the generated client file (ovpn file) according DDNS config?

    Great fork, use it since 2 years old now with never a problem into my R7000 !
    Regard
     
  20. Shahnewaz

    Shahnewaz Network Newbie Member

    I've been using the 2019.2 version for a while and it seems like the 2.4GHz band doesn't work properly. What are the steps to log and diagnose?
    Router: Netgear R7000
    All devices do connect to the network but have trouble using the internet once connected.
    The problem does not appear on the 5GHz band or LAN.
     
  21. Magister

    Magister LI Guru Member

    Absolutely, I had the same problem, after a few days the router would reboot. I noticed my rarely used printer (only 2.4) sometimes was not reachable when I needed it. I connected to it via USB and tried all kind or trick, renew, reboot, unplugging, etc, nothing. I had to reboot the router for the printer to come alive.

    Also I had a 2.4GHz device that was not seeing my 2.4 network, only the 5GHz. At one time someone mentionned he had to disable his 2.4, so I disabled mine, waited a few seconds, re-enable it (via the overview webpage), my device saw the 2.4 right away, and since that, no reboot, I'm at 34 days.

    But definitively there is a problem with the 2.4 in 2019.2
     
    jradams76 likes this.
  22. jradams76

    jradams76 Network Newbie Member

    I'm also experiencing some reboots but not sure if its the 2.4GHz or not I will try shutting it off and see if I can last longer than a couple days.

    Some others seem to be having the same issue here
     
  23. JoeDirte

    JoeDirte Networkin' Nut Member

    For a contrary / non-rebooting R7000 data point - I'm running 2019.2 on R7000. No reboots here unless commanded by me. 2.4GHz is working fine. I don't use 5Ghz b/c I have legacy devices that don't support it and a large property with no nearby neighbors so 2.4 is better for me with its better range. Only thing not working is uPnP so I've turned it off until that's fixed in a future build. I can repro the uPnP issue if anyone cares.

    In case it matters: I'm bridged to my ADSL modem and use PPPoE on the R7000. Not using multi-WAN.
     
    Last edited: Jun 10, 2019
  24. lancethepants

    lancethepants Network Guru Member

    I did have a random reboot yesterday.
     
  25. pedro311

    pedro311 Addicted to LI Member

    Ok, guys. So let's find what is the issue.
    But without your help it's impossible...
     
    kille72 and txnative like this.
  26. txnative

    txnative Addicted to LI Member

    It would be easier to post in the R7000 random reboots, also post what you've done to correct the problem. If users post in here and not in the R7000 random reboots then it may get missed as this problem needs to stay in one place not two places.
     
    M_ars and pedro311 like this.
  27. joew333

    joew333 Network Guru Member

    I have a Netgear R7000 (using custom CFE to aid recovery) and an Asus RT-AC68U and they are both extremely stable using Tomato. I have never seen a spontaneous restart in either. Both are connected to high speed Internet (200 MB/S) and perform well on Fresh Tomato 2019.2. I use most functions with the exception of MultiWAN, TOR, VPN and QOS that I do not use. We have a mix of Amazon, LG, Apple, Google, Wyze, Windows, and various Android devices so we have a pretty good mix. The only thing I notice in the log files are Apple devices requesting DHCP leases over and over again which is an Apple thing not a Tomato thing.
     
  28. django135

    django135 Network Newbie Member

    Hello pedro / kille,
    I have discovered more bugs in MultiWAN, and also in WAN ppp.

    [​IMG]

    1. In redial.c, there is no redirection of "wan" prefix to "wan1" so that the command to restart the first WAN becomes "service wan1 restart" as is done in the multiwan watchdog, so when redial wants to reconnect the first WAN, it ends up restarting all wans not just the one that is down.

    2. multiwan watchdog doesn't check nvram variable action_service to know if a WAN is already being restarted by redial, so multiple restarts can try to happen and multiple calls to config_pppd can happen at the same time from the different processes corrupting the /tmp/pppd directory causing the WAN UP script to sometimes not get called at the end.

    3. I suggest moving the check of concurrent wan restarts to inside exec_service itself instead of having each code trying to restart wan having to do this check again and again.

    4. As it is, there's a race condition between the 2 highlighted codes where redial can end up restarting the wan and at the same time watchdog also tries to restart it.

    Possible workaround:
    -
    Change PPPoE to connect demand mode with very long idle time to disable redial. Multiwan watchdog already does restart to bring up the interface if it goes down, so in case of multiwan redial service is completely unnecessary.

    Confirmed the workaround works.

    EDIT: Some more info:
    -
    Conditions for the bug to happen:
    1. Use multiwan, have at least 2 WANs.
    2. Make the first WAN pppoe in keep alive mode.
    3. Disconnect pppoe and watch /var/log/messages with nvram set mwan_debug=8.
    4. You will see multiple attempts to restart pppoe depending on redial timer came first or multiwan watchdog timer came first.
    5. Router may spaz out and start to connect and disconnect all wans multiple times.

    I hope this helps. I love this firmware and I wish to see it bug free.
    If you need any more info or want me to test fixes I will be happy to test on my R7000.
     
    Last edited: Jun 13, 2019 at 2:57 AM
    Elfew, phuklok1, rs232 and 4 others like this.
  29. red566

    red566 New Member Member

    How do you setup dns over tls on fresh tomato 2019.2 ? I see the options in basic network but where do you input the information to grab ? also does it work with DNSSEC ?
     
  30. Night_Wing

    Night_Wing New Member Member

    Hi I am enjoying Fresh Tomato on my ASUS RT-AC68U,
    Is it possible for you to release FT for Netgear R6400v2?

    Thanks
     
  31. Bad_Dog

    Bad_Dog Connected Client Member

    Ditto.
    I was surfing the net on my phone, connected to my 2.4G AP, and then lost connection. A couple of minutes later, it came back up. It wasn't until a couple of days later that I could actually check it and it confirmed that it did, indeed, reboot.

    I'm running 2019.2 on AC3200, 128 NVRAM version.
     
  32. pedro311

    pedro311 Addicted to LI Member

    Ok, so you have image for your R7000 in (my MEGA upload) -> tests -> freshtomato-R8000-ARM-2019.2.054-beta-WL-Jan_30_2019-382_51374-AIO-64K.zip

    Please test it.
     
  33. alecsandes

    alecsandes Serious Server Member

    Hi Guys,

    I ran into serious issue. Can I have a bricked router that runs ok?
    THe router is R7000 running 2019.1 Beta.
    Now when I have time to upgrade it to 2019.2 i discovered that I cannot reset the router, I cannot upload no fw, it does nothing.
    When I try to reboot from the GUI, the same, no action.
    I try to reset by HW button, router reboots but no reset is happening.

    Did someone ran into such an issue?
     
  34. django135

    django135 Network Newbie Member

    Hello,
    I also want to report that the same problem also exists even in pppd demand mode. Both pppd demand mode listen and watchdog timer end up restarting pppoe concurrently.

    I will test the build and update you.
     
    Elfew likes this.
  35. django135

    django135 Network Newbie Member

    I'm sorry, I can't find link to your Mega upload. Also, the build filename says it is for r8000, won't that brick my router ? Maybe I'm confused.

    EDIT: I searched the thread and found it, I'll test it as soon as possible

    pedro311 megaupload (for other people searching):
    https://mega.nz/#F!QywknIpa!5JwWNIfEwCOKXqXG0AOh4w!9uZzEKqY
     
  36. django135

    django135 Network Newbie Member

    Hello pedro311 / kille72,
    Thanks for providing me a test build. I have three issues I discovered with it:

    1. Built-in curl doesn't work, gives error 48, it was working in 2019.2. Workaround: Use curl from entware

    2. I saw a check added in /usr/sbin/watchdog to abort if it matched the nvram action_service value, unfortunately this check doesn't work because of a behavior of services.c, if you restart a service using shell "service X restart" it will add "-c" to the right of the action_service value, but if you restart it using the C functions, this suffix is not added. This needs to be reviewed in all the code base as any other matching of action_service is affected. See the screenshots:

    upload_2019-6-15_6-50-33.png
    upload_2019-6-15_6-51-7.png

    3. The same race condition is also present when PPPoE is set to Connect on Demand mode. Except that in that case, there is a listen service that uses force_to_redial to make pppd redial the connection (in case it is stopped with HUP, it remains listening for wan packets to redial by itself). In this case nvram value action_service is not present for wan restart and watchdog races and actually tries to restart the service again immediately after ppp starts dialing, causing rapid connect/disconnect of pppoe.
    upload_2019-6-15_6-54-51.png

    I hope this helps to solve the problem. Thanks for your efforts :)
     
    rs232 and rgnldo like this.
  37. pedro311

    pedro311 Addicted to LI Member

    Interesting...

    This is not the only change I made, also in redial.c, so please check everything carefully.

    I know that, but we're working on automated behaviour of the tomato, not what a user can do, right?

    I will disable watchdog on WANs with pppoe connection and on Demand mode.
    //EDIT: also on pptp, l2tp and ppp3g + on Demand.
     
    Last edited: Jun 15, 2019 at 12:32 PM
  38. django135

    django135 Network Newbie Member

    It seems you didn't push the commit to bitbucket, as the latest branch there is 2019.3.65, so I can't see any changes except for shell scripts... etc.

    The problem here is that tomato itself restarts a lot of services using exec("service X restart") or xstart("service X restart") instead of doing stop_service("x") and start_service("x") so it is acting like it is the user and the race condition checks are not working.

    Also, I don't understand why is there a differentiation between when user restarts the service and when tomato restarts the service. The race condition shouldn't happen if the user manually totally by chance wants restart wan while watchdog is running also! I saw from git blame that this "-c" code in services.c was added long time ago by shibby, I think it is a mistake and that parameter should be removed. Restarting a service manually or by tomato should behave the same way always and be protected from race conditions in both cases.

    Be careful that you must also check that pppd is running, because the race condition only happens if pppd is running but hung up in demand mode. If it is totally dead, it will not respond to the force_to_redial and the watchdog is still needed in that case to manually start it. (Actually I'm not sure about this part, it should be tested with killall -HUP pppd and killall pppd)
     
    Last edited: Jun 15, 2019 at 3:16 PM
    rgnldo likes this.
  39. pedro311

    pedro311 Addicted to LI Member

    Sure, because it's not ready yet. But should be tested anyway.

    Okay, I will look into this.

    I will check it also.
     
    django135 likes this.
  40. alecsandes

    alecsandes Serious Server Member

    Hi again,

    Is there a way to reset the router and delete nvram through SSH?
    I found some info on google, but i don't want to brick the router.
    Thanks!
     
  41. Twincam

    Twincam Networkin' Nut Member

    "nvram erase" followed by "nvram commit" should do the trick. Simply type "nvram" at an SSH command line to see the options.
     
  42. pomidor1

    pomidor1 Networkin' Nut Member

    @RMerlin gave another command to clean the ssh routers arm, I do not remember it, but this is another command
     
  43. pomidor1

    pomidor1 Networkin' Nut Member

    Asus firmware the commands are: mtd-erase2 nvram (ARM routers) or mtd-erase -d nvram (MIPS routers)
     
  44. Brycek88

    Brycek88 New Member Member

    Hey, had a quick question:

    Is it possible to upgrade to the freshtomato-WNDR3400v3-K26USB-NVRAM64K_RT-N5x-MIPSR2-2019.1-VPN.chk file from the tomato-WNDR3400v3-K26USB-NVRAM64K-1.28.RT-N5x-MIPSR2-140-VPN.chk file from Shibby? I tried to upgrade to it but was unable to save settings after NVRAM clear.

    If not, what steps should I take to get the freshtomato firmware on my router currently running Shibby's 1.28? Thanks!
     
  45. rgnldo

    rgnldo Networkin' Nut Member

    @pedro311 @kille72 @M_ars I recommend the inclusion of @django135 in the team as an auxiliary verification in the development line. Has been dedicated to contributing to the FreshTomato project
     
    Boktai1000 and Elfew like this.
  46. txnative

    txnative Addicted to LI Member

    Place your question in the freshtomato-mips thread, however using the .chk shouldn't be needed since you already have a version of tomato flashed regardless if it's an older version, but maybe someone could better answer your question in the freshtomato-mips thread, regards.
     
  47. django135

    django135 Network Newbie Member

    Hello,
    I have an enhancement request for /usr/sbin/wwansignal script. I have a Huawei E8372 hilink 4g modem with flashed firmware that reports signal level, however it doesn't work properly with the script because of this part on line 229:

    Code:
                           [ "$SPEED" == "0302" ] && {
                                    [ -n "$SINR" ] && {
                                            SPEED="03"
                                    } || {
                                            SPEED="02"
                                    }
                            }
    
    My modem sends 00 for automatic network mode (so $SPEED == "00"), so this line needs to be changed:
    Code:
                           [ "$SPEED" == "0302" -o "$SPEED" == "00" ] && {
                                    [ -n "$SINR" ] && {
                                            SPEED="03"
                                    } || {
                                            SPEED="02"
                                    }
                            }
    
    Also another issue, my modem doesn't send LAC field, so it gives error in formatting string. To fix this on line 243:

    Code:
    LAC=$(echo "$BTS" | grep "<Lac>" | cut -d '>' -f2 | cut -d '<' -f1)
    
    Just add
    Code:
    LAC=${LAC:-0}
    
    Line after it. And then Huawei E8372 works and shows signal info in tomato GUI.
     
    M_ars, rgnldo, Elfew and 2 others like this.
  48. Elfew

    Elfew Network Guru Member

    @django135 - good feedback, would be nice if you can send patch to repo or share your code somewhere. Keep good work!
     
  49. django135

    django135 Network Newbie Member

    Finally, here is another bug/misbehavior I discovered in tomato. It is due to this part in the code:
    upload_2019-6-16_22-44-17.png

    Basically, in multiwan scenario, if primary wan started but didn't come up, and then another wan started and came up (maybe DSL is down from ISP during router restart), the value of wan_primary in nvram is permanently changed in the router (with no way in the GUI to reset it back).

    Maybe this is important to to consider one wan as the "main" one to know to launch wan services when it comes up, however, there is a side effect to this: the WAN UP script now is only called if this "primary wan" comes up.

    In my case, I need to check some connection quality when DSL comes up and restart pppoe if the connection is bad (I have a really terrible 3rd world country monopoly ISP who doesn't know how to route their network properly), so I need my wan up script to run when pppoe is up, but if primary wan changed to 4g or any other, my wan up script will not run with restart of pppoe anymore (because it is not the primary anymore).

    So WAN UP script actually means when the "primary" wan (automatically determined) comes up. In that case, I want to make a request for feature to have WAN1 UP, WAN2 UP, WAN3 UP and WAN4 UP separate scripts, so we can run code separately for each WAN regardless of which one is considered the "primary" one by tomato.

    EDIT: Also I want to request a WAN-ANY UP which runs for any WAN that comes up, after the WANx UP script runs.

    Maybe it will be easier to make WAN UP script runs always regardless of which WAN is running and just pass the number of the WAN coming up as a parameter $1 for example.

    I think with all the fixes I suggested, multiwan in tomato will be stable and almost perfect.
     
    Last edited: Jun 16, 2019 at 10:54 PM
    Elfew and rs232 like this.
  50. pedro311

    pedro311 Addicted to LI Member

    @django135: Just uploaded to the tests subdir on MEGA new version of image: freshtomato-R7000-ARM-2019.3.077-beta--race-cond-fix-v2-AIO-64K.trx
    Could you please test it?
     
  51. alecsandes

    alecsandes Serious Server Member

    Hi,

    Thanks for the help:)
    Well I'll tell how it went,maybe it would help as I consider it as a bug.
    As I told earlier, I tried to reset router, delete nvram, even hard reset and still it would reset itself.
    I have tried to upload new fw, it would run an hour without doing anything.

    Later on, I have manually reset everything i have remembered that i changed, still the same issue.
    Than in SSH i have type nvram erase, commit and reboot.
    Nothing happened, it only rebooted, but however I could reset it from the GUI.
    The last thing I disabled was Access Restrictions (wifi off during night)

    Now I run the 2019.2 and i face another issue, transmission client downloads only 109 MB of data and it says Unable to save resume file: No space left.
    I have 950GB on the hdd left free. Information from FreshTomato GUI.
     
  52. django135

    django135 Network Newbie Member

    @pedro311 Thanks for the test build!

    I saw that you implemented a part of the fix in the highlighted part on the left, but that created another problem due to the code in the right.

    watchdog is needed to run for all interfaces as it is the one that pings the different wan connections to check if they are still working and updates /tmp/state_$PREFIX so that mwanroute on the other side updates the routing table.

    So the second part of the if check (ISPPPD and DEMAND) needs to be moved directly to be around the service restart part, but the rest of the loop must run, both for demand and redial modes, otherwise mwanroute gets stuck and doesn't change the route table even after the wan comes back up because state_wan wasn't updated by watchdog.

    upload_2019-6-17_2-30-33.png

    Also, although with this code the race condition is reduced, it is still not eliminated completely in demand mode, because in case pppd is killed completely (kill pppd), if by chance watchdog restarts pppd while 'listen' is trying to force dial, pppd dials then disconnects then dials again quickly. I suggest to add a check in 'listen' to stop working if pppd is killed completely (of course only the pppd of its specific wan, not all pppd instances).
     

    Attached Files:

    pomidor1, Elfew and rs232 like this.
  53. django135

    django135 Network Newbie Member

    @pedro311 I also want to mention that something is wrong with the leds in this build (maybe also last one but I didn't notice), the LAN port leds are dead on my R7000 inspite of cables connected. Also wan led, and also the right-most LED on R7000 (don't know what that one is).
     
    Elfew likes this.
  54. pomidor1

    pomidor1 Networkin' Nut Member

    your drive is not properly mounted
    use this script, enter it in the adminstrtion / script / init tab in gui tomato

    if [! -e / var / run / firstrun]; then
    echo "firstrun" >> / var / run / firstrun
    echo "LABEL = opt / opt ext4 defaults 0 1" >> / etc / fstab
    echo "LABEL = data / nas ext4 defaults 0 1" >> / etc / fstab
    fi

    in the usb section, the automation must be switched on
    the drive should be formatted on ext4 / ext3 and label data
     
  55. rgnldo

    rgnldo Networkin' Nut Member

    Thank you very much for your commitment. I hope the development team will always count on you.
     
    rs232 likes this.
  56. rs232

    rs232 Network Guru Member

    @django135 Amazing finding of yours! Please keep digging :)

    P.S. I'm wondering if there's a more efficient way for you to contribute to the project other than post screenshot of your text editor. Perhaps Github upload or patch files?
     
    Elfew and Magister like this.
  57. M_ars

    M_ars Network Guru Member

    Hi
    please go to Administration --> Buttons/LED
    and select / enable LED AOSS and LED Bridge. It will work. (reboot requiered)

    ==> You now have to define/set Startup LEDs (for example you can only disable the wan & lan leds without enabled stealth mode)

    If you do a nvram (full) reset LEDs (Power LED, Bridge LEDs, WAN LED, ...) are enabled by default now

    BR
     
    Last edited: Jun 17, 2019 at 6:47 PM
  58. Elfew

    Elfew Network Guru Member

    IT would be great to make an issue list and track all issues.
     
    rs232 likes this.
  59. rs232

    rs232 Network Guru Member

    I had dreams of a bug/issue tracker for ages. I'm wondering if Freshtomato should do this via GitHub actually. Other projects do so successfully even thought you can get lot of "noise" and there's a big need to moderate. But, thinking aloud, you don't want to duplicate this forum so perhaps a read only github issue tracker would be the best way? Just a thought...
     
  60. django135

    django135 Network Newbie Member

    I would also prefer development on GitHub, I think it is better than BitBucket, but I'll use any, better than nothing.

    There is already an issue tracker in kille72's bitbucket, but it is not clear which one (kille or pedro) is the primary one from which builds are released.
     
    rgnldo likes this.
  61. pedro311

    pedro311 Addicted to LI Member

  62. django135

    django135 Network Newbie Member

    @pedro311 but there are some commits in your arm-master (like leds and wwansignal fix) that are not in kille72 repo. Will you merge them there ? This is confusing. I think all development should be in one repo, otherwise there can be fixes in one side not ported to the other...
     
    Magister and rgnldo like this.
  63. rs232

    rs232 Network Guru Member

  64. pedro311

    pedro311 Addicted to LI Member

    My repo is the first one (mainly) when changes are made.
    But @kille72 adds his own commits, he also adds mine.
    So to speak, his repo is the one for FreshTomato-arm.
    Mine is for FreshTomato-mips.
    Am I explained it (more or less) clearly? :)
     
    M_ars, kille72, rgnldo and 2 others like this.
  65. django135

    django135 Network Newbie Member

    @pedro311 ok, so I should open pull request on your repo ? or on kille72's repo ? It makes sense based on what you say to make pull request on your repo.
     
    rgnldo and Elfew like this.
  66. Elfew

    Elfew Network Guru Member

    Personally I dont like BitBucket GUI... Gitlab or Github is better as a all-in-one pack for community projects.

    I think it is possible to clone between bitbucket and github and reflect all changes via versa.
     
  67. pedro311

    pedro311 Addicted to LI Member

    For FT-arm (or both) open issue on @kille72 ARM repo.
    Only for MIPS specific, open on mine MIPS.
    Thanks!
     
    kille72 likes this.
  68. rgnldo

    rgnldo Networkin' Nut Member

    I agree.
     
  69. alecsandes

    alecsandes Serious Server Member

    Thanks for the answer. It was running before on 2019.1 on NTFS partition.
    I would not like to switch to ext partitions, aren't there other ways?
     
  70. django135

    django135 Network Newbie Member

    I discovered the cause of multiple wan up script calling in case of PPPoE demand mode.

    When watchdog restarts pppoe "demand" mode connection, it calls "service wanX restart" which starts pppd in temp mode (start_tmp_ppp) which calls start_wan_done which calls WAN UP script a first time.

    And then after 5 seconds, it calls force_to_dial which causes pppd to dial and then pppd calls ip-up which calls start_wan_done which calls WAN UP script again.

    But sometimes it can happen that even before 5 seconds passed a packet is intercepted by 'listen' and pppd is dialed and WAN UP is called even before it finished executing the first time.

    I'm trying to find a solution. :-\

    Technically speaking: Wan up means when wan is up, and ppp in temp mode waiting for a connection is still "up". I guess it will be up to the WAN UP script to distinguish between the two runs by using a nvram variable and checking output of wanuptime.
     
    Last edited: Jun 17, 2019 at 11:48 PM
    M_ars, pedro311 and kille72 like this.
  71. django135

    django135 Network Newbie Member

    @pedro311 built-in curl is still broken inspite of reverting to 7.65.0 from fresh build from kille72 shibby-arm.

    Code:
    root@router:/tmp/home/root# curl --version
    curl 7.65.0 (arm-unknown-linux-gnu) libcurl/7.65.0 OpenSSL/1.0.2s zlib/1.2.11
    Release-Date: 2019-05-22
    Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps tftp
    Features: AsynchDNS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets
    root@router:/tmp/home/root# curl google.com
    curl: (48) Error
    
     
    rgnldo, pedro311 and kille72 like this.
  72. django135

    django135 Network Newbie Member

    Reverting back to curl 7.64.1 (revert commit 02e39e602097896db60766e83d8445c32f17eb8a) fixes the problem and curl works again.
     
    rgnldo, pedro311 and kille72 like this.
  73. kille72

    kille72 LI Guru Member

    Last edited: Jun 18, 2019 at 7:55 AM
    rgnldo and Bunsen like this.
  74. pomidor1

    pomidor1 Networkin' Nut Member

    This is bad idea, ntfs + linux, the drive is slower and it mounts badly, you currently have the automation checked and the and before drive detects it is already trying to mount it.
    mont disks with the command in init script: / bin / ntfs-3g
    but I have never used it,
    it is better to use the fat32 partition
     
  75. rgnldo

    rgnldo Networkin' Nut Member

    I suggest you make the comments in the repository. Be more productive
     
  76. RMerlin

    RMerlin Network Guru Member

  77. pedro311

    pedro311 Addicted to LI Member

    Nope, it's implemented in 7.65.1.
    Interesting, that on MIPS branch, latest curl is working.
    Even strace doesn't help...
     
  78. RMerlin

    RMerlin Network Guru Member

    I don't have any issue here on Asuswrt on my AX88U, so maybe 7.65.1 broke another build-time options (like 7.65.0 broke the disable-proxy option).

    Let me try on an older SDK7 model in case it's toolchain-specific.
     
  79. RMerlin

    RMerlin Network Guru Member

    Tested on an actual RT-AC68U C1, and 7.65.1 is working correctly for me:

    Code:
    admin@RT-AC68U-C1:/tmp/home/root# curl https://www.google.ca -o test.html
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 12939    0 12939    0     0  24882      0 --:--:-- --:--:-- --:--:-- 27471
    admin@RT-AC68U-C1:/tmp/home/root# curl -V
    curl 7.65.1 (arm-unknown-linux-gnu) libcurl/7.65.1 OpenSSL/1.0.2s zlib/1.2.5
    Release-Date: 2019-06-05
    Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps tftp
    Features: HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
    
    So my guess is it's either a build-time option that's broken, or something in your toolchain that doesn't link correctly.

    My build recipes:

    Code:
    curl-7.21.7: curl-7.21.7/Makefile
    @$(MAKE) -C $@ $(PARALLEL_BUILD) && $(MAKE) $@-stage && sed 's|/usr/lib|$(STAGEDIR)/usr/lib|g' -i $(STAGEDIR)/usr/lib/libcurl.la
    
    
    curl-7.21.7/Makefile: curl/configure
    @cd curl && $(CONFIGURE) CC=$(CC) \
    CFLAGS="-Os -Wall -ffunction-sections -fdata-sections" \
    --prefix=/usr --bindir=/usr/sbin --libdir=/usr/lib \
    --enable-http --with-ssl=$(TOP)/openssl \
    $(if $(RTCONFIG_IPV6),--enable-ipv6) \
    --disable-gopher --disable-dict --disable-telnet \
    --disable-proxy --disable-manual --disable-libcurl-option \
    --disable-threaded-resolver \
    LDFLAGS='$(LDFLAGS) -L$(TOP)/openssl' LIBS='-lcrypto -lssl -ldl' \
    --with-ca-fallback
    
    
    Try comparing your build recipe with mine. You can also test by building a static version of curl (--disable-shared --enable-static) so you can quickly test new builds without having to rebuild the whole firmware.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice