Likely giving up on TomatoUSB

Discussion in 'Tomato Firmware' started by koitsu, Jun 9, 2016.

  1. koitsu

    koitsu Network Guru Member

    Important: none of my below statements should be taken to mean "TomatoUSB sucks!" I do not think that at all. I want to be clear on that point. I just think it's a project that's -- respectfully, please! -- stagnant because we can't improve all the things we need to given lack of manpower and being stuck on binary blobs.

    I've purchased a Mikrotik RB2011UiAS-2HnD-IN (will be here in a couple weeks) and plan on playing with it (and very likely sticking with it). If all goes well, it'll be replacing my Asus RT-N66U. It'll be an interesting transition, so-to-speak.

    The below (small font to try and save real estate -- yes I write diatribes) is for those who are interested in the "why".

    I'm kind of at my wit's end with TomatoUSB. Tonight I was dealing with some ISP network issues, followed by some packet analysis for a completely unrelated issue (actually having to look at payload to see what someone was pasting on IRC, since what I was seeing vs. what their client was showing was quite different). I started noticing that after my ISP fixed whatever their problem was, I was seeing sporadic packet loss throughout hops including at the CMTS -- this NEVER happens for me, I'm very meticulous in graphing my cable modem down/up levels and SNR, ditto with correctables/uncorrectables, so if I see "weirdness" with my cable signal I tend to know what's up.

    Then it hit me: maybe someone was DoSing me because of my Email to about a Comcast issue (since I have to give public IPs). It's never happened before (respectfully to anyone on the forum: please don't be a dick and change that :p), but anything is possible. Better verify by doing packet captures on vlan2 (WAN). So I fired up tcpdump on Tomato natively, which was working fine as expected (for several minutes), but there was just too much traffic for me to review easily via CLI. It didn't look like a DoS, but there was some TCP traffic in bulk that looked questionable -- I needed Wireshark.

    Because I run rpcapd, I fired up Wireshark + added the remote connection to rpcapd and began monitoring traffic on vlan2. Looking good, nothing abnormal, then after about 30 seconds Wireshark just stopped showing any new traffic. Bam, dead, nothing. I telnetted into the router, thinking maybe rpcapd died... nope, there's the process, and its forked child. Back to Wireshark, clicked Stop, and received an error message stating that the remote end (rpcapd) had closed the socket unexpectedly. Huh? Back into the router, uptime: 2 minutes. In other words, the kernel panicked. I verified that by seeing that my USB flash drive's ext3 filesystem had journal recovery applied to it (via dmesg).

    So I repeated the process: set up Wireshark to capture from rpcapd (this time with a snaplen of 65535 -- default is 256KB), let some traffic flow, and within about 30 seconds the same situation: uptime: 1 minute. Okay, so now rpcapd is somehow crashing the damn kernel. This really does not make me happy (especially because I have no way to troubleshoot this without voiding warranty to install a serial console port -- and that still doesn't necessarily get me any closer to the root problem).

    Then I remembered: I saw this exact same situation (kernel panic/sporadic reboot) happening when using ntpd from Entware-ng. In other words: there is definitely something "lingering in the weeds" that can cause a kernel panic yet it's unknown what it is. No other utilities I've come across (so far) do this, just two that are, uh, pretty important (to me anyway).

    It then occurred to me that there's really no effective way to troubleshoot, diagnose, nor resolve this problem. And that greatly disheartens me. The reality of the entire situation hung over me like a dark cloud... we can't improve the kernel version because we're stuck on binary blob drivers from Broadcom, I can't run OpenWRT because for the RT-N66U there's no 5GHz support (that's OK -- I disable that interface anyway, no devices I have support it) but 2.4GHz is abysmal at best (
    see the text under Supported Versions) and I dislike OpenWRT's GUI in general anyway, which then in turn reminds me that Tomato's GUI is basically a hodge-podge of uncommented awful JavaScript without any semblance of sanity because Jon just banged it out and released it unto the world. That just made me wonder what hardware OpenWRT supported that would do both 2.4GHz and 5GHz, what was reliable, etc. and sadly there aren't ever any recommendations, just "here's all the hardware we support, have fun". At this point I forced my brain/mind to stop (it's very easy for it to snowball -- welcome to being an introvert with minor OCD and anxiety, and also being a senior engineer), and started looking at other routers/solutions.

    My decision to try Mikrotik is mainly fuelled by the fact that it's Linux-based, and while its CLI is a little weird/daunting,
    RouterOS is fully supported by the company, and the hardware in question has excellent reliability (2.4GHz chipset is an Atheros AR9344 -- at least it's not Broadcom!). It also has some general shell capability, supports packet captures (not via tcpdump natively but through its own CLI, but more importantly, it supports TZSP so that you can use Wireshark to capture from it directly similar to rpcapd), and there does appear to be bandwidth graphing/aggregation. UPnP is also supported (I use this for very rare torrenting sessions and IRC DCC). Port forwarding is supported, and lots of other stuff. It's firewalling layer is apparently iptables/netfilter, but with some improvements (or something). I'm curious what Linux version it runs, but gut feeling tells me probably 3.x series.

    One thing that did make me laugh: they don't support battery-backed clocks either! When are these router folks gonna learn!? But hey, on the flip side, you can actually run ntpd on the thing natively and configure it, so it must have a tolerable timecounter. :)

    All that said: if I do end up just giving up on TomatoUSB and go entirely with the Mikrotik, I am happy to put up all my scripts/tools/etc. (there aren't that many, FYI) that I use for doing things (like launching rpcapd (I wrote an init.d for it), another init.d script for waiting for the WAN connection to come up before doing anything more, and other several miscellaneous things) maybe on GitHub or in a tarball or something here for folks to use. All I have is this:

    $ ls -l
    total 45
    -rwx------    1 jdc       users     3027  2 Nov  2015 S00netwait
    -rwx------    1 jdc       users     2784  2 Nov  2015 S01tuning
    -rwx------    1 jdc       users     5116  2 Nov  2015 S70rpcapd
    -rw-------    1 jdc       users     2280 11 Apr 00:45 dnsmasq.custom
    -rwx------    1 jdc       users     3990  9 Jun 00:40 fresh-install
    -rwx------    1 jdc       users     2097 11 Apr 00:01 mount.autorun
    -rwx------    1 jdc       users      368  2 Nov  2015 unmount.autostop
    drwx------    3 jdc       users        3 20 Apr 01:34 var/
    -rw-------    1 jdc       users     2260  2 Nov  2015 vimrc
    And what's in var/ is basically a proper BIND named setup (using Entware-ng) that is very close to FreeBSD. The intended goal was to make TomatoUSB run named as a "slave" nameserver (zone transfers from my FreeBSD box), so that in the case my main FreeBSD box (primary DNS for my LAN) went down, I'd still be able to get DNS resolution for my LAN and other things. (I do not like relying on my ISP's nameservers, or Google's anycasted nameservers, etc. -- I query rootservers using named.root and run a proper caching nameserver. :p)
    pegasus123 likes this.
  2. gfunkdave

    gfunkdave LI Guru Member

    Sorry to see you go, @koitsu. I've actually come to a similar conclusion, though for slightly different reasons: I wanted a router that could handle higher speeds and was actually supported by a company. I wound up going with a couple of Ubiquiti EdgeRouter X SFPs ($75 each and can support up to a gigabit with large packets). Since they don't have built in wifi, I got a Ubiquiti AP AC Lite, which can be powered off the router's PoE.

    EdgeRouters run Ubiquiti's EdgeOS, a fork of Vyatta. There is a lot of command line in them too. Right now I'm struggling with IPv6 connectivity - the router and LAN devices get IPv6 addresses but LAN devices have no connectivity. So it's not perfect, and EdgeOS is not nearly as user friendly as Tomato. But I think I made the right call.

    Still use Tomato at my parents' and mother in law's...until their routers die and need to be replaced, at least.
    eahm likes this.
  3. Monk E. Boy

    Monk E. Boy Network Guru Member

    Tomato seems to be stable so long as you don't fork off and start using it as a normal Linux system, which is annoying, because it is just a normal Linux system. An old Linux system, of course... (sigh)

    I recall encountering situations like yours before where the edge router didn't allow packet captures, so I put a switch in-line with the WAN port and the internet source, then used one of the two as a source in a port mirror to a third port in the switch, and just captured raw packets that way. It's a lot of work for what should be a simple problem and an incredible amount of cash to spend for a home user who likely won't have a switch capable of setting up VLANs or port mirroring. Since I was at a business doing this we just had hardware lying around capable of doing all of this, which is nice, but not exactly something the home user is going to have (none of my switches at home have either feature).
  4. xtacydima

    xtacydima LI Guru Member

    Koitsu, I've always enjoyed your posts (I'm sure more than anyone else's here). I too second that it is sad to see you go, your expertise and advice has on occasions helped even me from reading your replies to others.

    Unfortunately, I too have mostly given up on tomato (for different reasons of my own) and went with a band name router (a Synology) a few weeks ago upon it's release. For some of my family owned vacation spots, I still use an ole rt-n16 with Tomato as it suits the basic needs of internet only and can stay on for years without the need of so much as a reboot (and heck... it's cheap).

    I completely agree with you, and I am surprised that development has not increased over time for one of the greatest third party firmwares on the web and manpower is limited to really what seems to be just one person now. At this rate, too many of people's wants will never get addressed, and bug fixes take exceptionally long. For me personally, I needed extra features, some I would not even consider professional enough for someone to state (well man if you need all this tomato isn't for you just get a professional router) or at least so in my opinion. I also used to use tomato for many of my side clients and side jobs I took for SOHO businesses and it always suited fine. of course, then demand rose for some trivial needs such as dual wan for ISP fail-over, blocking https for social media, and with my area supporting speeds easily as high as 50/75/100 down tomato just can't cut it properly compared to a proper router with too much wan traffic and LAN traffic at the same time, it simply chokes and stuff slows down.

    I do hope to still see you around, and perhaps one day you will decide to still tinker around with tomato as a fun side project :) to help cure day to day boredom
    M_ars likes this.
  5. somms

    somms Network Guru Member


    Using Shibby's latest tomato v136 on my gateway R7000, I can easily attain the full @300Mbps up/down avail with my ISP even with CTF NOT enabled...
    Sortec likes this.
  6. AndreDVJ

    AndreDVJ LI Guru Member

    I learned and still learning a truckload of linux-related and not related things thanks to TomatoUSB. Learning something new is always good.:)
  7. Edrikk

    Edrikk Network Guru Member

    This is unfortunate. In all honesty, Koitsu you have the perfect makeup to lead Tomato into the future... As either a Lead Dev or PM.

    Big loss. :(
    Joe A, JoeyJoeJoe, WaLLy3K and 6 others like this.
  8. xtacydima

    xtacydima LI Guru Member

    not with the older n16 - yet it doesn't choke with major gigs transferred by LAN from NAS to PC etc... and major downloads going at the same time via stock f/w - hence my conclusion it was tomato

    doesn't matter now, that router is at my vacation home as my family's needs there are so trivial.

    I still plan to keep Tomato for most devices, I will forever like it.
    Last edited: Jun 13, 2016
  9. Magister

    Magister LI Guru Member

    Interesting product, but no 5GHz ?!? Really? Here I see 30+ wlan on the 2.4 and lot on non standard channels like 3 or 9 just creating interferences. On 5GHz I am alone and can max out my connection, and my cellphone (Zenfone2), tablet (nexus7) and laptop (atheros ar9382) all support 5GHz.
    I would never buy a wireless router that does not have a 5GHz band.
  10. koitsu

    koitsu Network Guru Member

  11. rickmav3

    rickmav3 Serious Server Member

    Tomato is great! It is the best open source community driven router firmware. It has the best and most features not found even in highly expensive routers. There are networks of armies of inexpensive routers powered by Tomato serving as APs and connecting hundreds even thousands of clients. If more skilled devs. will contribute, it may advance even more. It has become an overwhelming job for only one, two main devs.
    And kernel 2.6 is currently the most stable. Ver. 3 is still giving too many problems and 4 is highly experimental, just look at dd-wrt with almost daily builds.
    It cannot run 1Gbps, but who has this as normal connectivity. On a proper hardware it can go even 300Mbps and with its rich features Tomato is unmatched today for an experienced user.
    eahm, RichtigFalsch and Tony Ramirez like this.
  12. Magister

    Magister LI Guru Member

    Absolutely, I made a friend bought a cheap used E3000, put Tomato on it, he can connect his intranet on gigabit ports, all his wireless devices, share things, VPN, graphic bandwidth, etc all this for a $30 router.
    I tried dd-wrt years ago but Tomato is far superior for its GUI and stability. Me too I'd like to have more developper for it and would like to donate more of my time on it.
  13. microchip

    microchip Serious Server Member

    Says who? Isn't CTF working just fine if you don't use features not compatible with it? I've read some posts on this forum that some people do get close to Gbps speeds on Shibby. I personally "only" have 240 Mbps down + CTF enabled and while doing a speedtest and running top -d 1 to check on CPU usage, top reports barely any load on the CPU (1-2% at most)... unless I'm missing something that is

    PS: Only talking about shibby that has CTF supported on ARM devices
  14. koitsu

    koitsu Network Guru Member

    Well I received my RB2011UiAS-2HnD-IN today. I've spent the past 6 hours fooling around in it's OS (RouterOS 6.35.4), more specifically "migrating" my Tomato setup to it (and I do not have a complex setup, trust me). So far the results are pretty good -- almost everything works (but definitely not everything). I wanted to make a list of random things I found along the way. I used the web GUI exclusively (no CLI).

    * The web GUI is remarkably responsive (i.e. fast). I wasn't expecting this at all. Tomato is "acceptably fast" but almost all things I've done in RouterOS have been blazing. The UI is not as "pretty" as Tomato, but I wanted to note how quick/fast it is.

    * Many of the menus which have interface-related bits (wireless, switches, bridges, etc.) show at the bottom a real-time graph of interface I/O (bytes and pps (packets per second); it's good to see a vendor understanding that pps matters!). I've attached a file of what this looks like.

    * Most changing of settings (I'd say ~90%) do not require a reboot. You click Apply and everything gets changed. This even includes things like interface renames and so on.

    * Rebooting the router, on this model, did not appear to reset either switch (there are two; a 5-port gigE and a 5-port 10/100). This was the case on my RT-N16 on Tomato, but not so on my RT-N66U. The reason I mention this is that if you have LAN connections and the switch resets, in most cases this is considered a layer 2 failure, so all subsequent connections get severed. In other words: no switch resets = no LAN connections being severed = super convenient.

    * Speed tests from wired clients performed quite well -- as good as Tomato on my RT-N66U. Bufferbloat was no better/worse (I do not use QoS anywhere in the picture, and I'm about 95% certain that's why). Just noting this one here for those curious.

    * It's possible to completely disable several features ("packages") in the router, such as PPP support and MPLS, if you don't want them. There are also two "wireless stacks" (not sure if this means drivers or what) you can pick from (wireless-fp and wireless-cm2). Wish RIP and OSPF were that way (things I will never use). Oh, IPv6 is also a package, but it doesn't come included by default (it's easy to enable it though).

    * OS upgrades and firmware upgrades both were super easy: literally clicking a couple buttons and rebooting the router gracefully. I had active configs when I did this, and nothing was mangled or lost afterward. Very clean/nice.

    Now for some oddities or negatives:

    * Configuring DHCP server-related things was painful at first, and I'm not the only one who has thought so. It wasn't until I found that you can configure the defaults I wanted (DNS server list, DNS domain/search suffix, NTP server list, etc.) under the "Networks" tab/item that I became happy. Without these (especially the DNS server list), I would've been returning the router (because by default it advertises and whatever DNS servers your ISP gives you -- I never, EVER want this! :p).

    * DDNS (Dynamic DNS) is virtually a no-go, but I knew this beforehand. The only DDNS provider available is their own (it's under IP -> Cloud). You're given a DNS name of {hexadecimalvalues} which will always have your WAN IP. The DNS TTL on those DNS records is 60 seconds. For many I think this will be a deal breaker, but for me it wasn't too bad: since I own my own domain name, I just made a CNAME record that pointed something I can remember to {whatever} and problem solved.

    * Under the Wireless configuration area, there's a button that says "Reset Configuration" that when clicked asks you if you want to reset the wireless settings to defaults. If you choose Yes, it actually resets god-knows-what. The router rebooted, and when it came back up, almost nothing worked. DHCP didn't work, accessing the router didn't work, but switch traffic (for statically-configured systems) still worked. I had to actually use the touchscreen on the thing to reset the entire unit back to factory defaults and start over just to get out of this state. The same thing happened to a friend of mine as well, so yeah... stay away from that.

    * Real-time packet capturing is awful; the TZSP stuff is garbage. It works, but a substantial number of packets have a rewritten destination port of 37008, which destroys your ability to use display filters like udp.dstport == 1900 etc.. Also a tremendous number of packets had random anomalies in them, the most painful of which were out-of-order TCP packets. It's possible to diagnose traffic in this state, but it adds tremendous pain and isn't worth accepting.

    Remembering that using rpcapd on Tomato for me caused kernel panics (I'd resort to using tcpdump directly and then scp'ing the capture file over to a machine on which Wireshark could open natively), I did the same with RouterOS (capturing to a pcap file on the router itself (you can use the GUI to configure this), and then FTPing to the router once the capture was done and loading that up in Wireshark) and the results were great.

    That said: for those wanting "something in-between", the web GUI offers a remarkably wide degree of packet capturing features (both in filtering/matching, as well as results display (including hexadecimal/ASCII dump)). Once I found it, I thought "oh, that's pretty convenient for the masses" (not everyone is a network technician, heh :) ).

    * UPnP is spotty at best. It works with uTorrent 2.2.1 (I didn't try newer), but it doesn't work with mIRC nor Skype. I didn't diagnose what mIRC's problem was (it's been finicky for years now), but I did spend some time with Skype. SSDP worked fine, but Mikrotok's UPnP server explicitly rejected Skype's port forward request with HTTP 400 Bad Request. This doesn't stop Skype from working, of course (because their protocol is ridiculous and does things like use connections of other Skype users as proxies for file sends, etc.), but it definitely means the UPnP Server in RouterOS doesn't work with Skype. I'll be filing a bug with Mikrotik about this one.

    * IRC DCC packets (CTCP) do not have their payload rewritten -- more specifically, the port number the recipient is to connect to is the port number on the sender (LAN, behind NAT) and not the port number that correlates with the WAN side. It's possible that under IP -> Mangle there's a way to make this work (the IRC DCC NAT helper module on Linux takes care of this usually), but I couldn't figure out how to make any of that work without feeling like I might mess something up very badly. I'm extremely familiar with IRC DCC and NAT, so this isn't "user error". To work around the problem, I ended up forwarding a static range of 5 ports to my PC that runs IRC, and configured the client to only use those ports for DCC SENDs, and things work as I'd expect. I'm afraid to talk to Mikrotik about this because I imagine most people don't understand how IRC DCC works and discussing layer 7 payloads and protocols is painful unless you're talking to an actual engineer.

    * Wireless (specifically 2.4GHz 802.11n 20MHz) is... I don't even know where to begin. There's just a lot of "?!?!?" that might be normal behaviour but then again might not be. All speed tests on all wireless clients would "cap" at about 20mbit/s (more commonly 17-18mbit/s), but things like YouTube could occasionally supersede that (hitting 40mbit/s on occasion, particularly when fast-forwarding or rewinding past the buffered region). Pinging wireless clients (from the router) would return an average RTT of anywhere between 71ms and 300ms, but always with 0% packet loss. I fooled around with several settings (enabling WMM, trying their "interference mitigation" mode, TX power settings, different country, disabling CSMA, etc.) and absolutely none of them improved any of this. Again, it's possible this is normal/expected behaviour, especially for my environment (way too much 2.4GHz traffic), but it doesn't leave me feeling "stable" at all and reminded me very heavily of this situation with Tomato.

    * I set up graphing of network traffic of interfaces, but this doesn't appear to be an "aggregate" like Tomato's Daily/Weekly/Monthly traffic statistics, which is really what I was hoping for. SNMP and a native HTTP API are supported, so I'm sure it's possible to make something myself, but (not to sound rude) I have better ways to spend my time.

    So, because of these problems, will I be staying with the Mikrotik or will I be going back to Tomato?

    I haven't decided yet. Several of them are painful or just don't sit well with me, but on the bright side, I at least have an outlet for support that I can push things onto. The Skype one is major (for me) because I use it for work; if Skype's protocol wasn't so resilient and "aggressively abusive" it'd be a deal-breaker for me, but as it stands it works.

    Well that's my write-up for now.

    Attached Files:

    Last edited: Jun 15, 2016
    crashnburn, eahm, Toastman and 3 others like this.
  15. Toastman

    Toastman Super Moderator Staff Member Member


    It's a very interesting writeup showing some differences between RouterOS and Tomato from the point of view of a "professional" user. I'm not a programmer and tend to look at very simple solutions rather than complex ones. Our approaches are probably quite different.

    Here's my own view:

    My needs are simply to provide internet with up to 220 or so users in medium to large apartment and condo blocks. Some places actually dedicate an internet line (usually ADSL) to every floor, but most owners don't find that economical. Nor will they have a "professional" style router and equipment that needs expert maintenance, which is sorely lacking here. So we use Tomato to share one or two fast lines to everyone in the block, and the only reason it works is Tomato's QOS system.

    Over the years I've tried several different approaches here, but still, the only firmware that has reliably allowed me to share internet with 200+ users has been Tomato and it's QOS, and I have always returned to it after only a week or so. Adaptive QOS has never worked well enough under these conditions. We have to look at worst-case scenarios and allow for them manually, and that ALWAYS works. UPNP has always worked reliably and is really necessary in a large apartment block. Many of the more expensive "semi-professional" routers have failed to live up to what I expected of them, but that's not surprising since they still have quite low powered hardware. I agree totally about OpenWRT - I have tried it many times and been very frustrated with it.

    Mikrotik gear is used a lot here, with mixed results. Several apartment blocks I have visited who had previously used other solutions have in fact changed to Tomato and found it works better for them too. No more complaints about internet slow or not available and the Torrent maniacs no longer able to bring the whole block down.

    Regarding the stagnancy, Tomato developers usually slave away for several years and slowly lose steam mainly because it's always been a thankless task. Constant complaints, criticism, and demands from users who seem to think they are entitled to free stuff and support on demand, have made almost all of the developers lose heart and abandon the project. It happens gradually, they tend to appear less often with huge gaps between appearances, then one day, people notice that they aren't replying to any posts and have "gone". Those who have been with TomatoUSB since it began will have seen at least 20 contributors throw in the towel.

    I personally don't feel it is so stagnant, because I am one of those people who believes that if something works well, we should not try to fix it or constantly update it. This applies to Tomato as well as any other engineering project. Perhaps this is because I am not really interested in the WiFi, so I have no real issues with the worst of the binary blobs.

    Focus has unfortunately become similar to Android, where every app has to be updated every 3 days with new totally useless "features" or it loses it's ratings. And now 90% of the "best" apps on Android have become bloated and full of these unwanted "features" and ads. So most people hit the "uninstall" button. I gave up with that Android rat-race a year ago. And I am disappointed that Tomato is heading the same way.

    My view is that Tomato QOS and monitoring facilities are already better than others, the GUI is fast, responsive and attractive. UPNP and most other "essential functions" worked properly. Why should we keep changing it for the benefit of probably 0.1% of the total users who might want or use some new "feature? or a GUI that looks different for no good reason but is always plagued with bugs?

    Yes, we need to keep supporting new routers, but there are so many of those and so many different approaches by manufacturers, we have to be selective about what to support. And streams of complaints from users of those new models who complain they lost the facility to add 50 virtual SSID's and 50 VLANS, that they can't add their 6TB hard disk and stream 4HD movies to all their users without the thing getting slow? Have we all gone completely mad?

    As long as Tomato routers are used as routers, and not as general purpose uTorrent machines, NAS, servers, VPN access, and as Christmas Tree Lights, they do perform amazingly well for a 30+ dollar piece of plastic. Probably 95% or more of people who download Tomato don't use any of those extra "features" - ever. Most of those who do did it purely because that feature is in the GUI so they turned it on. They are actually are the ones on the forums complaining they don't work well. All SOHO routers are pretty bad at running external programs and the "bells and whistles" junk on them, because they were never designed to do that.

    The level of documentation in almost any part of Tomato is almost nil, even those parts which were written by and for Broadcom and by Linksys are mostly incomprehensible. Agreed.

    Tomato GUI, agreed, is also somewhat undocumented and hard to figure out, but it works. I'm not competent to criticize the style :confused: but I can usually figure things out after struggling for a week or so if I want to change anything. Speed? Generally, a page appears here almost instantly after I click on it, before the sound of the click has died away, it's probably about 200 mS. There's almost no delay except on pages that have to collect and collate data before returning it. I actually believe it is far more responsive than any of the SOHO routers that I have bought to evaluate, including Cisco and Huawei high end products. . Since it is quite rare that we have to add or change much in the GUI, there seems little point in rewriting it, that would be a massive job for no real benefit. And changing it for the sake of change has always resulted in more hassle and bugs than any perceived "improvement" in visual style, which is in any case a personal opinion.

    Wifi? I never use it on the router. I always use external access points at 2.4GHz. There are many cheap routers that can work as access points and they usually perform well, rather better than Tomato, in fact.

    So, I am halfway to predicting that you may still return to Tomato :D .... Compared to other routers it is still a breath of fresh air, despite being years old.
    AndreDVJ, crashnburn, WaLLy3K and 9 others like this.
  16. koitsu

    koitsu Network Guru Member

    I've already had a few (i.e. 4 or 5) cases of certain content/etc. in web pages and Discord etc. not loading (just indefinitely sitting there spinning). So, yes, I may end up going back to Tomato, we'll see -- I just put in an order for an R7000 (should be here later today) as another (more expensive) option. Maybe that'll suffice for rectifying my other Tomato issues -- we'll see.
  17. Toastman

    Toastman Super Moderator Staff Member Member

    The R700 is a nice piece of kit. Unfortunately with my 16Mbps ADSL lines they are a bit of a waste. I look at fibre-optic lines snaking past in the street and wonder just why nobody can provide a high-speed service in one of the busiest cities in the world.
  18. microchip

    microchip Serious Server Member

    I have the R7000 and I can assure you, it's a fine piece of hardware. Unfortunately, its firmware is another issue and a lot to be desired. Luckily Tomato runs just fine on it. I wouldn't trade the R7000 for anything. And I can confirm that CTF works and you can get close to 1 Gbps speeds (if you have them).
  19. Magister

    Magister LI Guru Member

    Having a "capped" throughput and a 300ms ping on wireless seems really odd... Can you contact Mikrotik support and inquiry about that? It does not make sense... I understand your 2.4 can be crowded but still, if this happens on channel 1, 6, 11 with same results, at 12AM or 12PM, it means something is wrong in their config.
  20. gfunkdave

    gfunkdave LI Guru Member

    Very interesting, koitsu (and thanks for the perspective, Toastman!). I never really explored Mikrotik because I think I remember reading that they charged a license fee for firmware updates - is that not true?

    In any case, I do find myself missing Tomato a bit. Toastman's versions were always rock solid and just worked. I like his focus on the routing functions instead of trying to make the router into a jack-of-all trades network appliance.

    After a week or so, I've finally gotten my EdgeRouter fully configured. It's a quite powerful little box for $75 - good for up to at least a few hundred Mbit connection and can do a gig with large packets. I'm enjoying it now. Koitsu, you might check them out. No wifi, but you can put any AP you want in. I use a Unifi AP AC Lite ($80).
  21. noyp

    noyp Network Guru Member

    @ koitsu, were you able to replicate tomato qos rules in mikrotik as this is the part im struggling with and i got mixed result
  22. koitsu

    koitsu Network Guru Member

    I don't use QoS. Quoting my earlier post:
  23. koitsu

    koitsu Network Guru Member

    Received my R7000 tonight, flashed it to tomato-R7000-9007.1Toastman-ARM-VPN-64K.trx -- same behaviour seen on it as with the Mikrotik (specifically crazy floaty RTT on pings and weird or fairly "dynamic" throughput maximums). I'll add as a reminder that with fresh Tomato, the R7000 reports "Interference: Severe" on anything in the 2.4GHz range (channel doesn't matter), until interference mitigation is turned on under Advanced -> Wireless. I've talked about this (specifically for my environment) on a couple occasions, even on my RT-N66U. In fact, sitting around with a AP dB reader shows that the Mikrotik, surprisingly, has a more stable signal compared to the R7000 (meaning there's a lot less fluctuation in the signal level regardless of distance). On both devices though, I see fluctuations of up to -/+20dB (yes really!) with the device stationary. Yeah, pretty bad.

    The short of it: it's not the Mikrotik, and it's not the R7000 -- it's simply the chipsets and devices doing as best they can with all the traffic and interference. Basically, 2.4GHz is completely destroyed in my area. There are simply too many APs, microwaves, baby monitors, cordless phones, generic "wireless gadgets" etc. spewing crap all over the spectrum. Welcome to Silicon Valley. 5GHz isn't an option because most of my devices don't support it. C'est la vie.

    And don't even get me started on the 500-750MHz range here. I've dealt with that already, and it was a nightmare.
  24. Toastman

    Toastman Super Moderator Staff Member Member

    Sounds similar to what I have observed in a busy IT mall here, where there are several hundred shops with wifi routers active. Most of them running with the default setup.
  25. gfunkdave

    gfunkdave LI Guru Member

    koitsu, I'm curious how old your devices are. Every wifi device I've bought in the last 3-4 years has had 5GHz support. The only exceptions are a cheap IP wifi camera and my Belkin Wemo switch. YOur phone and laptop don't support 5GHz?

    When I lived in NYC, 5GHz support was the only reason I could use wifi in my apartment sometimes... :)
  26. koitsu

    koitsu Network Guru Member

    * iPad mini 2 Wifi (supports 2.4GHz and 5GHz) -- bought a month ago, released 2013
    * Motorola Moto G (1st gen/2013 model) (only 2.4GHz) -- bought a year and a half ago, released 2013. (2nd and 3rd gen also only do 2.4GHz. Only the latest model, announced by Motorola last week, supports 5GHz; prior to that, you'd have to buy a Moto X to get 5GHz, which was a substantially more expensive model)
    * Amazon Kindle Paperwhite (6th gen model) (only 2.4GHz) -- bought early 2014, released 2014. (Current generation models also only do 2.4GHz)
    * Canon PIXMA MX922 printer (only 2.4GHz) -- bought a year or so ago, released 2013
    * Nintendo 3DS XL (only 2.4GHz) -- bought in 2012, released 2012. (This also only does 802.11b/g -- no N -- and because of that, I simply gave up using it. I run my router in 802.11n-only mode)
    * Inspiron Mini 10 (fairly old (2009 or 2010), only 2.4GHz) -- had this thing for ages, only pull it out when I need to deal with something legacy and horrible
    * Random people who visit me with laptops -- almost all I've seen do not have 5GHz

    In other words (respectfully!): 5GHz adoption in devices is really not as commonplace as you might think. It'll probably "get there" by 2020.
    Last edited: Jun 16, 2016
  27. microchip

    microchip Serious Server Member

    Most low-end and quite a few mid-range smartphones only have 2.4 GHz N wifi. No AC on them and no 5 GHz. My Galaxy J5 from last year is also a 2.4 GHz N device only
  28. Monk E. Boy

    Monk E. Boy Network Guru Member

    At my workplace the local cable monopoly was having a similar issue caused by AT&T erecting a tower directly - within a couple feet - of their cable run. Since our site was the sole customer at the end of this long run, we were literally the only customer affected, so they sat on their butt for months ignoring us. However after a half dozen or so people signed up suddenly they decided to fix it rather than lose all those customers. The only other options available to us were 3Mb DSL or paying $25K for someone to lay fiber, and that fiber had gotten to the point where it sounded reasonable compared to continuing to be ignored.

    Since then we've had fiber run to that site and terminated one of our contracts with the company, much to their consternation. Maybe if they hadn't sat on their duff for all that time things would have been different.

    That same site went 5Ghz a couple years ago due to 2.4 interference, but now that we've taken over more of the building I built up the staff networks using 2.4... and a lot of access points. My theory is to drown out their signal by putting APs between neighbors and staff systems, plus behind and around the staff systems (filling in any gaps our space, as it were). So far it's worked. $30 APs make this slightly more financially sound than it seems at first blush... it only required a little more than a half dozen for a fairly large space. Then again there are some empty suites, if they get more tenants maybe I'll have my work cut out for me.
    Last edited: Jun 21, 2016
  29. Guso.

    Guso. Networkin' Nut Member

    Another option would be to cover up the whole apartment with some kind of Faraday cage so you don't get that much noise from any frequencies xD
  30. Toastman

    Toastman Super Moderator Staff Member Member

    I concur with Koitsu. Actually, my old Galaxies S2 and Note had 5GHz. But all newer hardware has been 2.4GHz only. Most of the more budget smartphones seem to lack 5GHz, even the Octacore and LTE stuff. I stopped buying the high-end brandnames because I can get 4 comparable budget phones that do the job almost as well for the same price. (And because I'm broke :p). I haven't seen any resident's laptops with 5Ghz radios. I do have 2 Galaxy S5's with 5GHz. My new Lenovos don't have it, but I knew that when I bought them, it's of little importance here.

    @Monk E. Boy - Interesting. I usually have to use between 20 and 30 2.4 GHz access points in an apartment block to penetrate into rooms. 5GHz hardly makes it into more than 20% of them, so it's useless on two fronts.
  31. Magister

    Magister LI Guru Member

    I was in the same boat as you, but I bought a Nexus7 (2013) which is 5GHz, an Asus Zenfone2 (5GHz and even AC, for $199) and I changed the half-mini pci-e wifi card in my netbook for an Atheros AR9382 (abgn) for $13.99 on eBay... At home I see about 30 2.4G network around me but only 2 5G.
    Having hundreds of network in a mall must be a nightware :-(

    But to keep on subject, Tomato has a great GUI and a lot of functionnalities. Just check the diff in DDNS offering between Tomato and the Mikrotik...
  32. Monk E. Boy

    Monk E. Boy Network Guru Member

    Yeah, 5Ghz has horrible penetration. I got them to put one router into each room so it's all unobstructed line of sight. The most I trust 5Ghz is to go through one - one - drywall-and-metal stud wall. Anything more than that and the moons need to be in perfect alignment to make it work.

    I'm just waiting for the 5Ghz personal hotspots to become the rage because then they'll be right back to where they were with 2.4. 20-plus 2.4 hotspots in a single room with similar amounts in the other rooms around them and for some reason everyone had problems connecting to the internet.

    BTW, the site's solution was for everyone to connect to the internet using their personal hotspots, which still had connection problems but not as severe. There isn't a facepalm emoji expressive enough for how I felt upon hearing that.

    I do have some 2.4-only equipment, the newest is the $30 smartphone I bought last year. I have a Core Duo (not Core2 Duo, Core Duo) laptop at home that supports 2.4 & 5 but it's b/g on 2.4 and a on 5. Yeow! My work's laptop & tablet are n 2.4 & 5 though.
    Last edited: Jun 21, 2016
  33. AndreDVJ

    AndreDVJ LI Guru Member

    I'm surprised even laptops don't have 5Ghz these days. I have a Lenovo T400 bought five years ago and it has already 5Ghz (Intel 5100 AGN).
  34. Magister

    Magister LI Guru Member

    Because they are cheap cheap cheap... I have a HP laptop 17", quad core i7, nvidia 3d card, 8gb ram, 1TB drive, etc, but a standard 2.4GHz wifi, go figure... and as I wrote before, in my netbook I put an abgn card for $13.99.
  35. Campigenus

    Campigenus Addicted to LI Member

    That would most likely increase the retail price by about $150. :-(

    As they say, retail pricing is ... complicated.
  36. Monk E. Boy

    Monk E. Boy Network Guru Member

    It's complicated because every step in the food chain has to tack on their own profit margin. The chipset manufacturer tacks on their profit margin, the card manufacturer tacks on theirs, then the computer manufacturer tacks on theirs, then the first distributor tacks on theirs, then the second distributor tacks on theirs, then the merchant tacks on theirs. All that extraneous profit adds up.

    Luckily as an end user you can cut out all that profit by buying a used part recycled from a working (or nonworking) system.

    However if your system was 2.4 only, it won't have a 5ghz antenna, so you'll end up with some extra antenna connectors on the card that won't be able to go... anywhere...
  37. Magister

    Magister LI Guru Member

    Wrong, just take a look at the AR9382 I put in my netbook for instance, it has 2 antenna connectors, main and aux (diversity), both radios share the same antenna. The antenna are standard with an u.fl connector like this one:
  38. Monk E. Boy

    Monk E. Boy Network Guru Member

    Then your card was designed to work with laptops which have dual mode 2.4/5ghz antennas and not dedicated antennas for each range. If you take a 2.4 laptop and connect a 2.4/5 card to it 5 will be suboptimal to unusable (depending on the antennas). Antennas are designed to work within specific ranges, they don't work perfectly well at all ranges.

    In fact most dual mode antennas either work well at 2.4 or 5 but they work "well enough" in the other range. It's like snow tires, summer tires, and all season tires. All season tires work in summer and winter but not as well as summer in summer and winter in winter. This is why most dual band systems I encounter have both 2.4 & 5 antennas.
    Toastman likes this.
  39. occamsrazor

    occamsrazor Network Guru Member


    Do any of you guys who tried Edgerouter have any further thoughts on it vs Tomato? I've used Tomato for a long time but sort of fancy trying something different. It's also time to upgrade my hardware so I was thinking to retire my N66U and make it an access point with Edgerouter as a router. My ISP speed is only 10mb so that's not an issue, I'm more interested in functionality, features etc.

  40. microchip

    microchip Serious Server Member
  41. occamsrazor

    occamsrazor Network Guru Member

    Thanks, I've been reading some of those threads at SNB forum, but was looking for someone who had moved from Tomato to EdgeOS specifically, or had compared the two. There's no online demo site of EdgeOS GUI I can find, and am wondering what exactly it can do via the GUI and what requires going into the CLI (which I don't want).
  42. gfunkdave

    gfunkdave LI Guru Member

    I moved from using Tomato to an EdgeRouter about five months ago. There was definitely an adjustment period but overall I'm quite happy.

    If you want to manage via the GUI exclusively, then EdgeOS probably isn't for you unless you have a relatively simple SOHO deployment. Still, there's a fair amount of functionality in the GUI. But, the command line is not particularly complex, and includes completion features (type ? at any time and it'll give you a list of things you can type next). The GUI also has a "config tree" screen which shows all configurable settings in the CLI in a tree form. I just use the CLI. :)

    Ubiquiti is also pretty good about responding to feature requests when enough people ask for them. I believe, for example, that they are working on GUI configuration of more features like OpenVPN and client IPSec (site to site IPsec is already in there).

    Even the $49 EdgeRouter X can support nearly gigabit speeds. One caveat with the EdgeOS platform is that for max speed you need to enable hardware offloading, but this also means that offloaded traffic can't be run through QOS or DPI (since if it's offloaded it doesn't go through the CPU). But on a 10Mbps connection you won't need offload anyway, so it doesn't really matter.

    If you have specific questions I'm happy to answer them. Probably best to PM me if you post something in this thread since I don't regularly check in here these days. Also, the Ubiquiti forums are very active so I'd suggest you check those out too.
    Last edited: Oct 6, 2016
    dc361 and occamsrazor like this.
  43. Justio

    Justio Networkin' Nut Member happened
    Huge loss for tomato project :(

    This is what koitsu posted on this wiki page:

    "As of 2017/03/10, I no longer participate in the project. I grew tired of repeating myself, tired of users with no technical skill set demanding features, tired of repeating myself with regards to technical aspects (of everything, not just Tomato!). Most of the Tomato code base is a complete and total unmanageable mess (i.e. it is overwhelming to try and fix; time would be better spent starting from scratch). These and several other reasons are why I left the project (as a community member and committer/code contributor)."

    I'm speechless...
  44. Sean B.

    Sean B. Network Guru Member

    While being one of the most socially... rough?... people I've ever communicated with on the interwebs over the years, he was always helping out and spending the time to share what he knows. And after many discussions of multiple topics, must say he grew on me. Sad to lose the knowledge and insight he brought to the table, but absolutely wish him the best of luck on whatever interests he pursues next.
  45. AndreDVJ

    AndreDVJ LI Guru Member

    Nope Sean, you were among the ones that actually had a meaningful discussion of many subjects. You were certainly worth of his time.

    It's a matter of a point of view. I don't agree with everything I read, but I don't try to drive my opinion on a given subject either.

    I grew used of working with insane systems, even large production ones so I no longer rant about how insane things are. Tomato is a very insane system, and that whole insanity works surprisingly well, given Tomato's many shortcomings. So addressing every little thing is not worth of anyone's time. We only attempt to sanitize to an extent what really doesn't work.

    Also, Tomato's functionality can be greatly extended, as long as you know what you are doing, and that you may fail many times before getting things right.

    Per example, I wanted to put a high-capacity flash drive on the USB 3.0 port so I had a compact hardware-wise but rather large file system to play with. The drive was a Sandisk Ultra Fit 128GB. The flash drive is an utter piece of garbage. It heats up to the point the Kernel is unable to handle its errors and unmounts the drive. Sometimes, things doesn't work but people don't realize they have a faulty hardware.

    Absolutely no one can demand anything, because nobody is being paid for our time here. Any post demanding something, I simply ignore.

    Once people downloads the repo, and tries to compile the firmware, they will realize making an actual Tomato binary is a nightmare.

    I am only around this community because I am learning cool things with Tomato that I won't learn from my actual job.

    If you feel you are not learning anything, or you are sharing something that nobody understands or end up badmouthing, it's better to leave as is and move on.
    RogueScholar, Toastman, M_ars and 2 others like this.
  46. Toastman

    Toastman Super Moderator Staff Member Member

  47. edusodanos

    edusodanos Serious Server Member

  48. Cold Winter

    Cold Winter Networkin' Nut Member

    Mikrotic might not be your best option.
    For those who want to expand beyond consumer routers,
    look up

    Jetway JBC130-F533W

    Bet that will get your attention...
    Last edited: Mar 15, 2017
  49. PeterT

    PeterT Network Guru Member

    I'm really missing koitsu's long, in-depth explanations on issues, and his passion in explaining things to people.

    Sent from my Nexus 7 using Tapatalk
    RogueScholar, gffmac and kille72 like this.
  50. occamsrazor

    occamsrazor Network Guru Member

  51. Muttontop

    Muttontop New Member Member

    Sorry I can't add any more to this topic but as a newbie I need to have made two posts before I can start a thread to ask a question!!!! This now my second Post so hopefully I can now post.
  52. crashnburn

    crashnburn Network Guru Member

    I have got an N3150 / Zotac Zbox Nano C1323 for my dads office to run Sophos / PFSense or similar.
  53. sskljdalsk

    sskljdalsk Networkin' Nut Member

    I've been using Tomato for a few years now. I'm no programmer, nor am I an engineer, but I get by. I love Tomato, and haven't found anything else that does the things I need.

    And I really, really, really appreciate all the fine efforts that go into making Tomato what it is. The fact that it exists at all testifies to the self-less and persistent nature of the crazy people who keep it going.

    Thank you all.
  54. JoeyJoeJoe

    JoeyJoeJoe Guest

    You'll be missed, @koitsu, and I apologize if I have contributed to your frustrations. Your help was always appreciated and I can certainly understand cutting things off that aren't worth holding on to anymore.
  55. schnappi

    schnappi Networkin' Nut Member

    Know that this is old but do not get on here often and just saw that Koitsu gave up on Tomato.

    Wanted to add that Koitsu helped a great deal and this was really appreciated. Some hinted that Koitsu was condescending but found that Koitsu was actually always willing to help (while actually going above and beyond in helping) those that are not really technical people (me) as well as people of all levels of knowledge. Actually really liked how Koitsu expected one to bring something to the table and learn something for themselves rather than just blindly giving a command to solve a problem. This is actually how learned some really neat stuff on account of Koitsu.

    Seemed to really care and as a result actually came here for questions/ help beyond Tomato a few times because of the above. So thanks. Really could care less about people on internet forums but this was an exceptional case.
    Joe A, FlashSWT, momonth and 6 others like this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice