Tomato Shibby's Releases

Discussion in 'Tomato Firmware' started by shibby20, Feb 26, 2011.

  1. shibby20

    shibby20 Network Guru Member

    AsusWRT uses 3 chains:

    but tomato uses only one:

    so if i add missing configuration option and set the same chain like this:

    should works. What do you think?
  2. RMerlin

    RMerlin Network Guru Member

    Not sure it's a good idea. You will get redundant entries that will only slow down packet processing as each packet will have to be checked against that rule. Best to add them them to a separate chain, and simply not jump to that chain at all. It will be more efficient performance-wise.

    It works for the two other chains because both chains are in different tables (filter and nat).
    William Clark, shibby20 and koitsu like this.
  3. Drinyth

    Drinyth Reformed Router Member

    I did a clean install (clearing my nvram) of v133 this morning, but after re-configuring the router my clients couldn't access the Internet. I'm using the RT-Nxx IPv6-VPN build on a RT-N10p router. My clients can obtain and IP address and ping the router, but cannot browse further past that. From the CLI on the router itself, I am able to ping out of the gateway.

    It seems to be related to QoS somehow. If I disable QoS on the router, everything on my LAN can see out. But as soon as I enable QoS, nothing on the LAN is able to get past the router. Any thoughts?
  4. NoisyNinja

    NoisyNinja Reformed Router Member

    Reporting in that an upgrade to version 133 went smoothly on the E3000, E4200 V1, E1200 V2, WL-520GU, RT-N16, R6300 v1, and the RT-N12 D1.

    Thanks Shibby!
    Last edited: Mar 6, 2016
  5. JoeyJoeJoe

    JoeyJoeJoe Guest

    Any idea why nslookup would do this? It's affecting the adblock script as well and has come up since I've upgraded to 133.

    root@R7000:/tmp/home/root# nslookup
    nslookup: can't resolve '(null)'

    Address 1: 2607:f8b0:400b:806::200e
    Address 2:
    Address 3:
    Address 4:
    Address 5:
    Address 6:
    Address 7:
    Address 8:
    Address 9:
    Address 10:
    Address 11:
    Address 12:
    Address 13:
    Address 14:
    Address 15:
    Address 16:
    Address 17:
  6. brugar

    brugar Network Guru Member

    Shibby, thank you for your new firmwares for legacy routers like my ancient Linksys WRT54GSv3.
    With 8 MB ROM, it can utilize your larger firmwares like:


    That firmware includes JFFS2 support.

    When you build Release 134 please consider adding JFFS2 support to those firmwares that are already larger than 4 MB:


    Again, thank you for your good work.
  7. titor*

    titor* Serious Server Member

  8. shibby20

    shibby20 Network Guru Member

    @titor* was faster ;)

    in deed i released v134 for ARM few minutes ago. Version for Mipsel`s routers should be ready for few days. Please be patience.

    As always please read changelog first.

    Best Regards
  9. spykos

    spykos LI Guru Member


    Since v133 on R7000 internet access over ssh tunneling is broken. I enabled logging in dnsmasq and I see the dns requests but nothing comes to the clients behind the ssh tunnel.

    So my questions is... what has changed in v133 with regard to dropbear/iptables/dnsmasq ?
    Last edited: Mar 7, 2016
  10. LanceMoreland

    LanceMoreland Network Guru Member


    Will there be versions without multiwan?
  11. shibby20

    shibby20 Network Guru Member

    One question: for what? You can install new version and use 1 wan as before without any problems.

    Wysłane z mojego myPhone S-Line 16 GB przy użyciu Tapatalka
    William Clark likes this.
  12. braindedd

    braindedd Addicted to LI Member

    Can't get dnscrypt-proxy working on 133-RT-N on my ASUS RT-N66U ... log level seems to be the problem as it's always blank.
  13. Connor McCaffrey

    Connor McCaffrey Networkin' Nut Member

    In my opinion it should not be called multi wan if its meant for normal single wan aswell it should just be 134 creates confusion already asked if i want single wan to use 132 or 133 multiwan got no answer
  14. fonos

    fonos Serious Server Member

    Looks like it might be fixed in v134 (just out): "Fix dnscrypt-proxy settings" See
  15. MarkDe

    MarkDe Connected Client Member

    @ Conner McCaffrey

    Multi Wan capable, otherwise it is the usual WAN, don't touch the setting. Not too complicated I don't think.
  16. braindedd

    braindedd Addicted to LI Member

    Guess I'll have to wait until 134 comes to RT-N then.
  17. spykos

    spykos LI Guru Member

  18. kthaddock

    kthaddock Network Guru Member

    There was a bug in dnsmasq, shibby have to update to newer one.
    SORRY: Brainfart......... Dropbear !!!!!
    Last edited: Mar 8, 2016
  19. sac7000

    sac7000 Networkin' Nut Member


    :)Will there be a version for 134 TENDA W1800R ?, :( We have not seen the version 133 for our router.
    udpxy udp-to-http doesn't function, it is visible that a router the multicaste tries to reproduce streams, but right there falls off and jumps on the following stream, whether it is possible to make correction for tenda?
    Last edited: Mar 7, 2016
  20. spykos

    spykos LI Guru Member

    Did some testing. Issue I reported is not because of dnsmasq. It is a dropbear bug. Just tried v134 with dropbear from v132 (2015.67 vs v2015.71) and it works. So either we wait for dropbear fix or Shibby can make new version with older dropbear version.
  21. RMerlin

    RMerlin Network Guru Member

  22. leandroong

    leandroong LI Guru Member

    Padavan FW, I think is using 2015.71
    note: same version as tomato
  23. Lorenceo

    Lorenceo Networkin' Nut Member

    v134 seems to be working well here on an R7000. "Request PD Only" ticked, and touch wood all v6 traffic seems to be flowing as expected. :)
  24. Samuelheng

    Samuelheng Addicted to LI Member

    Tried v134 with clean config (nvram erase) with R7000
    Problem : view Qos graph the lowest class still din not show connection speed only show detail connection only. Going back to v132 for now.


    Anyone had this kind similiar problem v133-v134 FW ???
    Last edited: Mar 9, 2016
  25. Tox0601

    Tox0601 Reformed Router Member

    Dear sirs,
    could you please tell me how to flash Shibby's Tomato over Advanced Tomato 132 on R7000?
    Thank you in advance!
  26. Elfew

    Elfew Network Guru Member

    Ok, one issue with v133 asus rt-16n

    I use google dns servers and
    I put them into network->basic and saved. It works fine, no issue. However when I wanna use dns from my provider, I deleted google dns entries and set dns to auto, click to save. In overview google dns are still shown, it should not be, right?

  27. WaLLy3K

    WaLLy3K Networkin' Nut Member

    ASUS RT-AC68U running v134 VPN (w/ NVRAM full erase) - I have a USB3 ext4 drive plugged in my USB3 port, yet the LED light only shows USB 2.0. Sticking it in the 2.0 port will also make the LED show up as 2.0.

    The command wanuptime returns a segmentation fault too, sadly (/tmp/var/lib/misc/wan_time is also pretty useless).
    Last edited: Mar 8, 2016
  28. chobitssyf

    chobitssyf Reformed Router Member

    Bandwidth is not working
  29. William Clark

    William Clark Serious Server Member

    Hello @shibby20 ,

    Thank you for your great work. I have a request, could you please add Tehran (Capital of Iran) time? The Time is UTC +3:30
    Thanks for everything Sir.
  30. MrDoh

    MrDoh Addicted to LI Member

    You can just flash it from the web admin GUI, no initial image, just flash it on top of Advanced Tomato. If you're flashing the same version (Shibby v132), you most likely don't even need to reset to factory defaults. If you're flashing v134, then I'd just flash it, reset to factory defaults, and re-enter my configuration.
    Tox0601 likes this.
  31. AcerTravel

    AcerTravel New Member Member

    One question,
    If i upgrade to the new version with all reset of nvram, can i restore my configuration to the new version?
    Or i have to configure all again manually?
  32. WaLLy3K

    WaLLy3K Networkin' Nut Member

    Due to the amount of changed NVRAM variables, the only way to ensure the upgrade to go smoothly is to re-enter it all manually.
  33. AcerTravel

    AcerTravel New Member Member

  34. AndreDVJ

    AndreDVJ LI Guru Member

    It's useless because the wanuptime binary is looking to read whatever is stored at /tmp/var/lib/misc/wantime instead. This has changed from 132, function start_wan_done...

    I believe all we need to do is to update wanuptime.c to look for /var/lib/misc/wan_time and recompile the firmware.
  35. WaLLy3K

    WaLLy3K Networkin' Nut Member

    I was taking a look at this (rather, asp_link_uptime) in the source to understand how status-data.jsx retrieves it, and it does seem to retrieve from /tmp/var/lib/misc/wan_time from what I could tell. Can't cat it though, sadly.

    I think I'm going to have to retrieve the information from status-data.jsx in the meantime, because a couple of my scripts rely on it.
    Last edited: Mar 9, 2016
  36. JoeyJoeJoe

    JoeyJoeJoe Guest

    @shibby20 Any idea what changes were made that is causing the nslookup errors?
    (nslookup: can't resolve '(null)') It's messing up the adblock script, but not breaking it completely.
  37. Lorenceo

    Lorenceo Networkin' Nut Member

    Have noticed some new odd behaviour on v6 with v134. Seems to be related to DNS.

    Previously would return 10/10, however now it's often returning 9/10, saying that the DNS server doesn't have v6 access. This seems to result in sites which were previously happily moving traffic over v6 defaulting back to v4. :(

    Setting the DNS servers on my clients manually resolves it. Not sure what could be causing it. DNSMASQ has the same config as before. Does anyone have any ideas on what could be causing this?

    Edit: Seems this is due to the router defaulting to using the PPP assigned DNS servers instead of the manually assigned ones. My ISP's primary v4 DNS server doesn't seem to be returning v6 results as reliably as expected.
    Last edited: Mar 9, 2016
  38. TheGo2SWATking

    TheGo2SWATking New Member Member

    @shibby20 I'm trying to use another SSL certificate using instructions from the TomatoUSB website titled "Use SSL certificate for WAN admin"

    Following those instructions doesn't work, the router will continue to use the self-signed certificate it generated after restarting httpd. I'm sorry if this has been asked before, I tried doing a search of the forums and didn't come up with anything useful. Is there a possibility of adding a web interface to upload certificates and keys to? Is there any way to do this without downgrading to 132?

    I'm currently running K26 133 Big-VPN on an E3000.

  39. shibby20

    shibby20 Network Guru Member

    i use Comodo DV SSL on Tomato. Just added to init script after mount USB drive).

    Remember to add ca.crt into router.domain.crt file

    Best Regards.
  40. kersian

    kersian Networkin' Nut Member

    Does anyone have issues with QoS graphs? Mine just doesn't show anything. Am running 134 on DIR868L.

    Sent from my SGP621 using Tapatalk
  41. Samuelheng

    Samuelheng Addicted to LI Member

    i also having qos graphs lowest class din show anything except for connection detail. other class seems okie

    anyone having this problem from v133-134 clean nvram erase (clean config) with R7000 v133-v134 and RT-N66U v133.

  42. AndreDVJ

    AndreDVJ LI Guru Member

    Meanwhile, try this workaround:
    root@R7000:/tmp/home/root# mv /tmp/var/lib/misc/wan_time /tmp/var/lib/misc/wantime
    root@R7000:/tmp/home/root# uptime
    09:52:12 up 20:02,  load average: 0.00, 0.01, 0.04
  43. Edrikk

    Edrikk Network Guru Member

    Just a head-up @shibby20 of a Tomato specific fix in upstream miniupnp repository by the miniupnpd author (via fktpa813) --> Fix Tomato Lease Duration:

    It was committed March 4th it looks like. This fixes issue 192:

    A benefit of having the code upstream! :)
    visceralpsyche and AndreDVJ like this.
  44. TheGo2SWATking

    TheGo2SWATking New Member Member

    After I restart httpd the /etc/cert.pem and /etc/key.pem are reset to self-signed certificates and browsers will display warnings when trying to connect.

    Edit: I was including the intermediate certificate in the /etc/cert.pem file. According to another post here that probably went past the max length of the https_crt_file variable. I had no issues installing the certificate without including the intermediate (on both a v132 and a v133 router). To get around the browser warnings I installed the intermediate authority in the windows intermediate cert authorities store. Kinda unfortunate since best practices are to pass along intermediate certificates with the server certificate, but it still works.
    Last edited: Mar 10, 2016
  45. Sparkix

    Sparkix Reformed Router Member

    I just updated to:
    Tomato Firmware 1.28.0000 -134 K26ARM USB AIO-64K
    on my Asus RT-AC68R/U.

    It appears that the VPN Client Routing section is not working. If I set only one IP to pass through the VPN (my laptop) it still passes everything through. I verified this by running traceroute from different devices and comparing the route with the VPN on and off.

    Has anyone else noticed this? I flashed the NVRAM after upgrading and re-entered all my settings from before.

    Edit: I got it to function correctly once I rebooted the router a couple of times.
    Last edited: Mar 15, 2016
  46. Chad Burks

    Chad Burks Networkin' Nut Member

    I installed version 134 on my R8000. IPv6 appears to have some issues. The router gets an address but no devices can use the address. This may be an old bug cropping back up where a spurious default route is added for the WAN interface (usually vlan2), where all IPv6 packets going out the default route effectively go to /dev/null. I'll report back if anything else crops up.
  47. WaLLy3K

    WaLLy3K Networkin' Nut Member

    Would break Connection Uptime under WAN in the GUI, and uptime is a separate command from wanuptime. In any case, it still returns a segmentation fault.

    As an unrelated issue, I seem to have a number of my scripts losing their permissions and reverting from Unix line endings, to Windows line endings. On top of this, my init script is not being called despite having called it from Admin > Scripts > Init.

    I've had to roll back as v134 is more trouble than it's worth - hopefully @shibby20 releases v135 compiled with the old toolchain (and any other fixes deemed appropriate).

    The man dedicates his free time to this though, so I'm willing to be patient :)
    Last edited: Mar 10, 2016
  48. francoism

    francoism New Member Member

    So I've installed 134-MultiWAN (single WAN) on a D-Link 868L, and so far it seems to work good. :D
    Really like the clean interface. :)

    I'm a bit confused about the Wireless 5G (Wireless Network Mode): I can only select Auto, A or N Only.
    Should there not be an AC option? Or does Auto enables 802.11ac?

    Many thanks and keep up the good work. :D
  49. WaLLy3K

    WaLLy3K Networkin' Nut Member

    Set the Channel Width to 80Mhz, and it'll be AC as long as Wireless Network Mode is set to N Only.
    francoism and koitsu like this.
  50. AndreDVJ

    AndreDVJ LI Guru Member

    Yeah correct it segfaults. I overlooked this and probably was sleep deprived :D

    I will try recompiling the firmware and let you know if it worked.

    I always had problems with init scripts. I gave up on them and run stuff when I mount my flash drive. Much more reliable, across both of my units (WNR3500Lv2 and R7000).
  51. AndreDVJ

    AndreDVJ LI Guru Member

    Well I need some help.

    1) I got rid of that check_wanup() thingy (this caused the segfaults) and corrected the file name. This was the quickest approach to fix the binary. However I don't have multiple WAN's so I have no idea how this behaves with multiple WAN's. Testing is needed by whoever has two or more WAN's.
    #include <stdio.h>
    #include <sys/sysinfo.h>
    #include <time.h>
    int main(int argc, char **argv)
      struct sysinfo si;
      time_t uptime;
      if (f_read("/var/lib/misc/wan_time", &uptime, sizeof(time_t)) ==  sizeof(uptime)) {
        printf("%ld\n",si.uptime - uptime);
      return 0;
    I am attaching the binary and source code. ARM only. Drop the file at /opt/bin and give feedback.

    2) I crafted another code based from asp_link_uptime function in httpd/misc.c. Both works the same way, same results however I don't know what to expect in the long run, with multiple WAN's, etc.
    #include <stdio.h>
    #include <sys/sysinfo.h>
    #include <time.h>
    int main(int argc, char **argv)
        struct sysinfo si;
        long uptime;
        char wantime_file[128];
        memset(wantime_file, 0, 128);
        sprintf(wantime_file, "/var/lib/misc/wan_time");
        if (f_read(wantime_file, &uptime, sizeof(time_t)) ==  sizeof(uptime)) {
            printf("%ld\n",si.uptime - uptime);
        return 0;
    I need to learn how to play with git and send stuff upstream. I'd appreciate if someone review and chime in if this can be improved somehow, point mistakes, etc. before going live.

    Attached Files:

  52. tvlz

    tvlz LI Guru Member

    Uncheck the "Request PD Only" box, it's only needed for PPPoE (DSL,Fiber?) connections, to get the
    default route they need for IPv6
  53. WaLLy3K

    WaLLy3K Networkin' Nut Member

    Normally I'd be more than happy to test that for you AndreDVJ, but I've rolled back - which doesn't make me a very good test subject :)
  54. AndreDVJ

    AndreDVJ LI Guru Member

    No worries mate. Cheers!
  55. koitsu

    koitsu Network Guru Member

    There's a lot wonky here. I could probably write a 8 page response to just the two code samples given, especially the 2nd one. Here's something more proper/elegant/correct:

    #include <stdio.h>
    #include <time.h>
    #include <sys/sysinfo.h>
    int main(int argc, char **argv)
        struct sysinfo si;
        time_t uptime;
        if (sysinfo(&si) == -1) {
            return 1;
        if (f_read("/var/lib/misc/wan_time", &uptime, sizeof(time_t)) == sizeof(uptime)) {
            printf("%ld\n", si.uptime - uptime);
        else {
        return 0;
    I added very crappy error handling to a failed sysinfo(2) call. I need to know what the expected behaviour is if this fails -- do we just return a non-zero exit code, or do we actually need to print out a value to stdout?

    What you did in your example with wantime_file serves no direct purpose compared to a hard-coded string (all you did was move a hard-coded pathname into a 128-byte buffer allocated on the stack in a variable, zeroed it, then copied the pathname into the buffer, then referenced said variable).

    I'm not really sure what all the hubbub is about in the fix, though, unless the path was completely wrong and that's truly the full fix.

    One thing that caught my attention was switching variable uptime from a time_t to a long. On 32-bit Linux architectures, the time_t typedef is a long (signed 32-bit number, i.e. suffers from epoch rollover/year 2038 bug (nothing we can do about it)). The situation becomes more complex on 64-bit archs (because time_t there usually is a long long, i.e. 64-bit number), and detecting "how to handle" time_t in several ways is difficult. This is why the time_t typedef was created in the first place.

    The sysinfo struct member uptime as per the sysinfo(2) syscall is declared as a long, but the variable uptime (in the program) was declared as a time_t.

    We should really keep uptime as a time_t, as odds are what writes that file in the first place writes out a time_t -- you therefore want to make sure you read it back in as a 64-bit number. The math portion, si.uptime - uptime, should still work. If it emits warnings, a force-cast of si.uptime to a time_t should suffice, e.g. (time_t) si.uptime - uptime. Someone may want to review the sysinfo struct on the 64-bit Linux kernel source used to determine what the uptime struct member actually is there (it's very possibly still a long -- not sure! If it's still a long, then okay, no worries -- a long on a 64-bit arch is a signed 32-bit number).

    If you plan on doing something with the buffer or filename dynamically at run-time, then you have reason to use a variable for it. In that case, you'd actually want this:

    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include <time.h>
    #include <sys/sysinfo.h>
    #include <linux/limits.h>
    int main(int argc, char **argv)
        struct sysinfo si;
        time_t uptime;
        char *wantime_file;
        wantime_file = calloc(1, PATH_MAX);
        if (wantime_file == NULL) {
            /* calloc/malloc failed */
            return 1;
        /* If you want something more dynamic with %-expandos, consider snprintf(),
         * but never sprintf()!
        strlcpy(wantime_file, "/var/lib/misc/wan_time", PATH_MAX);
        if (sysinfo(&si) == -1) {
            return 1;
        if (f_read(wantime_file, &uptime, sizeof(time_t) == sizeof(uptime)) {
            printf("%ld\n", si.uptime - uptime);
        else {
        return 0;
    Same question applies to a failed calloc() call in this example -- what exactly do we want to do in that situation? (That'd be pretty awful though -- a system that can't allocate ~1-4KBytes of RAM (depending on arch/platform) probably has other problems going on).

    C coding tips:

    1. Path and filename length limits are defined as PATH_MAX and FILENAME_MAX. However, using these is tricky. "To keep it simple", just use PATH_MAX. This is also known as MAXPATHLEN on the BSDs, though both work.

    2. Still referring to the same issue of path and filename lengths: do not allocate this buffer on the stack. Instead, dynamically allocate it (and later free it) using calloc() (i.e. var = calloc(1, PATH_MAX); then later free(var)). This takes care of i) possible stack exhaustion, ii) the need for the memset(), and iii) complies with general guidelines per GNU libc (though we do not use glibc on Tomato, we use uClibc, but the premise stands -- large-ish buffers should not be allocated on the stack); once you read those warnings about PATH_MAX not being enforced by some functions (oh well) and how buffers using FILENAME_MAX should be dynamically allocated, you'll understand the justification.

    3. Do not use sprintf() to populate the contents of a buffer in this manner -- sprintf() is insecure and dangerous (though in this usage context it's safe, but there's literally no need for use of it). Consider strcpy(), or the better strlcpy(). If %-expandos must be used, consider snprintf() and learn about the dangers (be very very careful what you accept as input!).

    4. Make sure to try building your code with -Wall to ween out any potential problems. If you encounter type mismatches, don't just force-cast to squelch the warning -- figure out what the problem is and fix it properly.

    Pretty sure I've missed something (my brain is telling me I have), but that's the gist of it.
    AndreDVJ likes this.
  56. tommyv

    tommyv Addicted to LI Member

    After upgrading from 128 to 134 (R7000) I cannot forward the router web admin port anymore using iptables to access the router from outside vpn. Any ideas ?

    Also, external ip checker throws an error when updating ddns in all versions >128.

    Anything to do with new routing policy in versions above 128 ? Or some other setting perhaps ?
    Last edited: Mar 11, 2016
  57. Speedy1205

    Speedy1205 New Member Member

    Hey Guys, I have a question where I didn't find the Answer yet. I got a Asus DSL-AC68U Router and wanted to know if I can use the Shibby FW for the AC68U on it ? I think they are pretty much the same only the DSL Version has only 1 USB 3.0. Any Ideas ?
  58. jerrm

    jerrm Network Guru Member

    No. Even if it flashed and runs without bricking, Tomato will not have any of the underlying code and UI necessary to manage the DSL hardware and connection.
    WaLLy3K likes this.
  59. RichtigFalsch

    RichtigFalsch Addicted to LI Member

  60. Emery Galambos

    Emery Galambos Network Newbie Member

    I had to uninstall the most recent version (133) and go back to the one before it. The QOS destroyed my bandwidth. When I had it running I got about 70% of my possible bandwidth only.

    WNR-3500L V2
  61. Chad Burks

    Chad Burks Networkin' Nut Member

    Appreciate the suggestion, but I tried that already. No such luck.
  62. Tschens

    Tschens Networkin' Nut Member

  63. Chad Burks

    Chad Burks Networkin' Nut Member

    Well version 134 on the R8000 stopped all wireless traffic just shy of 24 hours uptime.

    Sent from my V820w-DualOS using Tapatalk
  64. Thomas Begley

    Thomas Begley Serious Server Member

    I am running 1.34 on my R7000 and can confirm that external ip checker works fine and updates my DDNS at no-ip with no issues at all.
    tommyv likes this.
  65. gs44

    gs44 LI Guru Member

    I have ran both latest Shibby and Toastman versions on my R7000 and after consulting with Toastman and then changing a few settings, my R7000 with either flavor of tomato firmware has EXCELLANT wireless range. The 5 Ghz range is in fact better in a huge way when compared to my older E2000 and E3000 units.

    for 2.4 Ghz set country to Singapore and power to 0

    for 5 Ghz set country to USA and power to 0

    I mainly only use 5Ghz wireless AC devices so I have wireless mode set to N only and 80 Mhz

    With these settings my 5Ghz wireless AC Range is incredible!!!

    I can't really comment about 2.4Ghz range as I only use it for old legacy devices that don't support 5 Ghz wireless AC, but from what I have seen its range is comparable to stock firmware
    dkirk likes this.
  66. byoussin

    byoussin New Member Member

  67. Gamby

    Gamby Networkin' Nut Member


    I tryed to upgrade my R7000 from v132 to v134 and saw those problems implementing this new version:

    The mac address on wan port changed, and even when i changed to what it used to be on v132 doesn't change on reboot.
    In my lan network i have 3 vlans beside the default vlan1 and i have associated them to bridges. When i try to associate example br1 to wifi, the client's doesn't get any ip's, and i have dhcp authorized.
    One of the bridges has router ip subnet is a 24 bits and associated to a vlan 12, when i try to connect a client on that router port (untagged) with a fixed ip, the client doesn't ping the router, i had to changed to router ip on that bridge to

    I hope you fix these problems on newer releases.

    Best Regards.
  68. Thomas Begley

    Thomas Begley Serious Server Member

    Just so everyone knows. Selective VPN routing Per URL is now working in 1.34
  69. JoeDirte

    JoeDirte Networkin' Nut Member

    Just so you know, your signature is basically spam banners and I have ignored you.
  70. Thomas Begley

    Thomas Begley Serious Server Member

    What are you talking about
  71. JoeyJoeJoe

    JoeyJoeJoe Guest

    I don't see any signature at all.
    dkirk and WaLLy3K like this.
  72. Tom Parkison

    Tom Parkison Addicted to LI Member

    I just updated my Linksys E3000 router to version 133 and I have something weird going on. I have rebooted my router twice now and the power LED keeps flashing and won't stop flashing even though I can access the web GUI of the router and access the Internet through said router. Heck, I'm even posting this message while connected to the Internet through the router all the while the power LED keeps on blinking.

    Why is it blinking? How can I get it to stop blinking? It's going to keep blinking until the cows come home, and then some.
  73. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    Did you delete NVRAM and configure it manually afterwards?
  74. Tom Parkison

    Tom Parkison Addicted to LI Member

    No, I just loaded the new version on top of the old version. Version 132 to 133.
  75. AndreDVJ

    AndreDVJ LI Guru Member

    Well many NVRAM variables have changed because of the new Multi-WAN feature.
    ATTENTION: You have to erase nvram adter install this version and configure your router once again!!
    Please get to: Administration -> Configuration -> Restore Factory Configuration -> Erase all data in NVRAM memory (thorough)
  76. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    Shibby wrote we had to do a full clear and reconfigure manually after updating to 133, because there are major changes he made. So you shoould initiate a thorough nvram clear and enter your configuration again then. Do not use a saved configuration file.
  77. Chewwy420

    Chewwy420 New Member Member

    I have same issue, 100Mbps connection and with QOS enabled I am only getting about 27Mbps.
    I did a full NVRAM clear, worked fine in 132.
  78. Mercjoe

    Mercjoe Network Guru Member

    I went from 134 back to 132 because QOS and access restrictions were broken.

    Give Shibby time. I am sure that things will get ironed out.
  79. Gamby

    Gamby Networkin' Nut Member

    I have tested again the v134 and i found my problem.

    My isp has vlan100 witch is internet, vlan101 voip and vlan105 for iptv
    This is my test

    I found that with vlan100 the mac on ifconfig doesn't change to wan mac, stays on lan mac.

    I have uploaded the output of ps command and you see I don't have udhcp resquesting for ip on vlan100.

    Attached Files:

    • ps.txt
      File size:
      2 KB
  80. eangulus

    eangulus Network Guru Member

    I have a question regarding the MultiWAN. What is Load Balance Weight?

    Like I know what its for, but I am wondering what they actually do. I just want a better understanding so I know what it means if I set all WANS to 1 for example.

    Just not sure if its an ordering number, or ratio of traffic number or what.
  81. Tom Parkison

    Tom Parkison Addicted to LI Member

    Then I might go back to 132 and restore the configuration backup file.
  82. ShaRose

    ShaRose Reformed Router Member

    I have a rather different and possibly easy question to ask: If DHCP / DNS is disabled in tomato, does that break the IP traffic monitoring / device list? I'm getting somewhat annoyed with dnsmasq returning server failed when it shouldn't and then caching those results (nslookup = server failed, nslookup = the right IP results even though dnsmasq points to, so I'm planning on setting up a mini-pc to handle it separately: But I still want to keep my traffic logging, and possibly the device list.
  83. callous

    callous Network Guru Member

    Last edited: Apr 21, 2016
  84. Fenisu

    Fenisu New Member Member

    It is going to be a couple of months, if not a year, before I can get into the router and do a proper nvram clear to upgrade.

    The problem is that old versions of OpenVPN and OpenSSL need to be patched for security issues.

    Any plans on keep updating the old tree (no-MultiWAN), for at least some time?
  85. DarkFnh

    DarkFnh Addicted to LI Member

    I just got an R7000 and flashed it with v134 everything is fine but Bandwidth monitoring is broken

    Anyone else having the same problem?
    JoeyJoeJoe likes this.
  86. sparcling

    sparcling New Member Member

    I'm using a R7000 and since the MultiWAN release (v133 and v134) the support for vlan's seems to be broken. I'm using a Dutch ISP (Telfort) which provides a fiber connection. Up till v132 all that was required to make this work (without the supplied router that came with it) was following settings under Advanced->VLAN:

    VLAN 1 - VID 1 - PORT1 Yes - PORT2 Yes - PORT3 Yes - PORT4 Yes - Default * - BRIDGE LAN (br0)

    Ever since v133 and v134 this doesn't seem to work anymore and the router no longer obtains an IP address via DHCP on the WAN port.

    Is this a bug or am I missing something here ? I've tried everything I could think of using a clean/wiped configuration with both v133/v134. Any help/feedback would be appreciated.

    --update-- After reading back some posts it seems to be the same issue as Gamby is experiencing --update--

  87. sparcling

    sparcling New Member Member

    I can confirm the same issue on my R7000.

  88. simmox1

    simmox1 Serious Server Member


    The SFTP is broken with v133 Multiwan on RT-N66U and K26RT-AC firmware.
    It was working properly on v132. I'm using Entware and openssh-sftp-server.
  89. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    I have a 'sleep 5' at the first line of my init script. I can't remember when and why exactly, but it has always been working as intended since (Netgear 3500Lv2).

  90. vinhdizzo

    vinhdizzo Networkin' Nut Member


    I'm running Shibby 1.28 on an Asus AC68U router. I'm using Tomato's webserver (nginx) to set up a reverse proxy per these instructions. That is, I set up port forwarding from the outside world to the router's ip, and the router's web server acts a reverse proxy (with SSL) and points to the ip camera. I set up port forwarding. I checked "Allow Remote Access" for the web server to make sure the router responds to the outside world. I also tried the steps one at a time per the post to make sure things work.

    When I'm on the network, and I use the public URL, my https address works (so port forwarding and reverse proxy works). However, when I'm not on the home network, it does not. Any thoughts on what I'm doing wrong? I even tried the reverse proxy without SSL, and that too does not work when I'm outside the home network. Is it a port forwarding issue? I'm using ports in the 7000's. When I port forward to port 85 (default nginx page) without the reverse proxy, I am able to see the site in the outside world.

    So, I think 1 of 2 things could be causing the problem:
    - port forwarding issue
    - nginx reverse proxy setup ignoring requests from the outside world

    The error I see in the browser is ERR_CONNECTION_TIMED_OUT.

    Thanks for the help.
  91. eangulus

    eangulus Network Guru Member

    Inbound QOS is broken in 134 (RT-AC68U). No matter the settings all Inbound traffic is on whatever you have set as the default class.
  92. Tony Arnold

    Tony Arnold Serious Server Member

    Can anyone else still see fq_codel as an option under QoS' "Qdisc Scheduler" setting? Seems like there's a bunch of stuff awry with this release :(
  93. ghoffman

    ghoffman Network Guru Member

    i confirm: only sfq or pfifo avalable for me.
    also confirm loss of inbound qos classification by bytes transferred, although connections are classified

    i'm so appreciative of the efforts to keep this project alive.
  94. Bird333

    Bird333 Network Guru Member

    Shibby when will v134 be available for the other routers?
  95. Lorenceo

    Lorenceo Networkin' Nut Member

    Have noticed that the bandwidth monitor no longer seems to record any data on v134.
    Interface PPP0 doesn't show up on the 24 hour graph, but does on real time. Could perhaps be why it's not showing up. Only have one WAN connection set up, so it shouldn't be confused with recording traffic on multiple WANs. NVRAM was cleared in between the update. Not sure why it's not recording any more.
  96. vinhdizzo

    vinhdizzo Networkin' Nut Member

    After further thinking and testing, I believe what's going on is that the router is ignoring the request from the outside world. I thought it was a port forwarding issue, but I have other port forwards to other internal locations, and I don't have a problem. Thus, it must be the router ignoring (except port 85, the default for nginx on the tomato).

    I googled "tomato nginx remote access", and ran into this thread. Running the something like the following made things work:

    iptables -t filter -A INPUT -p tcp --dport 12345 -j ACCEPT

    I think this makes the router accept connections on the stated port. I'll add the necessary lines under Administration > Scripts > Init.

    Is this the best approach? Am I not being secure in any way? Thanks.
  97. Jovzin

    Jovzin New Member Member

    Hello Shibby.
    I want to ask you if you are planing to update your Tomato firmware for Netgear WNDR4500v3.
    I just bought this router and was hoping I will get v2 but I got v3 which has different chip than v2 and it needs .img file not .chk.

    So I want to ask you if you are at least considering to update your Tomato firmware for this new version or I should go to the store and ask for replacement for older version of this router.
    Thank you very much
  98. underpickled

    underpickled Network Newbie Member

    I finally decided to try out v133 on the RT-N66U and the router wouldn't pull an IP from the modem (yes, NVRAM was cleared). Trying to revert back to v132 ended up a multi-hour debug process. I've always upgraded with almost no issue to every new version for over 4 years... did I miss something this time?
  99. vincom

    vincom LI Guru Member

    ac66u, i rebooted modem to get ip.
  100. underpickled

    underpickled Network Newbie Member

    Probably should have tried that. Did not try that. Will try next time if I attempt again. Thanks!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice