[Fork] FreshTomato-MIPS

Discussion in 'Tomato Firmware' started by kille72, Apr 26, 2018.

  1. Magister

    Magister LI Guru Member

    krack is client side, no need to patch anything, I thought we knew this for years now? Also shibby is not updated for something like 3 years? Do you have the commit if it exists for the krack patch on ddwrt?
  2. filipedonato

    filipedonato Connected Client Member

    Yes, I use USB to store movies and try to watch on the TV. Also I use to download the movies by torrent and therefore it saves more energy than leaving the computer on.
    On CPU Load, my router browsing and playing stays at 0.05, 0,10 maximum. Just when I start a torrent it goes up to a 2.0 load, however this usually does not restart because reboots are very random.

    The build I use is the K26USB_RT-N5x-MIPSR2-2019.1-F9K1102-64K
    It does not have a smaller size than this, all are around 7.5MB.

    At the moment I have a cheap router for all the wifi devices. And this Belkin N600 currently only use my computer to test the Tomato Firmware because as it kept restarting randomly, I left only with me to be able to test and report the syslog.
    The heaviest function I use in it is the torrent transmission, but as it restarts every time I delete the contents of the / tmp folder, so I have to always reinstall it.
    I do not have a large bandwidth (10 mega only).
    I do not use the functions of: Web Usage, Bandwidth, IP Traffic, ipv6, DDNS
    Static DHCP / ARP / IPT, Firewall, Adblock, Access Restriction, QoS, VPN Tunneling, CIFS Client, SNMP.
    Functions I use or would use if it were stable: ipv4, wifi, transmission torrent, Bandwidth Limiter, USB Support, SWAP, UPnP, FTP Server (to install opkg and torrent) and Samba (to share movies on wifi).
    If you find that this router does not handle the tasks, I'll prepare to buy one of the most powerful supported models.

    OBS:A bug I got today in syslog (using the Linksys E2500 firmware) and maybe useful to understand the problem:
    03-25-2019    14:58:43    Daemon.Error    Mar 25 14:58:42 udhcpc[3774]: read error: Network is down, reopening socket
    03-25-2019    14:58:43    Daemon.Error    Mar 25 14:58:42 udhcpc[3774]: sendto: Network is down
    Thanks for the dedication, the Tomato community is very helpful and intuitive.
    Last edited: Mar 25, 2019
  3. txnative

    txnative Addicted to LI Member

    Rely back on the "belkin f9k1102 tomato bring-up" op, since this is off topic with the freshtomato-mips.
  4. ashthetree

    ashthetree New Member Member

    Maybe it should be added that a router can be used as a wifi client, e.g. when they are used as wifi repeaters. Therefore, patches do exist for some routers. From the KRACK webpage:

    "Routers or access points (APs) are only vulnerable to our attack if they support the Fast BSS Transition (FT) handshake, or if they support client (repeater) functionality. First, the FT handshake is part of 802.11r, and is mainly supported by enterprise networks, and not by home routers or APs. Additionally, most home routers or APs do not support (or will not use) client functionality. In other words, your home router or AP likely does not require security updates. Instead, it are mainly enterprise networks that will have to update their network infrastructure (i.e. their routers and access points)."


    I don't know if Freshtomato includes repeater functionality though.
  5. AmyGrrl

    AmyGrrl Network Guru Member

    I'm having some troubles getting the 5Ghz working on an Asus RT-N53. I flashed the
    freshtomato-K26USB_RT-N5x-MIPSR2-2019.1-RT-N53.trx to the router. The 5Ghz does work right away. The 5Ghz LED does try to light up a few times but never does. Now I can edit wifi settings and the 5Ghz still works. Then I power cycle the device by removing the power cord. The 5Ghz stops working when it powers back up. If I then log into the router and click the reboot button. The 5Ghz will start working again. How Can I fix this?
  6. txnative

    txnative Addicted to LI Member

    What happens if you don't unplug the router for a power cycle? Have you cleared the nvram and not used a backup from a previous build? Is this the only build you flashed, have you ran tomato on your asus before if so what version?
  7. AmyGrrl

    AmyGrrl Network Guru Member

    I think I had Shibby's Tomato v1.28 before I switched to FreshTomato a few days ago. 5Ghz never worked on the Shibby's build I had installed. As for FreshTomato. I first installed the K26-MAX build. 5ghz didn't work at all. Then learned that 5Ghz was actually worked via USB on this router. So I installed the K26USB-MAX. 5ghz sort of worked. Then saw there was a specific build for this router and flashed the K26USB-RT-N53 build. Every time I switched the firmware I used. I cleared the NVRAM and never used a backup. I've been a member of this site for 12 years. So I'm pretty familiar with how to install custom firmwares. The RT-N53 seems to have crappy 5Ghz support. When the 5Ghz was working and I was trying to use it. The 5Ghz kept disappearing and I would loose connection. The 2.4Ghz would still keep working. So I just disabled the 5Ghz completely at this point. When I did unplug the router to power cycle and the 5Ghz stopped working. The 5Ghz didn't even show up in the WebUI. Only started working again when you clicked the reboot button. The 5Ghz LED would flicker on and off a few times. Then just stay off completely.
    Last edited: Mar 28, 2019
  8. txnative

    txnative Addicted to LI Member

    It seems a little flakey on this unit when using any firmware as I have read some posts here and there online, when it comes to either stability or 5Ghz working, disappearing, devices unable to connect to the access point but some users maybe using a build similar to the one have right now K26USB, from what I read in post a year ago or so older shibby build tomato-K26USB-1.28.RT-N53 did work, but may have been updated to a different name or similar name in pedro's mega build site, note there are smaller sized builds as I see there a several make sure to keep the size under 8mb size, have you tried the mini builds? If you do try the mini build make sure it has the K26USB-RTN5x, and I suppose i don't need to ask you to do the usual clear nvram routine, and I also image you are aware of how to recovery your model as well. This particular model is picky on which open source firmware works on it to at least make it happy or it could be time to purchase a better router to avoid this ongoing problem. The code isn't different from when shibby was the developer, it's just being updated with other parts that need security and other miscellaneous updates but the driver is pretty much the same.

    Edited: Looking at this post that was create two years ago on this subject How to enable 5Ghz an asus rt-n53, it was mentioned that the an older shibby was successful in allowing both radios to work, you could download and flash it if you like here is the link, http://tomato.groov.pl/download/K26RT-N/build5x-132-EN/Asus RT-Nxx/
    it the one without any special name to it meaning, no ipv6,mini,max,mega,nocat,big names in it, just RT-N53.zip 7.2MB. and remember it is not been updated so if it works, notify the forum so that pedro could start to a updated build for his mega site for downloading.

    Editied: Well actually there is one in his mega site have you tried it as well?
    Last edited: Mar 28, 2019
  9. AmyGrrl

    AmyGrrl Network Guru Member

    I'm not too worried about the 5Ghz not working. Have used it all this time without having access to the 5Ghz anyways. It would have just been a nice bonus if it did work. I would also prefer to have a more up to date Tomato build on it anyways. I was super happy to find out FreshTomato was being worked on. The router belongs to my Brother and I keep telling him he needs to save up for something better. Instead of using all my hand me downs. I might be getting the new Asus wireless ax router. So I will give him my Asus RT-AC66U B1 running Merlin.
  10. txnative

    txnative Addicted to LI Member

    It probably would've been interesting to know if one of the two firmware builds might have worked, but sure I get it at lease you know where to look. Those Asus routers seem expensive even for models within a decade, I can't image the price of the one you mentioned. Lucky me I found a Netgear R6250 on facebook marketstreet for $5 practically brand new cool beans using it right now, but anyways take care have a wonderful evening.
  11. WildFireSG

    WildFireSG Addicted to LI Member

    Hi. I have recently run into this problem with a couple of new Linksys E2500v3 routers that I loaded the latest version on (2019.1 MIPSR2 K26 USB Mega-VPN). The 5GHz disappearance issue seems to be directly related to the amount of free NVRAM available. After a fresh install and _multiple_ thorough erases of NVRAM, the E2500 has only about 2KB NVRAM free. After a little configuring, it went so low that the router was giving warnings about low NVRAM and the 5GHz radio disappeared. Since I am not using QoS, after another fresh NVRAM erase, I immediately deleted everything from the QoS Classifications section. After saving, this freed up another 2KB or so and the routers' 5Ghz radios have been rock solid.

    From the Status/Overview page, how much free NVRAM do you have?

    @pedro311 I noticed the last Shibby release 140 has NVRAM60K builds for the Linksys E2500 and 2500v3. Is there a reason FreshTomato is only NVRAM32K?
  12. pedro311

    pedro311 Addicted to LI Member

  13. WildFireSG

    WildFireSG Addicted to LI Member

    Thanks for the prompt response. Makes sense. However, the 2019.1 MIPSR2 K26 USB Mega-VPN build for the E2500v3 uses too much NVRAM by default. As I mentioned, only 2KB was free after clearing NVRAM so my fix was to delete all of the QoS Classification rules to free up enough space for the 5Ghz radio to be stable. I think it may disappear after 30KB is used because even after very little configuration of the router after an NVRAM reset makes the 5Ghz radio disappear.

    On another note, I do not think the Init Scripts nor the Scheduler commands are working in this build either.
  14. txnative

    txnative Addicted to LI Member

    I saw that and was curious also especially for the e3200/e2500v3 they have 16mb of flash, but after looking at the source and see the pedro's response make me say, there won't be any room to do much if users are utilizing these linksys models for all their network needs, updating to these new builds will limit their ability to manage their networks if coming from a previous build with more room for the mega-vpn size.
  15. uneedus

    uneedus Networkin' Nut Member

    I just recently switched to FreshTomato from Toastman.

    I noticed on the Advanced-Routing page that the fields for entering the Static Routing table seem to be limited to 15 characters, which is not long enough to contain an IPv6 address. Attempting to add a shorter IPv6 prefix fails with "invalid IP address". Is this Static Routing Table still limited to IPv4? I ended up placing my routing statement in the Wan-UP script for my test lab router.

    I noticed that the point-to-point links for static IPv6 have been added to the GUI and they do work. Under Toastman, I had to provide this information in the WAN-UP script. Same with the IPv6 firewall rules, which under Toastman had to be in the Wan-UP script in order to work.

    Any idea if this lack of GUI advanced-routing for IPv6 has any planned fix?
    Last edited: Apr 8, 2019
  16. minos

    minos Networkin' Nut Member

    Hey, I don't see any recommendation on the 2019.1 changelog. So I'll upgrade from the last build without clearing nvram.

    I think it's a general rule that many "users" don't want to waste hours on every updates to config 1 more time the same options if it's not needed by the new firmware... and will get tired of repeating it.

    Thx to all for your hard work and to make it possible.
  17. olind

    olind Networkin' Nut Member

    What version is if for an Asus N16?
  18. rs232

    rs232 Network Guru Member

  19. txnative

    txnative Addicted to LI Member

  20. rs232

    rs232 Network Guru Member

    I'm pretty certain that's what I'm running on one of mine, but please anybody correct me if there's a better version?
  21. txnative

    txnative Addicted to LI Member

    I remembered when I was in the Makefile for freshtomato-mips the other day, but if your using something similar then ok, but I don't own this model.
  22. Radojevic

    Radojevic Network Newbie Member

    Yeah, if you're lucky, and everything works fine.
    However, what's the 1st thing a developer, and even users will say when you fine a strange behaviour that they don't experience?
    Did you erase NVRAM during the firmware update?
    Erase NVRAM, and report back.
    pharma and txnative like this.
  23. Beast

    Beast Network Guru Member

    I use only the ones that have nvram32 in the name on my Asus RT-N16.

    I recall having some kind of problem with the NONE nvram32 version.
    Wolfgan likes this.
  24. minos

    minos Networkin' Nut Member

    Yeah, I've read many time too on those forums.
    But I don't want to be wrong... NVRAM is storing config made by web GUI ? Only ?
    If yes, it's like a config.ini (or .cfg, for example) file we can see in many softwares ?
    Or is it something else stored inside ?

    If no, I'm happy to not "erase NVRAM" every time I've updating/upgrading all the Linux boxes around... I think it's the only software I'm using that require to spend 1 hour on every update ;)
  25. Feliciano

    Feliciano Connected Client Member

    There are variables used by the firmware itself and by your configuration. Some of those are part of FT, some of those are upstream. The variables are created / modified / renamed / removed after some changes on FT and/or the others parts of it, therefore you can take the risk of keeping the configuration you already had or you better fresh start each time.
    I don't spend "1 hour" after each update. I have a file with all my relevant variables, and I copy/paste as needed. That way I invest "minutes" after each update, plus I can choose what to test if I know what's bugging me.
    pharma likes this.
  26. pedro311

    pedro311 Addicted to LI Member

    There is no obligation to erase the nvram every time you make a minor update.
    Even I do not clean the nvram often.


    Do not report any errors in the operation of a router you have upgraded this way!
    pharma, kille72 and gschnasl like this.
  27. olind

    olind Networkin' Nut Member

    Thanks for all your help! Still a bit hesitant to upgrading. Works good with Advanced tomato but I'm upgrading my old WRT54GL and it would be nice to use the same firmware for both my routers.

    Are you using that on your N16?
  28. minos

    minos Networkin' Nut Member

    Thx for your easy-to-understand answer @Feliciano :)
    Tell me more !
    Do you use the .cfg backing up generator into the administration > configuration section ? Then upload it after a firmware update ? I remember reading somewhere it's not a good solution...?

    In my case, I got screenshots, libreoffice tab files with mac address/IP for DHCP, text files with firewall scripts... a long moment to config with the screenshot on the left side of my screen, and the router GUI on the right side... yes, may be near 1 hour :p

    So if you have a better solution, my ears are open ;)

    Thx @pedro311 for your answer too. Yes I understand it can be a problem, but sometimes I think it's not really some 0 or 1, and it can be a magical thing if something happens, or not :D So, to be clear, I don't want to be "lucky" or "unlucky", but be sure to have something useful with a good procedure ;)

    Thx all
  29. Beast

    Beast Network Guru Member

    On my Asus RT-N16 i am using FreshTomato Firmware 2019.1.015 MIPSR2-beta K26 USB Mega-VPN.

    That txt string is from the about page. The firmware file was ( freshtomato-K26USB-NVRAM32K_RT-N5x-MIPSR2-2019.1.015-beta-Mega-VPN.zip ), which is one version behind the latest build.

    I have not updated to the 2019.1 version yet because last time I used a version with compressed java pages. I had a problem with the "External" adblock script. BUT worse also for what ever reason the gui web pages of the router would not display correctly no mater what I tried. And since the way I have the router configured seems to be running fine, I don't want to update yet.

    If I remmber right, the WRT54GL require MIPSR1 with either the K24 or K26 kernal. I still have a few of them laying around, but they are still loaded with Toastman firmware.
  30. Feliciano

    Feliciano Connected Client Member

    My point is: to load a backup of an old configuration MAY arise trouble depending on the changes of the Firmware and/or the upstream modules / mods Pedro, Kille, or others integrate. And I want to test the Firmware stability for my not-so-typical set-up, without second thoughts... And post 1126 (by Pedro311) set the rules very clear.
    Therefore I have used all kind of cue-sheets, but nowadays I have a table {field_name_on_the_gui;text_to paste_there} that I sort according to the tabs/fields of the particular firmware. My 32KB of NVRAM get almost full, and if I'm focused, can do it in less than 10 minutes.
  31. olind

    olind Networkin' Nut Member

    Thank you soo much! I just updated my WRT54 to the following:

    Model Linksys WRT54G/GS/GL
    Chipset Broadcom BCM4712 chip rev 2 pkg 2
    FreshTomato Firmware 2019.1 MIPSR1 K26 Mini

    Once I have verified that it works I'll update my N16. The WRT54 is my backup router if anything goes wrong.

    I'm currently using Advanced Tomato on my N16 and it works really good. Just that the project seems dead?
    Last edited: Apr 10, 2019
  32. kiraro

    kiraro New Member Member

    hello friends,
    i have two routers ASUS DSL-N14U and huwaei HG553 , how can i install tomato firmware on huwaei or asus (because it's easy to manage ) ,those two router contain mips kernel, i'm not expert on this , thank you for helping me . i want juste use the humaei for downloading torrent because i tried several time to replace "download manager "with "transmission " on asus dsl-n14u but with no success (because "download manager " crash all the time) .

    Thank you friends.
  33. rs232

    rs232 Network Guru Member

    your devices are not supported. A list of devices can be found here: http://tomato.groov.pl/?page_id=69
  34. Sugar Sugar

    Sugar Sugar New Member Member

    Hi guys,

    I'm new here and I was looking for a new version of tomato. So I found this freshtomato thread....cool. I installed freshtomato for my Asus RT66W-> RT66U.
    I am running the router behind another router. So the asus is on the own network and for the local network the main machine. The setup is working fine with the shibby "1.28.0000 MIPSR2-140 K26AC USB AIO-64K" /"1.28.0000 MIPSR2-140 K26N USB AIO-64K".

    The setup is:
    The setup typ is static Internet--> router ( --> asus (static wan / LAN

    While switching to the freshtomato the internet is not available not via IP adresses and not via domain name. I am not sure if some pages before the topic was discussed. I switched e.g. to dymamic and have done a ddns-update 0 force / ddns-update 1 force. But internet is still not available.

    Any ideas on the topic?

    thanks a lot!


    How could I attach a picture?
  35. granthgh

    granthgh Network Newbie Member

    Eric, Try using DHCP on the Wan interface and then retest.

    If it works then setup the Wan dhcp server to allocate a static address to the freshtomato router.
  36. Sugar Sugar

    Sugar Sugar New Member Member

    DHCP is also not working, anyone else have this problem with an ASUS RT66U?

    thanks a lot,

  37. pharma

    pharma Network Guru Member

    Happened to me as well but the web GUI would not display properly after a while using an RT-N66U. Eventually had to use the recovery method to install an older firmware version ... used 2018.5.005 MIPSR2-beta K26 USB AIO-64K to get the GUI web pages to display properly again.
  38. pedro311

    pedro311 Addicted to LI Member

    Funny: maybe try to see OP, what to do if you have GUI problems? :/
    pharma and kille72 like this.
  39. Monk E. Boy

    Monk E. Boy Network Guru Member

    I have the solution that gets me up and running from a blank NVRAM reset in 20 minutes at most.

    Want to know my secret?

    A text file.

    Walk through the Tomato interface page by page noting every setting that has been changed from default. Something as simple as a few tabs helps organize the data for easy reading and organization. A category (no tab) from a page (one tab) from a collection of settings on a page (two tabs) to a setting in a collection (three tabs).

    After wiping and setting it up from scratch including completely custom QoS rules I'm never down for more than 20 minutes. Text file on the left side of the display, Tomato in a web browser on the right, bada bing bada boom, a bunch of clicking, a lot of copy & pasting, and just like that its done. Screenshotting is a waste of time since you can't copy & paste from a screenshot, which is how to save time.

    You're capable of organizing your own data. You have the power. No need to spend hours trying to remember it if you just take the time to document it. Seriously, it's not anywhere near difficult as drama queens make it out to be. They just don't do a good job of organizing it with screenshots and other inefficient methods (I once talked to someone who took pictures with their phone of each page because they didn't know how to make a screenshot and thought a text file would be too hard).
  40. Beast

    Beast Network Guru Member

    On my Asus RT-N16
    That is what i did as well, (used the recovery method to install an older firmware version). Have since updated to FreshTomato Firmware 2019.1.015 MIPSR2-beta K26 USB Mega-VPN.

    Gui display problems occurred when java compression was first introduced to the firmware. It did not matter if i cleared broswer cache, also the gui would not display normal using firefox, chrome, nor edge. Even using different computer to logon to the router .

    As of the time of this post I have not updated to the latest version 2019.1 (none beta). It is my understanding that the latest version has compressed java again.

    Somewhere in my earlier posts i included a screen capture of what the gui looked like while it was not displaying normally. Not really wanting to go through that again.

    I wonder if the gui is in a none rom location and the compressed version could be replaced with a none compressed version using something like WinSCP?

    So for the moment i will stay on the above version. Thanks for all the work you guys do. The firmware is awsome.
  41. Wolfgan

    Wolfgan Networkin' Nut Member

    It's easier to use the internal nvram ex/import commands and deal with text files as in https://www.linksysinfo.org/index.p...hibby-upgrade-procedure-and-cfg-backup.70985/

    Sent from my SAMSUNG-SGH-I747 using Tapatalk
  42. kernel-panic69

    kernel-panic69 Connected Client Member

    1) Wireless ethernet bridge mode is a 'client' mode for the WAN. The only other mode that may be subject is WDS. I am not saying that the currently available modes available to configure in FreshTomato require patching at all, but those are the only possibilities I can think of that may require it.

    2) DD-WRT isn't successfully patched for KRACK, IMHO. There are way too many wifi issues in AP and client modes for things to work right, AND GTK renewal / radio timer issues prevent things to work correctly. For wi-fi to work worth a sh*t, you have to completely DISABLE GTK renewal by setting the interval to 0, which leaves you WIDE OPEN to attack.

    3) Feel free to take a gander at all the commits to DD-WRT SVN from revision 33525 through 33772 and all the way to present, if you are feeling so inclined: https://svn.dd-wrt.com

    4) AFAIK: Part of the 'fix' was to use the latest pre-compiled nas binary blob as best I gather on DD-WRT. BUT, it also doesn't use the pre-compiled wlconf binary (ies) AFAIK and again, driver compatibility issues cause problems. You have to understand, the base code of DD-WRT is, "I do it my way" and nothing like Tomato whatsoever. I could add a whole lot more here, but here's the gamut of the publicly available info for KRACK on DD-WRT:



    That all being said. I just finished flashing a test compile at the latest merge (2019.2!) from the RT-AC branch for my E4200v1. Yes, I'm ahead of FT's public build release, just because ;)

    @pedro311 @kille72 : Wound up having to wipe and re-build my local repo because of some weird issues, but getting back on track for BB.
    Last edited: Apr 17, 2019
    kille72 and pedro311 like this.
  43. Magister

    Magister LI Guru Member

    3 and 4 are the reasons I moved from dd-wrt to TomatoUSB *years* ago ;-)
  44. alain57

    alain57 New Member Member

    first of all VERY VERY big thank you for this firmware, this gives my Asus AC-66U a second life as there is no new update from asus (or merlin) since more than a year .

    I installed 2019.1 MIPSR2 K26AC USB AIO-64K on it and it work great :)

    I didn't found any support page so I hope i'm correct here.

    some small feedback (feature request or small bugs)

    1: on my device on the basic-network.asp page, when I activate both 2.4Ghz and 5Ghz wifi with the setting
    Access point + WDS some fields could be prefilled to prevent some try and error ^^

    ex :
    the WDS combobox should be at automatic wheres it is at Link with (for the 5Ghz)
    the Route Modem IP field that was not visible before appear but is empty, it could be prefilled with

    2: the Restrict Acces ( restrict.asp ) page
    - it would be awesome if the Mac/Ip adress would have some way to propose the devices known in the device list :)
    - it would be cool to have a restriction that only allow specific stuff... for ex I have an android TV... and I wished that the router block ALL traffic on it except netflix or amazon prime... that way i would be sure that the TV does not "spy" my "normal" usage. Currently I can block stuff one by one, but it would be easier to allow stuff one by one ;)

    3: I guess this is a small bug: on wifi 5Ghz with WPA (or WPA2) personal encryption -> impossible to connect... the network is detected by my phone but it refuse to connect.
    I let the default settings, I just changed the ssid . Of course both 2.4 and 5Ghz wifi are turned on as access point.
    for the 2.4Ghz no encryption issue, only for the 5ghz one.

    Once again amazing work :)
  45. R136a1

    R136a1 Network Newbie Member

    Hi kille72
    i am under the original Tomato firmware 1.28 (WRT54GL), can i upgrade to your firmware directly or i have to flash first the stock firmware and then flash your firmware ?
    Thanks for your answer and your work !
    kille72 likes this.
  46. rs232

    rs232 Network Guru Member

    kille72 likes this.
  47. pedro311

    pedro311 Addicted to LI Member

    But remember to clear your nvram, before reporting any problems with firmware.
    kille72 likes this.
  48. R136a1

    R136a1 Network Newbie Member

    Thanks to you two
    kille72 likes this.
  49. Kustaa

    Kustaa New Member Member

    @pedro311 @kille72

    I received an ASUS RT-N66R with AdvancedTomato installed, but has not received updates since 2017, my question is can I flash FreshTomato from the GUI interface?
    1. Configuration> Clear NVRAM
    2.Upgrade> FreshTomato

    Or I have to use the ASUS restore tool

    And what version do you recommend to use?



    I would greatly appreciate your help
  50. kille72

    kille72 LI Guru Member

    A new version of FreshTomato 2019.2 ARM and MIPS is ready for download.

    More information in the first post.

    Best regards,
    FreshTomato team, @kille72 & @pedro311

    Thanks to @M_ars and all others who helped us with this project!
  51. Sugar Sugar

    Sugar Sugar New Member Member

    THANKS a lot! Always guys like you make a lot of cool projects possible!

    I have a questions, I asked this also for release 2019.1. So far I didn't get it, why it is not working. Maybe some can explain it to me.

    Having the following tomato version installed "1.28.0000 MIPSR2-140 K26AC USB AIO-64K", all clients can connect to the internet. While using the following setup and using release 2019.2 (freshtomato-K26USB_RT-N5x-MIPSR2-2019.2-AIO-64K.zip or freshtomato-RT-N66U_RT-AC6x-2019.2-AIO-64K.zip) no client can connect to the internet. someone have an idea?


    Router 1
    IP Address ->
    Router 2 IP ->


    Router 2
    WAN Settings
    Type -> static
    Wireless Client Mode -> disabled
    IP Address ->
    Subnet Mask ->
    Gateway ->
    DNS Server -> manual
    DNS 1 ->
    DNS 2 ->

    Dynamic DNS
    IP address -> USE WAN IP

    DHCP/DNS -> Internal DNS ->check on

    IP Address ->

    CLIENTS -> 192.168.78.XXX

    thanks a lot!!!!

  52. Pickle

    Pickle LI Guru Member

    I'm looking for some assistance concerning low NVRAM when rebooting and the unpleasant occurrance of having a blank shared key in the security setting for wireless.

    I have a RT-N16 that I have upgraded from Toastman and am now running freshtomato-K26USB-NVRAM32K_RT-N5x-MIPSR2-2019.2-Mega-VPN. I've cleared NVRAM on the upgrade and also after the upgrade before manually setting up the configuration. I have used the following comand to clear out unset variable ( for line in `nvram show | grep =$ `; do var=${line%*=}; nvram unset $var; done; nvram commit ) to give me Free NVRAM of ~5100kB (~15%). The router runs normally but if it is rebooted the Free NVRAM drops down to ~1000kB (<3%) and the shared key for the wireless security is missing, resulting in an unsecured router.

    Is there something that can prevent this occurring after a reboot?

    Thanks for any suggestions or help.
  53. Techie007

    Techie007 Networkin' Nut Member

    Try removing unneeded settings you aren't using. For example:
    • Clear out all the Blacklist URLs under Advanced -> Adblock.
    • Delete the disabled demo rule under Port Forwarding -> Basic.
    • Delete the disabled demo rule under Port Forwarding -> Triggered.
    • Delete the disabled example under Access Restriction -> Overview.
    • Delete all of the rules under QoS -> Classification except for rule 1.
    That should free up some NVRAM!
    trmanco likes this.
  54. Mikael Bak

    Mikael Bak Network Newbie Member

    Would there be any interest in a tool that is capable of converting and manipulating tomato backup files?

    I'm thinking of something that takes a backup file and converts it to a editable format (perhaps json). One would be able to add and delete. With some luck this could be used to avoid having to manually enter data into the web interface after upgrade (with nvram cleaning).

    Perhaps if the backup file contains information about firmware version and router type, in theory it would be possible to convert an old backup file to a new format and even convert it to a different router type.

    I have not done any investigation yet exactly what a backup file contains, but I would be interested in doing so unless anyone tells me it's impossible.

    The first version of this tool I imagine is a Linux command line tool written in C (because that's what I know).
    But it should be possible to write other tools (GUI) if the concept holds.

    Please give feedback on this. Also if someone knows why this is not possible, please tell me :)
    SeƱor Nimda likes this.
  55. Beast

    Beast Network Guru Member

    Possible BUG

    Updated to the latest version 2019.2 Mega VPN 32K version for the Asus RT-N16. Noticed that the CPU load appears to be NOT working. It shows all zeros all the time. Tested in default color scheme and also Tomato, same results all zeros all the time.

    UPDATE: After changing to the Tomato color scheme and a reboot, cpu load is working.
    Last edited: Apr 25, 2019
  56. TotalRetribution

    TotalRetribution New Member Member

    I tried updating my E4200 from 2019.1 using "freshtomato-E4200USB-NVRAM60K_RT-MIPSR2-2019.2-Mega-VPN" however after rebooting I lost 5ghz wifi.
    I then downloaded and flashed 2019.1 and still had no 5ghz wifi.
    I then flashed an old copy of 2019.1 and 5ghz wifi worked. The MD5 of the 2019.1 version that worked was "0a3c906ec2fe901ebf041c7108fb328f"

    I have tried clearing NVRAM, and tried "freshtomato-E4200USB-NVRAM60K_RT-MIPSR2-2019.2-VPN" but no 5ghz.

  57. digixmax

    digixmax LI Guru Member

    If your router is an RT-N16 (and not RT-N56), I think you're using the wrong build type (NVRAM32K_RT-N5x).

    I am using build K26USB_RT-MIPSR2-2019.2-AIO on my RT-N16, my free NVRAM is consistently ~4K and there is no issue with missing shared key.
    Last edited: Apr 28, 2019
  58. Beast

    Beast Network Guru Member

    I have a RT-N16 and have always used the NVRAM32k versions, the one time I did use a NONE 32k version and had all kinds of problems. I just updated to freshtomato-K26USB-NVRAM32K_RT-N5x-MIPSR2-2019.2-Mega-VPN.zip, it is running just fine. No problem with shared key. Free NVRAM32.00 KB / 4992 (15.23%).
  59. digixmax

    digixmax LI Guru Member

    My RT-N16 running build type K26USB_RT-MIPSR2 shows that it has "Total / Free NVRAM32.00 KB / 4196 (12.81%)".
  60. Twincam

    Twincam Networkin' Nut Member

    Feedback - 2019.2 AIO [freshtomato-K26USB_RT-N5x-MIPSR2-2019.2-AIO-64K.zip] RT-N66U

    I have just upgraded a mate's router [from Toastman 511.5] and discovered an issue with the mounting of "/opt" via the age-old TomatoUSB method. On this particular router it worked fine under Toastman but not under FreshTomato 2019.2

    I think I've confirmed this on my own RT-N66U [running Toastman] by mounting the same UFD and using the same "Init" script command [echo "LABEL=Optware /opt ext2 defaults 1 1" >> /etc/fstab] via the WebUI as I've always done - whether using ARM or MIPS builds. In that case "/opt" mounted as expected. [My router also substituted perfectly when I recently upgraded my own main router - I use the same "Init" method on that; and that is 2019.2 ARM.]

    My mate can still use his router fine as I have substituted WebUI-defined occurrences of "/opt" with "/tmp/mnt/Optware" [the path shown successfully auto-mounted in the "Attached Devices" USB section]. These means that cstats and rstats are still collated correctly and his router can still access his USB-offlined OpenVPN certificates. The problem affects NVRAM-Backup and "WAN Status" email "Scheduled" scripts referencing "/opt" within them [and residing in the same "virtual" partition] - precisely because it is not mounted. They don't concern him but, as I adminster his LAN, it does concern me. :oops:

    Is anyone else experiencing the same? Thanks.
    Last edited: Apr 29, 2019
  61. Sean B.

    Sean B. Network Guru Member

    mount -o move /tmp/mnt/Optware /opt
    Put it in a file called optmount.autorun , at the root of the optware partition, chmod +x the file so it's executable. Whenever the drive is mounted, the firmware will automatically run the .autorun file, which will move the mount over to /opt.
  62. svalx_

    svalx_ Serious Server Member

    I have E4200 with Toastman 0511. How I can correctly switch to Freshtomato? Is I must to reset router or simply upgrade firmware by Tomato web-interface? Any other stuff?
  63. Twincam

    Twincam Networkin' Nut Member

    Thanks @Sean B. I have just tried that [please see screenshot below] but it didn't work. I should say I have not rebooted the router yet [mate is working and some distance away]. I made the changes via an SSH session, unmounted the USB and mounted it again via the WebUI.


    Perhaps it will work after a reboot [but, I'd have thought that the unmount/mount operations would have achieved the same results]. I'll report back after I have next visited [may be a few days] & rebooted. Thanks.
    Last edited: Apr 29, 2019
  64. Sean B.

    Sean B. Network Guru Member

    If you run the file manually, does it correctly move the mount?

    I would place:

    As the first line in that file, just for good measure.

    If running the file manually works as expected, add a sleep line prior to the mount command in the file. In case it's being run too quickly, sense it just got mounted to begin with:

    sleep 2
    mount -o move /tmp/mnt/Optware /opt
  65. Twincam

    Twincam Networkin' Nut Member

    @Sean B. Bingo! I just ran it via an SSH session. So maybe an issue with $PATH? I'm no Linux guru but, having read these forums for a while, I'm begining to tune in .... thanks!


    Edit: I will try what you have just suggested in a few minutes. I think we were both typing at the same time. Thanks.
    Sean B. likes this.
  66. Sean B.

    Sean B. Network Guru Member

    Alternatively, you can place this in the "Run after mounting" box under USB and NAS->USB Support in the GUI:

    if [ ! "$(grep -s '/opt ' /proc/mounts)" ] && [ "$(grep -s '/tmp/mnt/Optware ' /proc/mounts)" ]
        mount -o move /tmp/mnt/Optware /opt >/dev/null 2>&1
    Anytime a USB drive is mounted it will run the script. If there's no existing mount on /opt but there is an existing mount on /tmp/mnt/Optware, it will move it.
  67. Twincam

    Twincam Networkin' Nut Member

    Sorted! Thanks very much. I tried the method you described here but it didn't work [maybe because there was no "sleep" command?]. However, the adjusted automount file at the end of this post worked perfectly.

    I have changed all my WebUI-defined paths back to "/opt" so that the [critical] OpenVPN certificates remain accessible and all is well [cstats & rstats etc.].

    Sean B. likes this.
  68. Sean B.

    Sean B. Network Guru Member

    Usually adding a pause in via sleep isn't needed, however every system and USB drive is different. Glad it's working.
  69. R136a1

    R136a1 Network Newbie Member

    Hi kille72
    under "freshtomato-K26_RT-MIPSR1-2019.2-MiniIPv6" (WRT54GL), both local and remote access don't have the https option, only http is available.
  70. Justio

    Justio Addicted to LI Member

  71. R136a1

    R136a1 Network Newbie Member

    Thanks but i now how to search...

    I upgrade from the original Tomato 1.28 with https available.
    And the result of nvram show | grep -i http is

    No signe of https.
    Last edited: Apr 29, 2019
  72. M_ars

    M_ars Network Guru Member

    not enough space for https
    ## MiniIPv6 - for 4MB routers
    R136a1 likes this.
  73. R136a1

    R136a1 Network Newbie Member

    Hi M_ars
    thanks for your useful answer
  74. davygravy

    davygravy Network Newbie Member

    Hello all, I'm looking for a polite nudge in the correct direction. I've got some legacy (read : old, yet perhaps useful) routers that have some version of TomatoUSB builds on them, but at least 4 or 5 years old... 2 Cisco M20 and 2 Belkin ShareMax N300.

    1. I think for the Belkin Sharemax N300 (8MB flash RAM) it should be one of these:
    A. freshtomato-F7D3301_RT-MIPSR2-2019.2-Mini.zip or B. freshtomato-F7D3301USB_RT-N5x-MIPSR2-2019.2-IPv6-VPN.zip

    Obviously the IPv6-VPN has support for IPv6 and VPN... what does the Mini contain ? I googled yet was not able to pin it down definitively...

    Maybe there is a 3rd generic image that would have advantages over either of these?

    2. Which for the Cisco M20... I know it is hardware-identical to the Linksys WRT310N v2. (ouch: 4MB flash RAM ?)
    But I can't seem to find an image specifically those variants ... perhaps something with a "NoUSB-Std" designation?

    Maybe freshtomato-K26_RT-MIPSR2-2019.2-Mini.zip ?

    Thanks in advance,

  75. ghoffman

    ghoffman Network Guru Member

    dave - for the sharemax, i've used these lineages:


    mini does not have usb support

    i have flashed between them without major issues, except that the wireless key needs to be reset (at least that's the only hting that keeps my setup from functionng after crossflash or upgrade). thus you could flash different versions and not completely wreck your system.

    i also use this init scrpt to empty unused nvram variables, since this is a 32k rig:
    for line in `nvram show | grep =$ `; do var=${line%*=}; nvram unset $var; done

    this device continues to work very well for a one radio rig.
    davygravy likes this.
  76. davygravy

    davygravy Network Newbie Member

    Very helpful, thanks a bucket @ghoffman! Will try it later today.


    EDIT: Now I see it: https://bitbucket.org/pedro311/freshtomato-mips/src/mips-master/release/src/Makefile
    Last edited: May 1, 2019
  77. JayKsMan

    JayKsMan New Member Member

    Hi All. What firmware should I use on RT-N16 for more stability?
    I need TOR+OVPN. Router mode is "wifi client"
    I'm using the AdvancedTomato now, but I have problem with NVRAM overflow issues(((
    Is the CRACK vulnerability fixed in FreshTomato?
  78. digixmax

    digixmax LI Guru Member

    FWIW, I am using build type K26USB_RT-MIPSR2-2019.2-AIO on my RT-N16 (running as Wireless Ethernet Bridge) which shows that it has "Total / Free NVRAM32.00 KB / 4196 (12.81%)".
  79. Pickle

    Pickle LI Guru Member

    My RT-N16 using FreshTomato Firmware 2019.2 MIPSR2 K26 USB Mega-VPN shows Total / Free NVRAM 32.00 KB / 4452 (13.59%) but I had to clear out setting suggested by Technie007 in post #1153 to make room for my settings for VPN.
    I previously used a Toastman build similar to yours without NVRAM issues. Are you adding any additional settings or is your NVRAM coming straight from the build settings?
  80. leplic

    leplic New Member Member

    Just Wanted to tell that I am very happy running the 2019.2 firmware on my Asus RT-AC66U rev1. Works well since 4 days. I was having pb with Asus Merlin firmware in the last weeks.
    For those you would like to test, don't forget to clear NVRAM before and after the firmware update. Else, you won't have the 5Ghz wifi band working on your router.

    Thanks guys for the work done. So far so good !
    Last edited: May 10, 2019
  81. digixmax

    digixmax LI Guru Member

    No, I do not have any additional settings beyond those half a dozen basic settings configurable via FT GUI and essential for a Wireless Ethernet Bridge.
  82. trmanco

    trmanco New Member Member

    Thanks for this, got 7% of my NVRAM back! (E2500)
  83. Kent_Diego

    Kent_Diego Network Guru Member

    Hi everyone. Just upgraded my Asus RT-N66u from Shibby TomatoUSB to FreshTomato 2019.2. Works great. Only issue is it takes a looong time to complete the upgrade. Maybe 30 minutes before router starts working after flash. So do not be impatient (like me). First flashed from Administration>Upgrade but got worried and power cycled router before coming active. I then had to re-flash using the failsafe boot loader by holding reset at power cycle to get the web interface that allowed me to re-flash firmware. Good luck everyone.
  84. xtacydima

    xtacydima LI Guru Member

    Hi, its been a while since I visit the Tomato firmware but I found an old Asus rt-n16 I want to revive. I see development is now most active here, I can't figure out which firmware I need for this model, can someone pls assist?

    Thanks :)
  85. rs232

    rs232 Network Guru Member

    I have noticed this too, occasionally the upgrade counter hits very high number. I'm really not sure what the issue is but likely to be just a GUI glitch, in reality your router is upgrade after 1-2 minutes.

    One way to test this is to leave the upgrade page open and try to make contact with the "upgraded" tomato after say 4 minutes (which should be safe enough for a local LAN upgrade). If you upgrade via Internet instead (or remotely in general) it might indeed take longer.
  86. rs232

    rs232 Network Guru Member

  87. xtacydima

    xtacydima LI Guru Member

    Last edited: May 18, 2019
  88. olind

    olind Networkin' Nut Member

    So, after verifying that my backup router (WRT54GL) worked with fresh tomato for a while I upgraded my RT-N16 some days ago and it seems to work. I used this firmware: freshtomato-K26USB_RT-MIPSR2-2019.2-AIO.trx
  89. supersk

    supersk New Member Member

    I've installed freshtomato-K26_RT-MIPSR1-2019.2 on a Linksys WRT54GL and I noticed something strange with the web interface for VLAN configuration.

    VLAN0 is always configured on all ports and set as the default VLAN. It also can't be deleted. Every time I delete it on the web interface, the router reboots and shows it again.

    For instance, I set VLAN1 as the default and have it configured on Port 1 and 2. After deleting VLAN0 it comes back.

    Am I doing something wrong or is this a bug in the web interface?
  90. rs232

    rs232 Network Guru Member

  91. supersk

    supersk New Member Member

  92. rs232

    rs232 Network Guru Member

    try: /sbin/led

    check the parameters available and turn off the one you want accordingly
  93. supersk

    supersk New Member Member

    Thanks. I found another command, it is gpio enable 2

    The "2" corresponds to the SES light and turns off the white LED.
  94. ThaCrip

    ThaCrip Network Newbie Member

    Do any of the following security issues effect FreshTomato 2019.2?


    because I see a 9.3 and 10.0 severity (i.e. CVE-2019-11815 / CVE-2019-11811 ) etc there and both are from May 2019.

    I know nothing about coding etc so I figured I would ask if these are a problem on FreshTomato 2019.2. because I just recently upgraded from Toastman firmware which had a build date of 2014 on my ASUS WL-520gU router etc.
  95. aehimself

    aehimself New Member Member

    Today my WRT54GL flashed with K26_RT-MIPSR1-2019.2-Mini became somewhat unresponsive.
    I'm using DNSMASQ as a local DNS server which stopped functioning (there was Internet access, only the host name resolution was gone). WebUI was unreachable, so was SSH. After my wife rebooted it everything went back to normal.
    I remember having a connection watchdog in DD-WRT; do we have something similar in Tomato? Next time I might not have anyone at home and would prefer the router to recover itself.
    Also, is there a way to check what happened when the router is refusing to communicate with the outside world?

  96. Monk E. Boy

    Monk E. Boy Network Guru Member

    @aehimself I'm not sure if it's in your version of FreshTomato, but other forks of Tomato have a buttons page which controls the behavior of what the WPS button does. I believe by default after holding it down for a couple seconds it will launch a telnet daemon listening on port 223. You can check for yourself if buttons exists under I think administration (sorry, on a network w/o Tomato at the moment) and how long the delay is for telnet to launch. To my knowledge this is the only way to get into a router that is otherwise working except for remote access (http, ssh, etc.), short of wiring up a jedec or serial cable.

    @ThaCrip Much of it, especially the critical ones, appear to either rely on modules not present in busybox or require local access to exploit. Admittedly this is just a quick skim so I could very well be wrong, but it's important to remember that busybox isn't Linux, just Linux-like. There's no bluetooth in busybox, no megasas in busybox, no RDS in busybox, etc. It is very close to Linux which is where the confusion starts but busybox was created for embedded devices which weren't capable of running a full Linux installation. From a security standpoint sometimes the more you strip out of a distribution the less the security risks are (though, depending on what's stripped, sometimes it increases the risks - care must be taken).
    Last edited: Jun 6, 2019
    ThaCrip likes this.
  97. PGalati

    PGalati Network Guru Member

    This is probably a long shot, but what would the chances be of getting a firmware K26 for the WRT54GL 4MB flash that includes an openvpn client that actually fits in nvram? I think once Shibby put the multiwan feature into his builds, the vpn version for the WRT54L became just a hair too large to fit. Those routers are currently limited to Shibby 2.4 v124 which works well but probably has an older openvpn build.

    Yes I know these routers are so old and outdated, but they are workhorses, plus I have several of them with just a couple in service allowing a Cisco VOIP phone to work.

    Is it possible to remove some other pieces of code to allow the vpn build to fit into the 4MB flash?

    Thanks for your consideration.
    Ped Man likes this.
  98. tDk2000

    tDk2000 New Member Member

    Boot proccess stopped on the middle on NETGEAR WNDR3700v3, access possible only via console serial port. Only few processes running, ifconfig shows only loopback interface configured. Manual configuration of ethX interfaces is possible but interface can't ping or be pinged outside (shows error on RX). This caused not only on latest 2019.2, better to say where is no bug.. I found only pretty old tomato firmware (around 2014 year) booting OK, any newer FW stops at same loading step.
  99. tDk2000

    tDk2000 New Member Member

    I'll try to post diagnostic log later because of 1 day restriction for new user
  100. granthgh

    granthgh Network Newbie Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice