Put Merlin-wrt on a previously Tomato access point

Discussion in 'Tomato Firmware' started by schnappi, Dec 6, 2017.

  1. schnappi

    schnappi Networkin' Nut Member

    Love Tomato and have used it forever. Really sorry that Toastman and Shibby have been busy and not able to update at all. The Kille builds look great but they are only for ARM devices. Honestly wish could help keep development going and contribute myself but have no formal knowledge about computers, nothing to do with computers in real life, and cannot program in any language.

    With the DNSMasq issue decided to switch an access point to a firmware that had DNSMasq updated to 2.78 because the more that read into the DNSMasq issue the more serious that think it is (just sending certain DNS queries with DNSMasq can lead to remote code execution). Remember seeing @koitsu saying a while back how DNSMasq spews way too much local query information to any DNS servers it is using also.

    It hurt but decided to give another firmware a try to mitigate the DNSMasq issue (was using the access point itself as a DNS server for most machines on network) so it really made sense to get DNSMasq to 2.78 on this access point.

    Went with Merlin-wrt and hated the interface (and really made want Tomato back) and have a few observations. First WiFi range with the access point with MErlin-wrt is significantly better than with Tomato (probably because of the hardware acceleration or drivers utilized by the official Asus firmware/ Merlin-wrt). Second again the interface used by official firmware and Merlin-wrt is awful. Lastly and most interesting. Say that have a connection where upstream bandwidth is very low and connection maxes out upstream bandwidth. With the Merlin-wrt devices cannot actually connect the WiFi access point when the upstream connection is saturated even though the Merlin-wrt device is only an access point and the traffic isn't even passing through the Merlin-wrt device. Never had any issue like this with Tomato. As soon as the upstream is no longer saturated can reconnect. Can replicate this issue at will which is very interesting. Rarely saturate upstream except for large uploads though so more of an observation that an issue. Merlin-wrt has SSH and some options of Tomato but did not offer nearly everything that Tomato does and yet again the interface is awful.

    If Tomato MIPS builds can ever get the DNSMasq 2.78 update would love to update all Tomato devices that have. Used to enjoy (honestly it was kind of fun with Tomato) logging into a Tomato router to change something. With the Merlin-wrt interface it is as awful as logging into a router should be. The other thing that would be great is if Merlin took his firmware (utilizing proprietary drivers and hardware acceleration) and gave it a Tomato GUI.

    Hope this helps anyone struggling with deciding to keep a Tomato device or not with the DNSMasq vulnerability with what can be expected.
  2. azdps

    azdps LI Guru Member

    I really liked tomato firmware over the years mainly because of the interface and the open source code. But there is no way to update tomato to a newer Linux kernel and will be stuck on kernel 2.6 with closed source Broadcom binary blobs. ASUS is moving forward to Linux kernel 4+ with every new wireless device starting with the RT-AC86U and with it new binary blobs that won't be compatible with tomato. There will still be some older routers supported for awhile but when that ends no more Broadcom wireless blobs for tomato. The safe options right now that should be considered are:

    DD-WRT (best bet for now most brands of routers)
    ASUSWRT (not a fan of the webui)
    ASUSWRT-MERLIN (not a fan of the webui)
    LEDE (good luck with anything Broadcom)
    OpenWRT (good luck with anything Broadcom)

    tomato firmware has virtually reached it end of life. I wish that wasn't the case but it is. You have a couple of developers, kille, pedro and Andre who are sticking it out. That's only until the newer rounds of arm routers become available. That's just my opinion.

    I use ASUSWRT-MERLIN only as an access point and have been happy. I don't care for the interface and have anyways preferred tomato's but I would rather make that sacrifice for security sake.
  3. schnappi

    schnappi Networkin' Nut Member

    It is possible that someone will do the work that was originally done by Jonathan Zarate on the 4.X kernal, is it not? So respectfully going to disagree that Tomato is absolutely at its end of life. In it's current form it may be approaching end of life but Tomato does not need to stay constrained to it's current 2.4 and 2.6 kernel. Wish could help to do this.

    By the way put Tomato back on the access point. Had too many connection issues that never had with Tomato, maybe it was only due to Merlin-wrt in access point mode or maybe it is due to the ATT router with Merlin-wrt as an access point but either way Tomato just works where Merlin-wrt/ official Asus derivative didn't just work.

    Originally thought that clients were only having connection issues when maxing out upstream connection. Turns out this was correlated but not caused by maxing out the connection upstream. It made no sense anyways so am glad came to this conclusion. It apparently is so hard to get an access point right in a home network and what like so much about Tomato is that it just always works in any situation (router, access point, whatever) regardless of internet service provider.
    Last edited: Dec 9, 2017
  4. azdps

    azdps LI Guru Member

    I build my own custom firmware based on asuswrt-merlin source code. I strip everything out of the build, vpn, dualwan, etc as well as everything out of the kernel I can strip. I end up with a build that around 7-8 mbs vs 40+ with a normal asuswrt-merlin build. Strictly use it as an access point and have had absolutely no problems with it. I'm running an RT-AC3100. Runs rock solid.

    Although I will have to agree with you. It would seem that there are others who experience problems with the asuswrt-merlin officially released versions.

    I have a feeling that excluding all the additional unnecessary crap not needed for an access point is probably why mine has no issues.

    tomato firmware is really running on it's last leg though.
  5. schnappi

    schnappi Networkin' Nut Member

    Can't argue with that but can say that it doesn't need to stay on its last leg (and hope it doesn't). Have you ever released your builds to anyone else? Would be interested in giving it a try for the access point above on a RT-N66U.
  6. azdps

    azdps LI Guru Member

    When I get the chance I'll try to build an RT-N66U build. I don' have much time right now but when I do I'll report back. It will probably a build from the asuswrt-merlin 380 branch and not the 382 branch. I don't like how the 382 branch looks right now. RMerlin is having to split nvram variables and a few other things I don't like right now for the 382 branch.
  7. schnappi

    schnappi Networkin' Nut Member

    Great thanks. Here is what merlin had to say by the way:

    If you changed firmware but kept the same SSID, then you might need to remove the existing configuration from your client and reconfigure it again, due to the different wireless driver used by the firmware.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice