[Fork] FreshTomato-MIPS

Discussion in 'Tomato Firmware' started by kille72, Apr 26, 2018.

  1. Chrushev

    Chrushev Network Newbie Member

    Is there a recommended config for 5Ghz ? I am experiencing much weaker signals than 2.4Ghz when using defaults on both (Netgear r6300 v1).

    Also, +1 for QoS including VOIP.
     
    Last edited: Jan 9, 2019
  2. txnative

    txnative Addicted to LI Member

    Of course openwrt doesn't handle broadcom closed source that is not a floss ideal of theirs, but openwrt does support other routers as this is what I was implying, you want a good router supported by openwrt, don't buy a broadcom based router.
     
  3. txnative

    txnative Addicted to LI Member

    How are you determining that problem with 2.4 signal?
     
  4. Chrushev

    Chrushev Network Newbie Member

    Problem is not with 2.4. Problem is with 5.0.

    The 2.4 covers my entire house and then some. 5.0 is weak signal in next room over and on far end of the house no signal at all (2 drywall walls and total distance of maybe 40 feet, the router is central to the house and near the ceiling).

    I tried setting tx power to 0 (which supposed to do hardware defaults), but that didnt seem to make any difference. I also tried bumping tx power to 50 and that didnt make any difference either. Not sure if that functionality does anything.

    Does Tomato support beam forming? I know that when I had ddwrt on this router beamforming was an option (although I never tested to see if it works).
     
    Last edited: Jan 9, 2019
  5. ataru80

    ataru80 New Member Member

    Guys, do you know how to manually set the xfrm policy?
    I need to enter the commands below to manually set the xfrm policy, but I get an error of wrong use of the ip command.


    Code:
     myServer=`nvram get wan_ipaddr`
    ip xfrm policy add src $myServer dst 0.0.0.0/0 proto udp sport 1701 dir out tmpl proto esp mode transport level required
    ip xfrm policy add src 0.0.0.0/0 dst $myServer proto udp dport 1701 dir in tmpl proto esp mode transport level required
    

    Sent from my iPad using Tapatalk
     
  6. txnative

    txnative Addicted to LI Member

    What version netgear you have v1 you mentioned? Personally I was not aware that this version had support for beamforming? I own a v2CH and I do know that kong has support that does have something called implicid, expilicit beamforming but that is supported on v2 ARM v7. however you may be right. Normally using the defaults for 5 GHz works, except maybe leave the interference mitigation to 0, txpwr could set to 0, maybe use a different country other than the default one, I'm sure you are aware of 5 GHz limitations, maybe nvram erase if you haven't already done so and reapply your settings. Regards
     
  7. kernel-panic69

    kernel-panic69 Connected Client Member

    @Chrushev 5GHz band is not 2.4GHz band. 5GHz is not a wall penetrator like 2.4 is. Just my thoughts on that.

    @txnative You must mean, get an Atheros device for OpenWRT, because Marvell Kirkwood, at least one device I was looking at, has issues:

    "Caution: The wireless seems to have problems with WiFi-stability on connections to certain client chipsets, e.g. Apple-devices. See thisthread on OpenWrt developers forum."

    https://openwrt.org/toh/linksys/ea4500
     
  8. txnative

    txnative Addicted to LI Member

    No not just atheros as there are qualcomm atheros, qualcomm ipq80xx, you would have to look through the support hardware and check out what isn't broadcom. The EA4500 works as well using openwrt firmware as I own this one and the EA3500 as well and they perform wonderfully. I admit the 2.4 isn't perfect at least for the EA3500 but I haven't experienced nothing from what any user member in their forum has written about the wifi or any performance problem. That ticket posted a couple of years ago, before I bought my EA routers as I have a fine experience using openwrt for my EA4500 and EA3500.
     
    kernel-panic69 likes this.
  9. kernel-panic69

    kernel-panic69 Connected Client Member

    Figured it was an 'old' caution. I didn't know anyone else made Atheros, or IPQ? Only crossover I've known of is Ralink/Mediatek.... /off-topic
     
  10. danielhaden

    danielhaden Network Guru Member

    The 5.8ghz signal is physically half as big, quarter as strong and loses half of its power per each wall, like this: First wall half power, Second wall quarter power, Third wall eighth power, Fourth wall zilch. If your router or ap is on only one end of the house, you'll need an long ethernet cable for an AP at the other end of the house. For my "L" shaped brick house, I have an E3000 and an E2000 as 5ghz AP (wan ports empty). These were cabled to the main router via the lan ports.

    We can try some settings.
    Configuration: Try control sideband upper, try different channels and set CTS to Auto (because powersave works). Also, get the WiFi Network Analyzer android app by Zoltan Pallagi. You can then observe the signals and make more informed choices on the settings.
     
    Last edited: Jan 10, 2019
    kernel-panic69 likes this.
  11. danielhaden

    danielhaden Network Guru Member

    I did some research today for finding out how to reduce the cpu load from the L7 filters, and discovered if you put them just before the catch-all, and use a port range with it, the cpu load goes down.

    So, it is possible. This is what I came up with.

    Classification/rules
    tcp/udp, port 53, 0-10kb, class 1, dns
    tcp/udp, src port 1-65535, 0-1kb, class 1, fastlittle
    tcp/udp, dst port 80,443,8080, 0-512kb, class 4, httpsmall
    tcp/udp, dst port 80,443,8080, 512kb+, class 8, httplarge
    udp, port ranges 3478-3481,5060-5070, class2, VOIP
    udp, L7 skypetoskype, port range 50000-60000, class2, skype
    udp, L7 rtp, port range 10000-65535, class2, rtp
    tcp/udp, dst port 1-65535, class 10, anythingelse

    classes
    1,16%,100%
    2,12%,100%
    3, 8%,100%
    4, 6%,100%
    5, 4%,100%
    6, 3%,100%
    7, 2%,100%
    8, 1%, 96%
    9, 1%, 96% default
    10,1%, 96%

    That is running on my router.
    The efficiency was decent, according to fast.com.
    It is time to mention that it is better to prioritize VOIP hardware by means of the static DHCP feature (get consistent ip address and prioritize that).
     
    kernel-panic69 likes this.
  12. kille72

    kille72 LI Guru Member

    A new version of FreshTomato 2019.1.015-beta has been released. More information in the first post.
     
  13. danielhaden

    danielhaden Network Guru Member

    Not listed at first post; however, WRT320n and WNR3500v2 (no 'L') are now running freshtomato-K26_RT-MIPSR2-2019.1.015-beta-MiniIPv6 Thanks!
     
    Last edited: Jan 10, 2019
    pedro311, kernel-panic69 and kille72 like this.
  14. kille72

    kille72 LI Guru Member

    Done, thanks!

    For the following MIPSR1 and MIPSR2 routers: Asus WL500GP, N10U, N12B1/C1/D1, N15U, N16, N53, N66U, AC66U Netgear WNR3500LV1, WNR3500V2, WNR3500LV2, R6300V1, WNDR4500V1, WNDR4500V2 Linksys WRT54 series, WRT320n, E800, E900, E1000v2/v2.1, E1200V1, E1200V2, E1500, E2000, E2500, E3000, E3200, E4200 Tenda W1800R, N80 Dlink DIR-320.
     
  15. kernel-panic69

    kernel-panic69 Connected Client Member

    I'm liking the 'new' website. Just got done flashing this build on E4200v1 without issue. Still working on the busybox update @kille72 @pedro311. Had to take a break after that last status message :confused:
     
    M_ars and kille72 like this.
  16. pedro311

    pedro311 Networkin' Nut Member

    Remember: no hurry ;)
     
    kernel-panic69 likes this.
  17. danielhaden

    danielhaden Network Guru Member

    Other unlisted bcm47xx routers that run Tomato, include Linksys WRT610Nv2, WRT310Nv2, WRT160Nv3, ValetM10, Netgear WNDR3700v3, WNDR3400v1, WNR3500u, WNR2000v2, Dlink DIR-620vC1, DIR-627
    http://anon.groov.pl/
     
  18. kernel-panic69

    kernel-panic69 Connected Client Member

    D-Link DIR-620 rev C1, D-Link DIR-620 rev G1, D-Link DIR-320 rev A1, D-Link DIR-320 rev A2, D-Link DIR-627 (rev A1)*....

    We could probably list every Broadcom-MIPS device. And check through the detection to see if they are specifically detected and 'supported'. The tricky part is, of course, making sure they are property detected, etc. The missing ones would have to be added. I wasn't going to address this specifically... yet ;)
     
    danielhaden likes this.
  19. stoppa

    stoppa New Member Member

    Hey,

    I need a cheap/lower end wireless (n or ac) router for an elderly family friend. Just the basics. I plan to put freshtomato on one of the supported devices. What would be a suggested device, stability being more important than features.
     
  20. ataru80

    ataru80 New Member Member

    is it normal that the new version 2019.1.015-beta is taking more than 25 mins to upload via wifi ? And it still has not completed...

    I'm using the version freshtomato-K26USB_RT-N5x-MIPSR2-2019.1.015-beta-AIO-64K.trx

    With the old releases, the whole upgrade would last less than 5 mins...
     
  21. Beast

    Beast Network Guru Member

    Its never a good idea to update firmware over wifi. Too many thing can interfere with wifi, etc. mircrowave oven.
    IMO always use a hard wired connection to update firmwar. And I would say no it should not take that long. The size of the files did not change that much, from the last builds.
     
    kille72 likes this.
  22. Beast

    Beast Network Guru Member

    Updated to 2019.1.015 max vpn 32k version on my Asus RT-N16. So far all is running smooth.

    Is a nvram clear recommended for this update? If coming from 2018.5 32k version ?
     
  23. the_tourist

    the_tourist Network Newbie Member

    Interesting,

    I agree with you, the easiest solution for VOIP is to set the address of its interface permanently in DHCP and then give it priority. But this doesn't apply to Skype (home version) between computers; it needs a rule, otherwise it gets to the very end of the priority list.

    I didn't mention it, but in your initial proposal, you also rejected "Sip" is there a solution for this protocol too?
     
  24. danielhaden

    danielhaden Network Guru Member

    Thanks for checking. This effort is a prospective and may not represent what is used.
    Control ports for SIP were already in port ranges 3478-3481,5060-5070. Data ports are different, contain what you wanted to prioritize and may take an L7 filter to find. The effectiveness of L7 filters diminishes due to cpu load resulting in going slightly slower, including the item you wanted to speed up. There's no boost--a QOS rule to prioritize works only by slowing down everything else. If many are added, there is conflict and it simply slows down everything. The packet drop and retries starts overwhelming any good it might do, if it were taken to an extreme.
    1). All QOS rules are are for slowing something down.
    2). You only get better performance with Less QOS rules.
     
    Last edited: Jan 11, 2019
  25. danielhaden

    danielhaden Network Guru Member

    Your suggestion is the best.
    Yes, it is evident that we need a system for Avoiding the ever-increasing collection of slowdown rules.
     
    Last edited: Jan 12, 2019
  26. Chrushev

    Chrushev Network Newbie Member

    is OpenVPN server working for people? Im using latest commit as of 2 hours ago and AIO version for r6300v1. Switched from Shibby, where OpenVPN server worked with no issues.

    I am getting it to connect. But cant send/receive any traffic.
     
  27. pedro311

    pedro311 Networkin' Nut Member

    Yes it's working. Check logs with "verb 6".
     
  28. Chrushev

    Chrushev Network Newbie Member

    How to toggle verb 6?
     
  29. pedro311

    pedro311 Networkin' Nut Member

    Really?
    Add "verb 6" in Custom Configuration...
     
  30. Chrushev

    Chrushev Network Newbie Member

    Never had to do it before sorry :) Stuff I work with typically needs the process to be executed with a flag (restarted) for higher debug.. so didnt know how to do it here.

    ANyways... yeah issue was my config.
     
  31. youmax

    youmax Network Newbie Member

    Hi folks, is this possible?
     
  32. danielhaden

    danielhaden Network Guru Member

    I'd like to request the opposite. Extraneous graphical display load should be disabled by default. Because the router cpu has 'router things' to do.
     
    Last edited: Jan 11, 2019
  33. pedro311

    pedro311 Networkin' Nut Member

    It was already explained, in short - no.
     
    pharma and danielhaden like this.
  34. kernel-panic69

    kernel-panic69 Connected Client Member

  35. Techie007

    Techie007 Networkin' Nut Member

    My 2c...
    • Rule 1 should be UDP only, and for ports 53 and 123 (DNS and NTP). DNS over TCP will need a second rule as the connections are persistent and will quickly accumulate past 10 KB, thus demoting the traffic.
    • Good job on web (got the main ports, and QUIC by including UDP), although I would recommend 1 MB instead of 512 KB as the threshold.
    • Do we really need an "anything else" rule given the built-in functionality for such classification?
    • It would be a good idea to include up-to-date VoIP rules for Apple (Facetime), Facebook (Messenger), Google (voice, Hangouts, Duo), WhatsApp, in addition to WiFi calling for the major phone carriers as such communications will get demoted to lowest priority otherwise, causing poor call quality and dropouts. Most of these use specific or groups of UDP ports to transfer call data.
     
  36. danielhaden

    danielhaden Network Guru Member

    Thanks for illustrating that.
    It was going so well, until including, and including, and including more rules for more things, and since all QOS rules are for slowing down anything else, Maintaining an ever growing list of slowdown rules looks like ineffective use of developer's time, especially due to the unpleasantly slow consequences of increasing the problem.

    Instead, I suggest to replace the Enable QOS Checkbox with a dropdown menu like this:
    Disabled
    Auto
    Manual

    So, there's Auto, no maintenance and no settings other than in-rate and out-rate; Plus there's Manual, the old QOS intact.
     
    Last edited: Jan 14, 2019
  37. ddimitrov

    ddimitrov Network Newbie Member

    Permanent very high CPU load (CPU load 3.0+) on Linksys E3200 when both AdBlock + Tor are enabled. This happens on Freshtomato 2018.5 and on the new Freshtomato 2019.1.015-beta too. This causes the router to hang. I have not tried older Freshtomato releases. The problem does not happen when only AdBlock is enabled, or only Tor is enabled.

    After countless re-intslallations, NVRAM cleanups, 30-30-30 cleanups, different configuration options and so on, I gave up and reverted back to Shibby Tomato rel.140, where the combination AdBlock + Tor works flawlessly on the same router device.
     
    Last edited: Jan 12, 2019
  38. rs232

    rs232 Network Guru Member

    What does top say when you experience high CPU utilisation? What's using the CPU?
     
  39. danielhaden

    danielhaden Network Guru Member

    Right, a digital input setting cannot change the physical resistors for output level.

    Looks like 1=low, 42=lowish, 73=medium, 160=high, and 0 increases power by number of clients or similar scheme.
    This sets the input volume, not the amp output (of course input too high = clipping/fuzz for trashed data, or input too low = bits/bitrate reduction). The driver on mine seems to have some validation or averaging feature.
    Actual output is set by resistors, and the one you can change is the antenna.

    Also this: For anything with an amplifier, every time you double the power, you can expect 3db more output. One dose of 3db is similar to dropping a sewing pin. For a double power example, drop 2 sewing pins. For a four times power example, drop 4 sewing pins. This was approximate but explains why the power settings can't make shock and awe differences.

    Lastly: If the need is beyond the scope of non-corrupting output power, then you'll need either WDS/mesh for wireless or run a long Ethernet cable for an AP situated where you had wanted wifi to work. And, as for right tools for the job, output power doesn't belong in a top 10 list.

    EDIT:
    Actually, that wasn't all. I think it sporting to fine tune output power setting at just one room away distance to achieve maximum throughput. Settings for maximum quality also prevent going below data-rate drop threshold at maximum distance.
     
    Last edited: Jan 13, 2019
    SeƱor Nimda likes this.
  40. hkwakernaak

    hkwakernaak Serious Server Member

    With FreshTomato 2019.1.015-beta my RT-AC66U is working rock solid, 2.4/5.0Ghz Wifi is working again. thanks for the fix!

     
  41. danielhaden

    danielhaden Network Guru Member

    Is there documentation on how to do AP's (wan port empty) with the goal of forward all wired+wifi to everything (like mac-level forward)?
     
    Last edited: Jan 13, 2019
  42. Wolfgan

    Wolfgan Networkin' Nut Member

    Great news. Which image did you losded?

    Sent from my SGH-I747M using Tapatalk
     
  43. danielhaden

    danielhaden Network Guru Member

    2019.1.015 K26AC USB says the TomatoAnon database.
     
    Last edited: Jan 13, 2019
    Wolfgan likes this.
  44. hkwakernaak

    hkwakernaak Serious Server Member

    "freshtomato-RT-AC66U_RT-AC6x-2019.1.015-beta-AIO-64K.zip"

     
    Wolfgan likes this.
  45. youmax

    youmax Network Newbie Member

  46. Wolfgan

    Wolfgan Networkin' Nut Member

    Thanks for the image confirmation guys!

    Sent from my SGH-I747M using Tapatalk
     
  47. ddimitrov

    ddimitrov Network Newbie Member

    Linksys E3200, Freshtomato 2019.1.015-beta, default settings,
    permanent very high CPU consumption (same as with Freshtomato 2018.5)
    when both AdBlock + Tor are enabled:

    1) The process that is consuming CPU all the time is the tor process;
    2) The output of "top" after about 10 minute run is as follows:

    Mem: 52084K used, 9160K free, 0K shrd, 688K buff, 11244K cached
    CPU: 15% usr 53% sys 0% nic 0% idle 31% io 0% irq 0% sirq
    Load average: 1.76 1.53 0.94 3/30 2192
    PID PPID USER STAT VSZ %VSZ %CPU COMMAND
    586 1 nobody R 21480 35% 56% tor -f /etc/tor.conf
    92 2 root SW< 0 0% 5% [mtdblockd]
    457 428 root S 1212 2% 2% dropbear -p 22 -a
    1790 1608 root R 1600 3% 1% top
    49 2 root DW< 0 0% 0% [kswapd0]
    2026 1 nobody S 10220 17% 0% dnsmasq -c 4096 --log-async
    1420 1 root S 3348 5% 0% httpd
    1253 1 root S 1608 3% 0% udhcpc -i vlan2 -b -s dhcpc-event -H unknown -O 33 -O 121 -O 249 -m -p /var/run/udhcpc-wan.pid
    1324 1 root S 1604 3% 0% ntpd -l
    463 1 root S 1604 3% 0% crond -l 9
    1608 457 root S 1604 3% 0% -sh
    315 314 root S 1600 3% 0% /bin/sh
    317 1 root S 1592 3% 0% syslogd -L -s 50 -b 1
    319 1 root S 1592 3% 0% klogd
    1 0 root S 1400 2% 0% /sbin/init noinitrd
    313 1 root S 1384 2% 0% buttons
    314 1 root S 1352 2% 0% console
    428 1 root S 1144 2% 0% dropbear -p 22 -a
    465 1 root S 1044 2% 0% rstats
    475 1 root S 892 1% 0% cstats
    275 1 root S 620 1% 0% hotplug2 --persistent --no-coldplug
    4 2 root SW< 0 0% 0% [events/0]
    24 2 root SW< 0 0% 0% [khubd]
    50 2 root SW< 0 0% 0% [aio/0]
    47 2 root SW 0 0% 0% [pdflush]
    5 2 root SW< 0 0% 0% [khelper]
    21 2 root SW< 0 0% 0% [kblockd/0]
    2 0 root SW< 0 0% 0% [kthreadd]
    3 2 root SW< 0 0% 0% [ksoftirqd/0]
    48 2 root SW 0 0% 0% [pdflush]


    ------

    The results of a 10 minute run when Tor is enabled, but AdBlock disabled, are as follow:

    1) Tor was consuming about 95-100% CPU for about 3 minutes at the beginning, after that it was "quiet" with 0-10% CPU load;
    2) The output of "top" after about 10 minute run is as follows:

    Mem: 49324K used, 11920K free, 0K shrd, 3492K buff, 15408K cached
    CPU: 0% usr 0% sys 0% nic 98% idle 0% io 0% irq 0% sirq
    Load average: 0.03 0.24 0.25 3/31 1822
    PID PPID USER STAT VSZ %VSZ %CPU COMMAND
    1607 1444 root R 1600 3% 0% top
    551 1 nobody S 21544 35% 0% tor -f /etc/tor.conf
    1822 1135 root R 3352 5% 0% httpd
    1135 1 root S 3348 5% 0% httpd
    462 1 root S 1616 3% 0% crond -l 9
    972 1 root S 1608 3% 0% udhcpc -i vlan2 -b -s dhcpc-event -H unknown -O 33 -O 121 -O 249 -m -p /var/run/udhcpc-wan.pid
    1040 1 root S 1604 3% 0% ntpd -l
    1444 1440 root S 1604 3% 0% -sh
    320 314 root S 1600 3% 0% /bin/sh
    316 1 root S 1592 3% 0% syslogd -L -s 50 -b 1
    318 1 root S 1592 3% 0% klogd
    977 1 nobody S 1480 2% 0% dnsmasq -c 4096 --log-async
    1 0 root S 1400 2% 0% /sbin/init noinitrd
    313 1 root S 1384 2% 0% buttons
    314 1 root S 1352 2% 0% console
    1440 428 root S 1212 2% 0% dropbear -p 22 -a
    428 1 root S 1144 2% 0% dropbear -p 22 -a
    464 1 root S 1044 2% 0% rstats
    473 1 root S 892 1% 0% cstats
    275 1 root S 620 1% 0% hotplug2 --persistent --no-coldplug
    92 2 root SW< 0 0% 0% [mtdblockd]
    4 2 root SW< 0 0% 0% [events/0]
    5 2 root SW< 0 0% 0% [khelper]
    24 2 root SW< 0 0% 0% [khubd]
    50 2 root SW< 0 0% 0% [aio/0]
    47 2 root SW 0 0% 0% [pdflush]
    21 2 root SW< 0 0% 0% [kblockd/0]
    2 0 root SW< 0 0% 0% [kthreadd]
    3 2 root SW< 0 0% 0% [ksoftirqd/0]
    48 2 root SW 0 0% 0% [pdflush]
    49 2 root SW< 0 0% 0% [kswapd0]


    ------

    The results of a 4-5 minute run when AbBlock is enabled, but Tor disabled, are as follow (I did not wait any longer because everything is absolutely quiet after that):

    Mem: 43240K used, 18004K free, 0K shrd, 4268K buff, 14724K cached
    CPU: 2% usr 0% sys 0% nic 96% idle 0% io 0% irq 1% sirq
    Load average: 0.04 0.18 0.09 2/29 1631
    PID PPID USER STAT VSZ %VSZ %CPU COMMAND
    1631 1 nobody S 10220 17% 2% dnsmasq -c 4096 --log-async
    1466 1260 root R 1600 3% 0% top
    1134 1 root S 3348 5% 0% httpd
    949 1 root S 1608 3% 0% udhcpc -i vlan2 -b -s dhcpc-event -H unknown -O 33 -O 121 -O 249 -m -p /var/run/udhcpc-wan.pid
    1046 1 root S 1604 3% 0% ntpd -l
    1260 1259 root S 1604 3% 0% -sh
    462 1 root S 1604 3% 0% crond -l 9
    315 314 root S 1600 3% 0% /bin/sh
    317 1 root S 1592 3% 0% syslogd -L -s 50 -b 1
    319 1 root S 1592 3% 0% klogd
    1 0 root S 1400 2% 0% /sbin/init noinitrd
    313 1 root S 1384 2% 0% buttons
    314 1 root S 1352 2% 0% console
    1259 428 root S 1212 2% 0% dropbear -p 22 -a
    428 1 root S 1144 2% 0% dropbear -p 22 -a
    464 1 root S 1044 2% 0% rstats
    478 1 root S 892 1% 0% cstats
    275 1 root S 620 1% 0% hotplug2 --persistent --no-coldplug
    92 2 root SW< 0 0% 0% [mtdblockd]
    4 2 root SW< 0 0% 0% [events/0]
    24 2 root SW< 0 0% 0% [khubd]
    5 2 root SW< 0 0% 0% [khelper]
    21 2 root SW< 0 0% 0% [kblockd/0]
    50 2 root SW< 0 0% 0% [aio/0]
    47 2 root SW 0 0% 0% [pdflush]
    48 2 root SW 0 0% 0% [pdflush]
    49 2 root SW< 0 0% 0% [kswapd0]
    2 0 root SW< 0 0% 0% [kthreadd]
    3 2 root SW< 0 0% 0% [ksoftirqd/0]


    So ?

    I did not experience such CPU load on the same device with Shibby Tomato rel.140 and both AdBlock + Tor enabled. Could it be the newer Tor version in Freshtomato causing this CPU load? Or may this Tor version be more memory demanding than the previous one (my router has only 64MB RAM)?
     
    kernel-panic69 likes this.
  48. pedro311

    pedro311 Networkin' Nut Member

    Disable all lists except one (the first one) in Adblock, and restart router with Tor and Adblock enabled.
    Check with top/htop. Give us details.
     
    M_ars, kernel-panic69 and danielhaden like this.
  49. ddimitrov

    ddimitrov Network Newbie Member

    Disabling all lists except the 1st one in AdBlock seems to be solving the problem. Now, after a run of a couple of minutes the router is idle, and the output of top is as follows:

    Mem: 48968K used, 12276K free, 0K shrd, 1616K buff, 13780K cached
    CPU: 0% usr 1% sys 0% nic 98% idle 0% io 0% irq 0% sirq
    Load average: 0.04 0.40 0.33 2/30 1981
    PID PPID USER STAT VSZ %VSZ %CPU COMMAND
    1946 1452 root R 1600 3% 0% top
    614 1 nobody S 21480 35% 0% tor -f /etc/tor.conf
    1321 1 root S 3348 5% 0% httpd
    1805 1 nobody S 3204 5% 0% dnsmasq -c 4096 --log-async
    1062 1 root S 1608 3% 0% udhcpc -i vlan2 -b -s dhcpc-event -H unknown -O 33 -O 121 -O 249 -m -p /var/run/udhcpc-wan.pid
    1452 1449 root S 1604 3% 0% -sh
    1230 1 root S 1604 3% 0% ntpd -l
    462 1 root S 1604 3% 0% crond -l 9
    315 314 root S 1600 3% 0% /bin/sh
    317 1 root S 1592 3% 0% syslogd -L -s 50 -b 1
    319 1 root S 1592 3% 0% klogd
    1 0 root S 1400 2% 0% /sbin/init noinitrd
    313 1 root S 1384 2% 0% buttons
    314 1 root S 1352 2% 0% console
    1449 428 root S 1212 2% 0% dropbear -p 22 -a
    428 1 root S 1144 2% 0% dropbear -p 22 -a
    470 1 root S 1044 2% 0% rstats
    469 1 root S 892 1% 0% cstats
    275 1 root S 620 1% 0% hotplug2 --persistent --no-coldplug
    92 2 root SW< 0 0% 0% [mtdblockd]
    4 2 root SW< 0 0% 0% [events/0]
    24 2 root SW< 0 0% 0% [khubd]
    21 2 root SW< 0 0% 0% [kblockd/0]
    50 2 root SW< 0 0% 0% [aio/0]
    47 2 root SW 0 0% 0% [pdflush]
    5 2 root SW< 0 0% 0% [khelper]
    49 2 root SW< 0 0% 0% [kswapd0]
    2 0 root SW< 0 0% 0% [kthreadd]
    3 2 root SW< 0 0% 0% [ksoftirqd/0]
    48 2 root SW 0 0% 0% [pdflush]


    Previous time (when the other lists in AdBlock were enabled by default) the memory consumption of dnsmasq was much higher (about 10220 KB), while it is much less now (about 3204 KB). Previous time I noticed that the process [mtdblockd] was working and consuming some CPU. I do not know what [mtdblockd] exactly is, but as far as know it is related to reading/writing to the flash memory, so probably some intensive swapping had occurred then, which could be causing a lot of overhead.

    In fact, the number of enabled AdBlock lists in Shibby Tomato is shorter and dsnmasq was consuming there only 4000KB of memory (by default, 4 enabled lists in Shibby Tomato vs 6 enabled in Freshtomato). One of these 2 "extra" lists is relatively large and it has been causing extra memory consumption. Fortunately, I need only the 1st list, so I will be implement this workaround (e.g. disabling all the other AdBlock lists in order to limit my memory usage).

    @pedro311 Thank you very much!
     
    Last edited: Jan 14, 2019
    kernel-panic69 likes this.
  50. danielhaden

    danielhaden Network Guru Member

    Fun with DNSmasq
    Code:
    no-resolv
    server=208.67.222.222
    server=1.0.0.1
    server=9.9.9.9
    server=1.1.1.1
    min-cache-ttl=3600
    cache-size=1000
    bogus-priv
    domain-needed
    quiet-dhcp
    log-facility=-
    dhcp-host=AA:BB:CC:AA:BB:CC, id:*, F'n-Printer, 192.168.1.151, infinite
    dhcp-host=AA:BB:CC:AA:BB:CC, id:*, MagicJack, 192.168.1.152, infinite
    dhcp-host=AA:BB:CC:AA:BB:CC, id:*, HP-Desktop, 192.168.1.153, 12h
    dhcp-host=AA:BB:CC:AA:BB:CC, id:*, Lg-Phone, 192.168.1.154
    address=/intellitxt.com/0.0.0.0
    address=/1e100.net/0.0.0.0
    I especially enjoy being able to put my long list of static dhcp assignments into a text file for quick, convenient copy-paste-done.

    CPU-efficient bandwidth management: With static dhcp that easy, you can put vital/important client devices Above the auto-dhcp range. . . and then overlap the auto-dhcp range with a bandwidth limit (use the bandwidth limit menu and 5% less than fast.com reports). Especially effective if you add a little connlimit startup script.
    iptables -I INPUT -s 192.168.1.1/25 -m connlimit --connlimit-mask 32 --connlimit-above 150 -j REJECT
    And change the auto-dhcp range (basic, network, lan, dhcp) to 192.168.1.50-125.

    Applying the combination of bandwidth limit and connlimit to a range of 192.168.1.2 to 192.168.1.125 means that you can put your priority devices up higher than that, where a limit is not applied.
     
    Last edited: Jan 16, 2019
    kernel-panic69 and rs232 like this.
  51. dadaniel

    dadaniel Network Guru Member

    I did not write udhcpd anywhere? The problem is when you uncheck "use internal DNS server" the router should not send it's own IP address anymore in DHCP lease DNS field! It should send the entered static DNS servers instead!
     
  52. kernel-panic69

    kernel-panic69 Connected Client Member

    Which is why you check the 'use received and entered DNS' option....

    ^ -- I guess I interpreted dnsmasq not running to equal that udhcpd was running instead ;):oops:
     
  53. Sean B.

    Sean B. Network Guru Member

    I don't see where the post is that you quoted from @dadaniel stating that the router sends out it's own IP to LAN clients when "use internal DNS" is unchecked and dnsmasq is not running. That statement begs the question, how exactly is the router sending DNS servers to clients when there is no DHCP server running to send that information?
     
    kernel-panic69 likes this.
  54. kernel-panic69

    kernel-panic69 Connected Client Member

    In DD-WRT, if you disable dnsmasq, udhcpd is enabled by default -- which doesn't apply to FreshTomato. That is probably where my thought process was, but yes, one would think that with no dhcp server running...
     
  55. dadaniel

    dadaniel Network Guru Member

    I don't know what exactly happens under the hood when I uncheck "use internal DNS". The only fact that I know is that the router is still serving DHCP clients (which is OK) and sends it's own IP address in the DNS field (which is NOT OK)! If 'use received and entered DNS' is NOT checked, then DHCP's DNS field should be empty. If it is checked, it should send received and entered DNS directly to client's DHCP lease.

    I am not sure if the combination of NOT "use internal DNS" and 'use received and entered DNS' is working at all, so would it possible for you to check? I currently don't have a router available for testing :(
     
  56. kernel-panic69

    kernel-panic69 Connected Client Member

    Code:
    Wireless LAN adapter Wi-Fi:
    
    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3168
    Physical Address. . . . . . . . . : 88-B1-11-CC-3E-8B
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.10.49(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Thursday, January 17, 2019 9:13:32 AM
    Lease Expires . . . . . . . . . . : Friday, January 18, 2019 9:13:31 AM
    Default Gateway . . . . . . . . . : 192.168.10.1
    DHCP Server . . . . . . . . . . . : 192.168.10.1
    DNS Servers . . . . . . . . . . . : 208.67.222.222
                                        208.67.220.220
                                        208.67.222.220
    NetBIOS over Tcpip. . . . . . . . : Disabled
    I can add entered DNS if you want, but that is the results of ipconfig /all for the wireless connected to FT. Not sure if Windows is nice enough to allow 2+ more servers in the list, it's been a while :confused::rolleyes:
     
  57. danielhaden

    danielhaden Network Guru Member

    To make that feasible, replace the first thing on this page: http://192.168.1.1/qos-settings.asp "Enable QOS" checkbox, with:
    Radio buttons, *Disable, *Auto, *Manual

    Manual is the same old QOS, unchanged and available.

    Auto is the new go-fast QOS, Maintenance-Free, like this:
    Code:
    (on qos-classify.asp page)
    TCP/UDP, ports 1-5070, Transferred 0-1kb, class1, Fastlittle
    TCP/UDP, DST port 1-5070, Transferred 0-64kb, class2, Launch
    TCP/UDP, DST port 1-65535, Transferred 0-512kb, class3, Medio
    TCP/UDP, DST port 1-65535, Transferred 0-1024kb, class4, Large
    TCP/UDP, DST port 1-65535, Transferred 1024kb+ class5, Stream
    
    (on qos-settings.asp page)
    1, 12%, 100%
    2, 3%, 100%
    3, 3%, 100%
    4, 1%, 100%
    5, 1%, 96% Set as Default
    6, no, no
    7, no, no
    8, no, no
    9, no, no
    10, no, no
    (same for both outbound and inbound).
     
    Last edited: Jan 24, 2019
    kernel-panic69 likes this.
  58. Sean B.

    Sean B. Network Guru Member

    When you said dnsmasq is not running, did you actually turn off DHCP under Basic->Network? Or just uncheck "use internal dns"? My guess is DHCP is still enabled, therefor dnsmasq is still running. Dnsmasq, from its own code not Tomatos, will send the IP address of the machine it's running on as the DNS server via DHCP by default. To change this, simply put this in the custom config box under Advanced->DHCP/dns:

    Code:
    dhcp-option=option:dns-server,X.X.X.X,Y.Y.Y.Y
    Where X.X.X.X is the primary DNS server IP you want sent to clients, and Y.Y.Y.Y is an optional secondary server.

    **NOTE** For users running more than one LAN ( IE: br0, br1, br2 etc ) you can send different DNS servers to each LAN via tags. Example:

    Code:
    dhcp-option=tag:br0,option:dns-server,X.X.X.X,Y.Y.Y.Y
    dhcp-option=tag:br1,option:dns-server,W.W.W.W,Z.Z.Z.Z
     
    Last edited: Jan 24, 2019
  59. UserDirk

    UserDirk New Member Member

    File is too big to fit in MTD Cisco E3000 2019.1.015-beta and the VPN version. Must be < 8MB.
    But the mini vpn works. Thx.
     
  60. leonardopech

    leonardopech New Member Member

    Hi,

    I have a E2500 v3, I want to use Fresh Tomato but I see that nvram file is only 32MB, when E2500 have 64MB. Why this build comes with only 32MB?
    Actually I'm using Advanced Tomato and it have 64MB of nvram and works so good
     
  61. MrAndersen

    MrAndersen New Member Member

    Hi all,

    New user here, running 2019.1.015-beta on an AC66U.

    Is anyone else experiencing problems with auto channel selection? This is what I'm experiencing on both 2.4G and 5G:
    * Channel width is limited to 20MHz, regardless of setting (20, 40 or 80)
    * Selected channel is always the first (lowest) channel in the range. (does it ever monitor channel utilization, and change channels during runtime?)

    How to reproduce (step by step):
    * Set channel to 'auto' and reboot. Router boots with channel width 20MHz on lowest channel.

    * If I manually select a channel and saves, it immediately changes to that channel, and with correct channel width. This also sticks during reboot.

    * Changing back to 'auto', and it stays at the previously manually selected channel, and correct channel width. However, rebooting the router, and it's back to 20Mhz channel width on lowest channel.

    This was also a problem for me on 2018.5

    I only just got this router a month ago, so it's never worked properly for me.
    The router was installed with clean NVRAM, and rebooted twice to detect the 5G interface.

    It's basically running default settings, only with passwords on wireless.
    I've uploaded sysinfo and nvram here:

    sysinfo
    nvram show

    Best regards,
     
    Last edited: Jan 22, 2019
  62. kernel-panic69

    kernel-panic69 Connected Client Member

    I'm sure you meant KB, not MB. But anyway, to answer the question, it is for the 5GHz band radio stability. Does Advanced maintain the 5GHz band without issue? OEM stock firmware tends to drop connections on the v3 (mainly mobile devices, it seems for me), and it also uses the normal 64K nvram setting.
     
  63. txnative

    txnative Addicted to LI Member

    It's quite possible that it was overlooked as in the Advancedtomato source is separate from the fresthtomato-mips branch, maybe pedro could put it out in the next beta?
     
  64. txnative

    txnative Addicted to LI Member

    I"m not sure if the auto selection feature works, but as you have noticed that using a selected number and width will work as expected and when you go through and set up the router to your needs, then you'll know if something doesn't work as expected or buggy then you could give feedback as you did here, I would be skeptical to say it's the router itself. Did you try any other firmware before switching to tomato?
     
  65. geekjock

    geekjock Network Guru Member

    I have the same issue with both an AC66U (MIPS) and an AC68U (ARM). Changing the channel from 1 appears to take, but in reality it remains on channel 1. I know this because the routers can see each other's wifi SSIDs. I tried different country setting, but no change. I was going to post about this myself.
     
  66. geekjock

    geekjock Network Guru Member

    Thanks, that is very helpful. I want my router to send out the address of my Pi-hole as the DNS server. Please confirm that to also send the IPv6 of the Pi-hole, a line should be added:

    Code:
    dhcp-option=option6:dns-server,[IPv6 address]
     
  67. Magister

    Magister LI Guru Member

    On my R7000, my 2.4G is set to auto/20MHz wide, and it changes itself to 1, 6 or 11 during the day, don't know if it's often or not, but I can see it changing. Maybe it scans every X minutes or something?
     
  68. kernel-panic69

    kernel-panic69 Connected Client Member

    What was overlooked? The nvram was set to 32K for a reason, 5GHz band stability. The usb bus wireless chip driver is a tricky bastard and has issues with the 64K nvram setting. But I can do a test build with 64k nvram and let someone test it if they wish to disprove that. Because I honestly DO NOT think that the UI enhancements in Advanced Tomato mysteriously and magically fix that issue, as it has no other code updates, only the UI.
     
  69. kernel-panic69

    kernel-panic69 Connected Client Member

    http://man7.org/linux/man-pages/man8/ip-xfrm.8.html <-- might be a syntax error. I am not familiar with ip-xfrm, but it looks like your commands are out of order or completely incorrect. Looks to be a question for a networking thread, perhaps...

    EDIT: Looking back at this, it may be that you need those lines in a shell script (custom script) as you are defining a variable, and that may be the cause of the issue as well, but you probably need it broken down by state and policy.

    Some examples I've found:

    https://gist.github.com/vishvananda/7094676

    https://backreference.org/2014/11/12/on-the-fly-ipsec-vpn-with-iproute2/
     
    Last edited: Jan 23, 2019
  70. txnative

    txnative Addicted to LI Member

    use the previous beta and see if the problem still occurs
    it's not 64k, it's 60k as they are both for the E3200 and E2500v3. I'm sure the user missed the details on how he was representing it or presenting it.
     
    kernel-panic69 likes this.
  71. kernel-panic69

    kernel-panic69 Connected Client Member

    Yes, 60k nvram. I think there was confusion between hardware RAM and flash, nvram specs in there. I'm wondering what tweak in the latest OEM firmware for the V3 was for correcting this issue, if it has been corrected:

    https://nvd.nist.gov/vuln/detail/CVE-2018-3953
     
  72. Bird333

    Bird333 Network Guru Member

  73. pharma

    pharma Network Guru Member

  74. Bird333

    Bird333 Network Guru Member

    You have to choose it up in the WAN section.
     
  75. kernel-panic69

    kernel-panic69 Connected Client Member

    But do you also have to select it in the wireless mode to work? I haven't tinkered with this particular situation on my E4200v1. The only 'bug' I am aware of with client mode may be related to the KRACK vulnerability, but outside of that, I would have to dig through the forum unless you have specific posts.
     
  76. Bird333

    Bird333 Network Guru Member

    Once you choose it in the WAN section it gets populated in the 'wireless mode' field. I'm just trying to get confirmation of whether it actually works or not at this point.
     
  77. Bird333

    Bird333 Network Guru Member

    Wireless client is broken. I tested this on an asus N66U for the 2.4G radio with 3 different firmware. Shibby AIO 132, Shibby AIO 138, and Fresh Tomato AIO 2018.5. First, Wireless Client only works with no encryption in any of the firmwares.

    132 - Can connect to second radio (5G) and get internet. Also, connecting to a VAP on 2.4 also works. Wired works too.

    138 - Can't connect to 5G if VAP has been created. Of course trying to connect to VAP doesn't work. I'm not talking getting internet access, I mean my laptop couldn't connect to those SSIDs. Wired works

    2018.5 - Same as 138. In addition when trying to connect to the other SSIDs, the router seems to reboot (all lights come on).

    Also, why are some of the encryption choices grayed out when you have Wireless Client set? WPA Personal and Enterprise as well as WPA2 Personal and Enterprise are grayed out. Based on my searches, wireless client has been broken for a long time. Can these issues be fixed?
     
    pharma likes this.
  78. Sean B.

    Sean B. Network Guru Member

    That is correct.
     
    Last edited: Jan 24, 2019
    geekjock likes this.
  79. Magister

    Magister LI Guru Member

    As far as I recall this has been like this since the beginning. If it was never fixed in 10 years to allow encryption, maybe it's unfixable?
     
  80. Bird333

    Bird333 Network Guru Member

    It's hard to believe it is unfixable considering Wireless Ethernet Bridge works and DD-WRT works. I'm sure if looked into it can be fixed. At least I hope so. :)
     
  81. danielhaden

    danielhaden Network Guru Member

    I wonder if non-multiwan can do client mode, perhaps toastman's 2017 release?
    That's the newest that doesn't have a multiwan compromise.
     
    Last edited: Jan 24, 2019
  82. danielhaden

    danielhaden Network Guru Member

    Question: How do I use channels 100-144?
     
  83. Magister

    Magister LI Guru Member

    Change country, try Singapore
     
  84. Bird333

    Bird333 Network Guru Member

    The shibby 132 doesn't have multiwan. I may try toastman, but from what I've been reading it doesn't work either.

    EDIT: Toastman doesn't work either.
     
    Last edited: Jan 25, 2019
    pharma likes this.
  85. Sean B.

    Sean B. Network Guru Member

    If someone that's running current FreshTomato MIPS firmware has a moment and would be willing, I'd appreciate a quick functionality test as I believe I may have skipped over part of a previously discussed issue.

    Under Basic->Network set a custom DNS server as 8.8.8.8

    Under Advanced->DHCP/dns disable ( uncheck ) the option for "use internal DNS" and the option for "send received DNS with entered"

    Save, and connect/reconnect a LAN client to the network. What DNS server IP does that LAN client receive?
     
    kernel-panic69 likes this.
  86. danielhaden

    danielhaden Network Guru Member

    Question: How do I get pure lan to wifi forwarding, with the exact same behavior as an ordinary wired switch--as in specifically not dropping any broadcasts or anything to improve wifi efficiency at the cost of not working like a switch?
     
  87. Sean B.

    Sean B. Network Guru Member

    Under Advanced->Wireless, for 2.4 and/or 5ghz, set the option "Wireless multicast forwarding" to enable. Under Advanced->Routing disable ( uncheck ) the option "Efficient multicast forwarding". This should remove any broad/multicast traffic restriction or alteration in regards to wireless, at least that which we have control over, as it's possible the wireless driver may still make some decisions beyond user control.
     
    danielhaden likes this.
  88. kernel-panic69

    kernel-panic69 Connected Client Member

    I'm trying to remember what client OS requires one to set the encryption on the client end for wireless... because all I can recall setting is the password / pre-shared-key.... *scratching head*.
     
  89. Radojevic

    Radojevic Network Newbie Member

    I remember it was old versions of MS Windows, Mac OS, and maybe even Android.
    It was a few years ago I noticed not needing to select an encryption method on the client side for any OS I have.
     
  90. aehimself

    aehimself New Member Member

    I was a happy user of the beta, but after ~40 day of uptime my WRT54GL rebooted itself. Could not find any evidence as even the log cleared itself. Just to be on the safe side I updated to the non-beta K26_RT-MIPSR1-2018.5-Mini and everything seems to be working fine so far!
    I never had this long uptime with any previous firmware but I like to know what is happening. Is there a way to preserve logs after a reboot? No SD card, no USB but I can create a share on my Windows server.
     
  91. Chrushev

    Chrushev Network Newbie Member

    You could write log to NVRAM (not recommended due to flash wear, but if you cant use an SDcard or USB drive then thats an option), you could also store it on a remote server share (by hostname), but that share has to be up and running.
     
  92. Chrushev

    Chrushev Network Newbie Member

    Seems like static ip expiration time is not working correctly. When set to infinite lease time it still re-leases every 12 hours.
     
  93. Sean B.

    Sean B. Network Guru Member

    Under Administration->CIFS Client configure a network share to be mounted on /cifs1 . Then under Administration->Logging check the box for "Custom log file path" and input /cifs1/syslog.log . While your options are limited without USB, keep in mind this method won't catch as much log data close to the reboot event comparatively, as the ability to write to a file on a network share will fail before the information stops flowing for the log.
     
  94. Mikael Bak

    Mikael Bak Network Newbie Member

    I get expected result:
    $ nmcli
    DNS configuration:
    servers: 8.8.8.8
    interface: enp2s0

    FreshTomato Firmware 2019.1.015 MIPSR1-beta K26 Mini
    Router: Linksys WRT54GL

    Did not find "send received DNS with entered". I have "Use received DNS with user-entered DNS" and it's off by default. I left it that way.
    If enabled I get exactly the same result. Only user entered DNS (in this case 8.8.8.8) as above.
     
    kernel-panic69 likes this.
  95. Sean B.

    Sean B. Network Guru Member

    Thank you sir.
     
  96. kernel-panic69

    kernel-panic69 Connected Client Member

    What is the WAN connection involved? DHCP, PPPoE, etc?
     
  97. Mikael Bak

    Mikael Bak Network Newbie Member

    It's DHCP.
     
  98. Mikael Bak

    Mikael Bak Network Newbie Member

    Hi,
    I'm a long time tomato user, but I'm new to this forum.

    I would like to ask if it's possible if to add to the changelog when it is mandatory to wipe nvram when updating. I have not seen any notes on that in recent changelogs, but I did see recommendations in the forum to wipe nvram.

    I used shibby's firmware for years and rarely I had to erase nvram, and when it was neccessary it was clearly stated in the changelog.

    I know this project is young and lots of things changes fast in the source code, so perhaps now for some time we have to erase nvram when updating. But I think it'll benefit all if we as soon as possible could bring the nvram structure to a stable state so that we wouldn't have to wipe nvram when updating to a new version. Some configurations are complex and it is a pain to upgrade when you have to manually restore all options.

    Don't get me wrong. I'm very glad that freshtomato exists and I will try to help development by testing new versions as much as I can. I guess I just wanted to know if there is a plan for nvram stability and how long it will take to get us there.

    As for shibby's firmware. I think he made a big mistake by implementing multiwan back then. Some routers run out of nvram very fast because of changes made back then. I wonder how many people actually use this feature...
    On one of my routers (NETGEAR WNR3500Lv2) I have to manually delete all QoS rules in order to fit my configuration. Using it as VPN client or server is impossible without external USB sorage where I can store the certificates and keys. Imagine what pain it is to erase nvram each time I upgrade this.

    I wish there was an option without multiwan. But then we would have incompatible nvram structures. And that is probably not desirable.

    Well, enough complaning for today :)

    Thanks for a great firmware! I'm really greatful for all the work you do to keep this project going.
     
    minos and digixmax like this.
  99. Gurgel

    Gurgel Serious Server Member

    Wireless client works on MIPS routers (at least some of them) but not on ARM. Only with no encryption have I gotten it to work on a ARM router.
    But MIPS with Shibby 132 and Toastman at least, I've used Wireless client with encryption.
     
  100. Radojevic

    Radojevic Network Newbie Member

    I believe erasing NVRAM has been a general rule for every DD-WRT, shibby, and FreshTomato firmware.
    I think the developers just get tired of repeating it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice