Tomato Shibby's Releases

Discussion in 'Tomato Firmware' started by shibby20, Feb 26, 2011.

  1. Maverick00420

    Maverick00420 Network Newbie Member

    Im currently running 132 and OpenVPN Server works flawlessly in a TAP configuration for me.

    Based on the firmware guide on Shibbys website'

    If it were me Id use'
    Last edited: Apr 7, 2016
  2. NanoG6

    NanoG6 Network Newbie Member

    Is tomato using proprietary/asus wireless driver, or opensource driver?
    Sorry if my question has been answered before. Many thanks
  3. Mate Rigo

    Mate Rigo Networkin' Nut Member

    Closed source drivers. And drivers work only with Broadcom SOC s, at least for MIPS. Maybe at ARM this changed? But I guess not.
    NanoG6 likes this.
  4. koitsu

    koitsu Network Guru Member

    You didn't specify what architecture you're referring to: MIPS or ARM.

    I can't speak on behalf of ARM, but on MIPS, it's like this:

    Both the wireless driver and the switch driver are closed-source binary blobs provided by Broadcom to actual router manufacturers/vendors. There is an API/interface layer to the driver (needed by the kernel) that does contain source code, but there's literally nothing in there that provides details over how the actual wireless (or switch) work. Broadcom gives the binary blobs to the vendors. If a vendor encounters a bug/issue, they're supposed to discuss it with Broadcom, who will give them a replacement blob. There is another layer of support available that costs substantially more money to the vendors, which is where instead of given a binary blob they're given some level of source code of the driver itself as well as full details/documentation of the underlying chip -- the problem is, the source/driver is proprietary/classified as IP, therefore the source to that cannot be provided to the masses. When the vendor makes a firmware/OS that's based on a GPL product or software (ex. Linux), they have to release that code to the public to be in compliance with the license -- this does not require them to release the source to the drivers (if they have it). Instead, they can (and do, 100% legally) release only binary blobs. There are several downsides to this, one of which is that the Linux kernel cannot be upgraded to a newer version without risking major ABI breakage.

    Tomato (MIPS) is effectively an amalgamation of multiple vendors' open-source firmwares, but the two that started it all / are most focused upon are Linksys (now a subdivision of Cisco) and Asus. In both cases, the code to the vendors' firmware is available, but only binary blobs are provided of the aforementioned.

    AsusWRT-Merlin is more specific: it's based entirely on the code that Asus publishes as open-source (which includes binary blob drivers), with improvements that the community or public developers want. In other words: it's an "enhanced firmware based entirely on the code Asus releases". But as I said, the drivers are still binary blobs.

    DD-WRT, at least recently (it wasn't like this years ago), is different. I have no definitive way of confirming this, but I believe it's been concluded through review of commits and conversations on the DD-WRT forum with BrainSlayer: he has some sort of relationship with Broadcom (I don't know what, but it's suspected he's paid the money to get access to the actual driver sources or possibly chip details, not sure which). In turn, DD-WRT is able to actually provide an updated wireless and/or switching driver (but, obviously, only binary blobs are released to the public), or potentially fix bugs in it (either by himself or through communication with Broadcom). Tomato does not have this kind of support or relationship with the chip manufacturer -- instead, Tomato relies entirely on what vendors are making available to the public.

    Finally, I want to point out that the above model -- only giving people access to binary blobs, etc. -- is **super** common and has existed going back to bare minimum the early 80s. Companies, especially today, do not like giving out source code or "low level details" of their products because in their minds someone could potentially steal it/make a pirate clone of something and this would in turn make the originating company less money. Lots of products today are this way -- most ICs from companies like Broadcom, Atheros (it depends on what), Intel (it depends on what), nVidia, AMD/ATI (do not let what you read in the news fool you), etc. only provide "interface documentation" and a binary blob to a customer of their products (and to end-users, you get nothing but a binary blob or a driver, which you pray/hope works).

    Broadcom, in my experience, happens to be the worse offender. Their attitude since day one has been "this is our intellectual property and we're not giving out any source code or technical documentation of chips..... unless you sign some insane NDA with us and give us a lot of money, in which case we'll let you look at stuff, but you can't release the code you see or the docs you read".

    It may surprise you, but a lot of Linux and FreeBSD drivers are this way. Though in recent days, a lot of the companies making the ICs also end up hiring full-time employees who work on Linux driver code (no documentation of the chips is ever provided to the public, but what ends up getting committed to the open-source Linux kernel are drivers written by those companies that work better than, say, reverse-engineered drivers).

    OpenBSD is one operating system where the developers have actually had public battles and dropped support (or never added it) for certain chips/devices simply because they want actual technical documentation of the chips so they can write the drivers themselves (or require the company support OpenBSD). They really don't like "secret sauce" drivers, so what you end up getting with OpenBSD tends to be a lot of actual code and not binary blobs. FreeBSD, Linux, etc. will bend on the matter and let binary blobs be accepted.
  5. RMerlin

    RMerlin Network Guru Member

    That's not correct. Broadcom provides the complete source code to the manufacturers, except for CTF (the NAT acceleration module). The manufacturer compiles the driver and its associated components as he compiles the rest of his firmware (acsd, the channel selection daemon, wps_monitor, etc...).

    When distributing the GPL archive, the manufacturer only includes the compiled components.

    It's the same for both ARM and MIPS.
    RichtigFalsch and NanoG6 like this.
  6. Bird333

    Bird333 Network Guru Member

    This brings up the idea of maybe we could do a 'gofundme' for the tomato developers to get access to the source code so things can advance. What do you guys think?
    RichtigFalsch likes this.
  7. RMerlin

    RMerlin Network Guru Member

    It's not just a matter of money.

    1) It requires some pretty advanced technical expertise to deal with wireless radio code. More than a programming hobbyist typically has.
    2) From what I'm told, manufacturers like Broadcom won't "sell" their SDK to anyone but actual companies that manufactures routers (or who actually buy the chips - I don't know the specifics)
    3) The newest regulations with the FCC and the European equivalent are also making things more difficult from a legal point of view.
    JoeDirte likes this.
  8. Bird333

    Bird333 Network Guru Member

    Ok, well I wonder why Brainslayer has access?
  9. RMerlin

    RMerlin Network Guru Member

    Could be due to his partnership with Buffalo, or because he has an actual company and is doing this full-time. No idea what the details of his access are.
    dc361 likes this.
  10. 4Access

    4Access Network Guru Member

    Linksys has actually been a subdivision of Belkin since 2013 when Cisco sold it to them.
  11. MrBeer

    MrBeer Networkin' Nut Member

    looking for a new ARM router looking at r7000 or the r8000 is one beter then the other using all 5 ghz wireless
    or is the another brand better.Using a linksys e3000 now 2 of them. one in the basement and one up upstairs.
    the one in the basement is used to extend the wireless

    forget about it went out and got a R8000.
    Last edited: Apr 9, 2016
  12. NanoG6

    NanoG6 Network Newbie Member

    Wow thanks for the explanation. If I understand correctly, no matter what firmware I use, as long as my router has Broadcom (MIPS) then it will use closed source/proprietary driver (from Broadcom). Is it right for me to assume that closed source driver is better than open source driver? Because they the one who built the hardware so they know how the hardware work on low level.
  13. RMerlin

    RMerlin Network Guru Member

    No. In some case it's the opposite, as one might be using a driver built for a different model, and not tuned for it (like Tomato has to do).
  14. Superhai

    Superhai Serious Server Member

    While that is true, it usually doesn't mean much. Older popular hardware is usually well specified either from manufacturer or by reverse-engineering. Open-source drivers may still be worked on while a manufacturer could abandon it. Newer drivers are also dependent on how much resources the manufacturer put into making an optimized driver and bug-fixing it. Generally the answer is it all depends.
  15. NanoG6

    NanoG6 Network Newbie Member

    @RMerlin too bad you stop developing RT-N16 firmware, at least please add OpenVPN support and it will be perfect :)
    (I know, I read it somewhere it is because the 32 NVRAM)
    Currently using tomato on my RT-N16, will try DD-WRT on it soon.
    Any way, how can I check the wireless driver version from inside the firmware? Can I check it through console/SSH?
  16. koitsu

    koitsu Network Guru Member

    The RT-N16 has two USB ports. Put a USB stick in it and use Entware-ng. It has OpenVPN packages:

    root@gw:/tmp/home/root# opkg list | grep '^openvpn'
    openvpn-easy-rsa - 2013-01-30-2b - Simple shell scripts to manage a Certificate Authority
    openvpn-nossl - 2.3.10-1 - Open source VPN solution using plaintext (no SSL)
    openvpn-openssl - 2.3.10-1 - Open source VPN solution using OpenSSL
    openvpn-polarssl - 2.3.10-1 - Open source VPN solution using PolarSSL
    No, there's no GUI, but so what? All the official OpenVPN docs describe the config and what you need to do/set up in relevant config files, and you can just do this via the CLI. Pretty simple.

    That said, be warned: the performance is fairly bad because of the hardware involved. These routers are not "encryption tanks", meaning they really aren't intended to be doing crypto like this. They have no hardware offloading for it. If you're wanting to use OpenVPN and care about high-speed throughput, run OpenVPN on a client machine on your LAN. The performance is substantially better (hint: modern desktop CPUs easily outperform the CPU used in routers. The CPUs and hardware in routers is intended for two tasks: NAT and packet forwarding/routing).

    root@gw:/tmp/home/root# wl ver
    5.100 RC138.20
    wl0: May 29 2012 08:48:50 version
    RichtigFalsch likes this.
  17. NanoG6

    NanoG6 Network Newbie Member

    Well I actually dont need the "encryption" thing. they blocked PPTP protocol in my office so I need to use OpenVPN on port 443 to trick the MS TMG. PPTP seems snappier but (at least on Tomato and stock) I always having issue with MTU
  18. NanoG6

    NanoG6 Network Newbie Member

    Well I actually dont need the "encryption" thing. they blocked PPTP protocol in my office so I need to use OpenVPN on port 443 to trick the MS TMG. PPTP seems snappier but (at least on Tomato and stock) I always having issue with MTU
  19. NanoG6

    NanoG6 Network Newbie Member

    Well I actually dont need the "encryption" thing. they blocked PPTP protocol in my office so I need to use OpenVPN on port 443 to trick the MS TMG. PPTP seems snappier but (at least on Tomato and stock) I always having issue with MTU
  20. koitsu

    koitsu Network Guru Member

    Okay, here's an alternate solution for you then. PPTP initiation uses TCP port 1723 but then switches to reliance on GRE -- which uses protocol 47 (this is not a port, but a separate protocol -- i.e. it's not TCP, UDP, but GRE) -- for everything past that (everything past that is also encrypted). So, assuming the latter isn't blocked (it sounds like it isn't), guess what: you can move the PPTP daemon to another port (or if you can't, you can set up an internal port redirect so that 443 --> 1723 on the router itself). Many PPTP clients let you specify the destination port of the PPTP server. In other words: why use OpenVPN when you should be able to accomplish the same simply moving PPTP to TCP port 443.

    I don't know what you mean when you say "I always having issue with MTU". Is your internet connection/WAN using an MTU size of 1500 or 1472 (common for PPPoE)? This may or may not be solvable. If it isn't solvable, then yes, using OpenVPN in TCP mode (on TCP port 443) should certainly be more helpful, as you can set the effective MTU size of the tun or tap interface to something equal to that of your WAN link (1500, 1472, etc.).

    Also, protip from someone who's a sysadmin and netadmin: you think that sticking things on TCP port 443, because of your workplace's use of a firewall or management software (in this case, Microsoft Forefront), will work for you -- and yes, it will. However, any network administrator worth two cents will begin to notice an increase in traffic flow via port 443, and begin to look into it, including doing packet captures on the gateway endpoint itself. Once examining the payload, the admin will immediately see that the traffic isn't HTTPS at all, but something different (doesn't matter what). Once he/she finds the initial TCP SYN/SYN+ACK/ACK for the initial PPTP (or OpenVPN) connection, followed by use of GRE (for PPTP), they'll know immediately someone is bypassing Forefront by simply using a TCP port number they allow through. The admin will then find out what workstation is doing this, find out who's logged in or at it (based on either logs or timestamps), and someone will begin an analysis and ask you to explain why you're doing what you're doing. I warn you: depending on the terms of your employment, you could be fired for it. I'm not trying scare tactics or anything, I just want you to know that what you're doing is indeed "sneaky" and that if caught sometimes the outcome can be a lot more than just a slight slap on the wrist. It's very easy to figure it all out.

    The same applies to other common TCP port availabilities, ex. 80 (HTTP), 3389 (MSTSC/Remote Desktop), 22 (SSH), etc..

    I'll follow this up with one final question: why do you need something as "vast" as PPTP or OpenVPN, which is usually for network bridging or routing? Do you really need your workstation at work to be _on_ your home network? Why can't you just use something like Remote Desktop to access your home computer directly? Are you just web browsing "through home" while at work? If that's all, then you could even accomplish this with an SSH port forward/tunnel (which requires only an SSH client on your workstation -- no other software!). It all depends. Honestly, my opinion is to just go with Remote Desktop, because it's easiest. :)
    Goggy likes this.
  21. NanoG6

    NanoG6 Network Newbie Member

    Hi @koitsu thanks for your suggestions! I'm on mobile right now and will follow it later.
    Just want to answer your question, I'm using VPN to bypass restriction, both at home or at work. I have a VPS that I installed a VPN (OpenVPN/PPTP) server on it :)
  22. dingmel

    dingmel LI Guru Member

    Hey there guys. Moving up to 135 from 132 on a AC66, has anyone managed to get the QoS working? I'm having random option resets and an iptables error, and the WAN drops.
  23. koitsu

    koitsu Network Guru Member

    As discussed in several threads including this one, v135 has several issues. Folks seem to be sticking with v132.
    dingmel likes this.
  24. dingmel

    dingmel LI Guru Member

    Thanks for that bit of info. I found out much later.
  25. shibby20

    shibby20 Network Guru Member

    [RELEASE] v136-MultiWAN for ARM routers.

    Please read changelog first.
    Mipsel`s version should be ready for few days. Please be patience.

    Feedback welcome.

    Best Regards.
    visceralpsyche, M_ars, moffa and 8 others like this.
  26. kerbdog

    kerbdog LI Guru Member

    Long time user of the Shibby Tomato firmware :)

    Unsure if this has been reported, but with V135 on a Asus RT-AC66U (even with a NVRAM clear), it would only bring up the 2.4 GHz wireless radio, the 5 GHz radio didn't show up in tomato. Maybe I'm doing something wrong?
  27. Chad Burks

    Chad Burks Networkin' Nut Member

    Hi Shibby,
    I've flashed v136 from stock and reloaded all of my settings manually to an R8000. I replaced an R7000 running v132 in my setup. The only thing that appears to be broken for me is IPv6. It was flawless on the R7000 v132. On the R8000 the router will procure and address from the provider, but doesn't appear to hand it out over the LAN via SLAAC or DHCP (tried both). Attached is some raw debug information. I'd be happy to provide you with anything else you may want. I'm going to let it run for a few days and I'll let you know if anything else crops up.

    Attached Files:

  28. Lorenceo

    Lorenceo Networkin' Nut Member

    v6 seems dead for me on v136 as well. Using an R7000.

    Edit: Seems this is due to my ISP. Happens on another router running an older version of Tomato.
    Last edited: Apr 13, 2016
  29. zorkmta

    zorkmta Network Guru Member

    Just bought a new router and I have a question about about ac68p( similar to ac68r/u) , can i flash directly from web admin of asus?

    I checked in Download directory and there are not image for ac68p :eek:

    Enviado desde mi S7 Edge
  30. vdantoni

    vdantoni Network Newbie Member

    Hello, I'm using build 136 on my r7000 and I'm having some issues with QOS.

    Using the default rules, some connections appear to be mismatched. For example, I'm getting a lot of connection with a destination between port 40002 and 40035 classified as voip/game under "QOS/view details", yet I do not see any rule why it should be there. The source port is 60431, by the way, and it does not seem to fall into that classification either, so why is it listed as voip/game?

    Also, a couple of smaller, obvious issues. The QOS graph seems to be completely off, and the zoom button produces an error. Thank you.
  31. QSxx

    QSxx Network Guru Member

    @shibby20 - Any non-multiwan versions coming or did you switch completely to multiwan tree now? (Just curious :)
  32. Chad Burks

    Chad Burks Networkin' Nut Member

    IPv6 didn't work on my R7000 on anything above 132 (MultiWAN builds).
    Lorenceo likes this.
  33. shibby20

    shibby20 Network Guru Member

    switched completely to multiwan version.

    I have configured ipv6 (Hurricane Electric) and it works correct on my RT-AC3200 with Tomato v136. returns score 10/10
  34. uneedus

    uneedus Networkin' Nut Member

    As soon as 136 appears for the K26 branch, I will try it on my Native IPv6 Network. I could not get 135 to work on IPv6 at all. Even static assigned devices could not communicate, and no addresses were being handed out to dynamic clients. I have a native connection from a PtP link of my WISP. I have 2 of the Asus RT-N16, one production, one spare. I had to revert back to my other router running 130.
  35. Chad Burks

    Chad Burks Networkin' Nut Member

    My provider uses DHCPv6 with prefix delegation. I have a HE tunnel, I'll try to see if that works, but I'd rather use the native instead of a tunnel.

    EDIT: I was able to get the tunnel working, but not native. I switched back to the R7000 v132 to make sure that it wasn't an ISP thing, but it worked fine. So from where I'm sitting, native IPv6 is broken beginning with the MultiWAN builds.
    Last edited: Apr 14, 2016
  36. uneedus

    uneedus Networkin' Nut Member

    Note, even with Version 130, I had to add ip statements to the WAN UP script to get native to work. Static does not work in the GUI, since there is no place to input the V6 WAN addresses of the point to point link feeding my assignment, as there would be for a routed V4 assignment that would also have a routed WAN point to point address feeding that static V4 prefix, which is placed in the LAN area of the GUI. My static V6 prefix is assigned to the LAN in the GUI, and the address on my side of the Point-to-point link feeding my static prefix is assigned to the WAN interface from the command line, with associated static V6 default routes to my prefix. I think the wan side of V6 should be in the GUI when native is selected, but since this can be done in the WAN UP script, this is not a showstopper for me. I have been using a script to bring up V6 since my days of using Tomato on a old Linksys, the only thing changed between the two routers is device names and use of ip instead of ifconfig to bring up the V6 addresses. ifconfig does not work on the newer Kernels, and I sooner should have gotten used to using the ip command instead.
  37. nxmehta

    nxmehta LI Guru Member

    Hi Shibby,

    It looks like at some point the SFTP path in dropbear got reverted back to a non-optware/entware compatible path:

    /* if you want to enable running an sftp server (such as the one included with
    * OpenSSH), set the path below. If the path isn't defined, sftp will not
    * be enabled */
    #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
    I think /usr/libexec/sftp-server should be /opt/libexec/sftp-server. Can you fix this in the next release if you get a chance? Thanks!
    koitsu likes this.
  38. spykos

    spykos LI Guru Member

    – Change wireless settings for R7000/R6300v2/R6250

    Which wireless settings were changed exactly ?
  39. AndreDVJ

    AndreDVJ LI Guru Member

    Need to see the sources to figure that out. @shibby20 can you please update your repo?
    cybrnook and Edrikk like this.
  40. somms

    somms Network Guru Member

    Noticed following flash up to this latest build and follow-up NVRAM erase, the Country / Region setting under Advanced/Wireless defaults to United States now instead i believe used to be Singapore?

    Otherwise this latest build seems to be just as stable as the previous one!:)

    Kudos Shibby!
  41. MrBeer

    MrBeer Networkin' Nut Member

    trying to use nvram export --set >config.txt but i get a error.
    /tmp/.wxQozmtx: line 5: can't create config.txt: Read-only file system anyone know how to fix this i use to do this on the toastman release.
  42. JoeDirte

    JoeDirte Networkin' Nut Member

    set a path to a writeable filesystem for your config.txt. ex. nvram export --set > /mnt/sda1/config.txt
  43. shibby20

    shibby20 Network Guru Member

    AndreDVJ likes this.
  44. pegasus123

    pegasus123 Addicted to LI Member

    ^ i get much greater range using US as country in 2.4ghz in R7000.
  45. npumcrisz

    npumcrisz Network Newbie Member

    I have configured ipv6 (Hurricane Electric) and it works correct on my RT-AC3200 with Tomato v136. returns score 10/10[/QUOTE]

    I have gone through my setup over 2 times and still my windows 7 can't connect via ipv6.
    I even tried entering information manually in vain!! What am I missing?
    I notice on versions 130 ipv6 setting page we had option to enable router advertisment:) but with the version 136 none!!:(
    Last edited: Apr 16, 2016
  46. npumcrisz

    npumcrisz Network Newbie Member

    EDIT: I was able to get the tunnel working, but not native. I switched back to the R7000 v132 to make sure that it wasn't an ISP thing, but it worked fine. So from where I'm sitting, native IPv6 is broken beginning with the MultiWAN builds.[/QUOTE]

    Could you please explain how you achieved this on version-136 but l'm failing in all attempts.
  47. Chad Burks

    Chad Burks Networkin' Nut Member

  48. npumcrisz

    npumcrisz Network Newbie Member

  49. AndreDVJ

    AndreDVJ LI Guru Member

    Doing a direct comparison between BR and US, US gives better signal to me (RSSI values improve in any range).
  50. Frequenzy

    Frequenzy Addicted to LI Member

    is there chance that netgear r6400 would be supported by shibby?
  51. Dibbles

    Dibbles Connected Client Member

    Last edited: Apr 18, 2016
  52. shibby20

    shibby20 Network Guru Member

    [RELEASE] v136 for mipsel`s routers is now available.

    best regards.
  53. Tom9014

    Tom9014 Reformed Router Member

    Just updated my N66u routers to v1.36. Static routes are now OK but "Advanced \ VLAN" cannot be opened. It is linked to "advanced-vlan-r1.asp". When I use "advanced-vlan.asp" instead VLANs are displayed.
    Last edited: Apr 18, 2016
  54. kisenberg

    kisenberg LI Guru Member

    Hi shibby,

    thank you for the mipsel releases. Is there a chance to get DNSCRYPT back into the WNR3500L-image?
    Is there also a matrix about features in the diffenrent images?
  55. pietja

    pietja Networkin' Nut Member

    This also happens on an WRT54GL running "K26USB-1.28.RT-MIPSR1-136-Mega-VPN"
  56. Frequenzy

    Frequenzy Addicted to LI Member

    how to upgrade ea6900 to shibby from stock? is there anything I need to do or just upgrade directly from linksys webinterface
  57. NeverMore

    NeverMore Reformed Router Member

    Same here on RT-N53 and "Ethernet Ports State" still showing "LAN4" active.

    Other bugs that i know of seems to be fixed. Thanks, shibby.
    Last edited: Apr 19, 2016
  58. Kanuki

    Kanuki Serious Server Member


    I just received my D-Link DIR-868L A1 today.

    I've been reading around and found out this router has only
    32K NVRAM but after I flashed Shibby's ARM Build 136 and
    it's showing 64k.

    I'm kinda confuse this router has 32K or 64K NVRAM.

    Is there anyway to enable Transmission?

    I really need to use it. Otherwise I will have to sell this router
    and buy something else.
  59. shibby20

    shibby20 Network Guru Member

    thanks. Indeed i made a typo. I will fix it and recompile all imade.

    How did you install Mega-VPN on router with only 4MB Flash memory?!?!?

    probably not. No space.

    Router has 64KB of nvram but can use only 32KB (CFE issue). You can install Transmission from optware or entware.
    Goggy and Kanuki like this.
  60. dadaniel

    dadaniel Network Guru Member

  61. Kanuki

    Kanuki Serious Server Member

    Thank you so much...

    Do you have the tutorial on how to install optware or entware?

    The tutorial in not working with this router.
  62. pietja

    pietja Networkin' Nut Member

    I replaced the 4MB flash with an 16MB Intel TE28F128J3C, upgraded the ram to 64MB with an Hynix H5DU5162ETR, installed dual USB ports and overclocked the CPU to 250MHz.
    JoeDirte likes this.
  63. koitsu

    koitsu Network Guru Member

  64. callous

    callous Network Guru Member

    Thank you shibby for the firmware!
    Last edited: Apr 19, 2016
    Kanuki likes this.
  65. crich156

    crich156 Reformed Router Member

    That's what I used

    Sent from my Nexus 6 using Tapatalk
    Kanuki and bobneville like this.
  66. Kanuki

    Kanuki Serious Server Member

    Last edited: Apr 20, 2016
  67. Lorenceo

    Lorenceo Networkin' Nut Member

    Can confirm v6 is working on v136 on DHCPv6-PD over PPPoE.
    QoS seems to be a bit hit and miss. Some traffic classes (port 8080 upload traffic) seem to be stuck on the default value rather than being assigned the correct one.
    Also the 24 hour WAN bandwidth graph, as well as daily, weekly and monthly WAN traffic totals still seem to be broken.

    Edit: The QoS not working as expected may have been an error on my part. After changing some QoS class rules it seems to be working as intended.
    Last edited: Apr 23, 2016
    Samuelheng likes this.
  68. somms

    somms Network Guru Member


    Since I've not had an issue w/Shibby's tomato collecting WAN stats using IPv4 on my R7000 gateway router over the past year thru all the builds now flashed up to latest v136, does WAN bandwidth only appear broken under IPv6?
  69. shibby20

    shibby20 Network Guru Member

    I recompiled all images. Please download new image and reflash your router. Now VLAN page should works correct.

    Feedback welcome.
  70. Bobby J

    Bobby J Reformed Router Member

    Hi Shibby, thanks for updating. I went to download the updated image for my Asus RT-N12 D1 and RT-N10P routers. Looks like the non-USB versions are missing from the //download/K26RT-N/build5x-136-EN-MultiWAN/Asus RT-Nxx/ directory. They were present in v135, but not in the recompiled v136. Any chance on adding them?

    Also, are the source code repositories updated for the Mipsel versions? I was trying to find the makefile for my router so that I could try to figure out what components were included in each build. Any guidance would be appreciated.

    Thanks again for your hard work.

    Attached Files:

  71. Kanuki

    Kanuki Serious Server Member


    I believe I just bricked my DIR-868L.

    It's flashing amber LED and won't bootup.

    I still can access to recovery page but no matter
    what image I flash still can't access to GUI.

    Is there any to recover from this?
  72. Lorenceo

    Lorenceo Networkin' Nut Member

    It stopped working on the first multiwan version. It's not recording any traffic at all. If I check the WAN bandwidth areas it only shows today's date, with no data. The 24 hour WAN bandwidth graph is non existent, but does show up in the real time view. Affects all traffic, not just v4 or v6. Will screenshot when I'm back at home + update this post.

    Edit: Screenshots.
    Daily bandwidth. Shows 0 when the router has been active with data flowing for almost 24 hours:
    24 hours bandwidth. Note that there is no ppp0 graph:
    Real time bandwidth. Note that ppp0 is visible:
    Also doesn't seem to even show the most recent date. The table is just empty.
    Last edited: Apr 21, 2016
  73. somms

    somms Network Guru Member

    [​IMG] [​IMG]
    Thanks Shibby! Just successfully flashed my remotely located E2000 & E1200 routers via OpenVPN w/this latest v136!;)
  74. callous

    callous Network Guru Member

    thank you shibby - will try that very soon!
  75. AndreDVJ

    AndreDVJ LI Guru Member

    Have you tried stock firmware?

    I recovered from a brick a week ago on my R7000, and even by flashing straight from CFE, I had to flash stock Genie firmware before going to Tomato again. My router doesn't have a recovery interface, so I had to use a USB-TTL cable.

    EDIT: Look at this guide. I was looking for serial pin-out but found this instead. It may help you.
    Kanuki likes this.
  76. NoisyNinja

    NoisyNinja Reformed Router Member

    Reporting in that an upgrade to version 136 for R6300v1 and RT-N16 was successful!

    I notice a problem when I enable second WAN in Multiwan I lose internet and I am unable to access the modems even when I specify the subnet in "Route Modem IP."

    Qos appears to work for a single WAN. Thanks for the hard work Shibby!
    Last edited: Apr 21, 2016
  77. JoeyJoeJoe

    JoeyJoeJoe Guest

    @somms I'm ipv4 and my bandwidth monitor has been broken since the first multiWAN. Fortunately I have unlimited bandwidth so it hasn't been a deal breaker for me, but for those who don't it probably would.
  78. deviantintegral

    deviantintegral New Member Member

    I'm still on release 132 as I haven't been able to find time to rebuild my router settings.

    Does anyone know if wireless client is functional in this release for an RT-n66u? I've tried connecting to both an openwrt router and a phone broadcasting an access point. In both cases, the router associates with the AP, but doesn't get a DHCP lease. I don't see the DHCP requests making it to the AP. This is with a WPA2 personal / AES only set of networks, and other clients work fine.

    This is all I'm seeing according to tcpdump on the AP, where the mac address is the client's:

    02:11:17.240045 50:46:5d:6e:XX:XX (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00
    02:11:17.240967 EAPOL key (3) v2, len 95
    02:11:18.243243 EAPOL key (3) v2, len 95
    02:11:19.243790 EAPOL key (3) v2, len 95
    02:11:20.244324 EAPOL key (3) v2, len 95
    02:11:21.606213 50:46:5d:6e:XX:XX (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00
    02:11:21.606279 50:46:5d:6e:XX:XX (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00
    02:11:21.616684 EAPOL key (3) v2, len 95
    02:11:22.256953 50:46:5d:6e:XX:XX (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00
    02:11:22.257021 50:46:5d:6e:XX:XX (oui Unknown) > Broadcast Null Unnumbered, xid, Flags [Response], length 6: 01 00
  79. Kanuki

    Kanuki Serious Server Member

    Yup.. I've tried every version of stock firmware. Seem like it stuck in Recover Mode.
    Last edited: Apr 21, 2016
  80. Samuelheng

    Samuelheng Addicted to LI Member

    updated build 136 on my R7000 and I'm having some issues with QOS.

    The QOS graph seems to be completely off, like the lowest class (crawl) class. Thank you.
  81. somms

    somms Network Guru Member


    Just confirmed bandwidth monitoring working OK on R7000, E2000 & E1200 flashed with v136.

    Are you guys using other than DHCP? I also seem to remember for WAN bandwidth monitoring to work correctly you had to be using the WAN jack on the router in case you have it configured differently or have the router working behind another router not plugged into the WAN jack...
  82. JoeyJoeJoe

    JoeyJoeJoe Guest

  83. callous

    callous Network Guru Member

    Hello Shibby,

    Since it's feedback welcome, I have flashed to 1.36 mega and encountered a bug with the OPENVPN client portion of the router.

    If I put in the Certificate Authority in Client 2, my 5ghz band disappears. Client 1 works just fine. I wonder if that module is running out of memory? I have configured Client 1 and it works, but once I attempt to configure Client 2 and stick in the Certificate Authority for Client 2 the router suddenly loses the 5ghz band. Remove the Certificate from Client 2 and the 5ghz reappears after a reboot!

    It's an odd issue but wanted to put this out there in case others encountered this and couldn't figure out what went wrong.

    Everything else works just fine - thank you for the firmware!
  84. somms

    somms Network Guru Member

    Seems bandwidth monitoring not working correctly with PPPoE
  85. segacorpceo

    segacorpceo Network Newbie Member

    I can also confirm that on my rt-ac56u v136 the bandwith stats are not working using ppoe ipv4.
  86. decoyoct

    decoyoct New Member Member

    Hi Shibby,

    I've been using your build for close to two years now. Thank you so much! You're actually the reason I bought this router (N300 WNR3500Lv2 - Tomato Firmware 1.28.0000 MIPSR2-136 K26 USB AIO).

    Since 135, it appears the my wireless devices can't connect to each other, as if some sort of AP isolation was enabled, but it isn't. My wireless devices can't see other wireless devices, but can see my wired devices. I can't cast from any phone to my Chromecast, and I can't print to my wireless printer from my wireless laptop. If I do a ping sweep on my phone using a network tools android app, only wired devices, the router, and the phone itself show up. I was able to print to my printer and connect to my Chromecast immediately after upgrading from 135 to 136, but the issue came up again a few hours later, if not sooner.

    It looks like someone else was having a similar issue ( but I didn't see any resolution. If there's anything I can do to assist with this (or if I missed something) please let me know.

    Also, Advanced -> VLAN leads to "advanced-vlan-r1.asp", which is just a white page. Taking off the -r1 seems to fix it.

    My upgrade path was: (older/unknown) -> 131 -> 132 -> 135 -> 136, and I erased my NVRAM when I did the 132 -> 135 upgrade, as recommended.

    edit: Didn't notice the 4/19 recompile. Just applied it.
    Last edited: Apr 22, 2016
  87. Lorenceo

    Lorenceo Networkin' Nut Member

    Yep, seems to be the case. Have updated old post.
  88. lsi235e

    lsi235e Networkin' Nut Member

    What filename did you use on the RT-N16 is the N version still recommended? Thanks
  89. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    That's often due to the router running out of NVRAM. Have a look at main status page.

    OpenVPN Certs eat a lot of space, and it's better storing certs in an usb medium. There's a tutorial around this forum on how to do this. Another alternative could be using Tinc, if your router's build supports Tinc at all and Tinc. Tinc has very small keys.
  90. fakedbatman

    fakedbatman Serious Server Member

    I noticed something in the MIPSEL version. I'm running an e4200 Mega-VPN 1.36 (I have two of these- one is a backup).

    I seggregated all of my Home automation on the e4200 2.4ghz band. No matter what I do, all wemos, and my honeywell lyric thermostats disconnect at around the 120-140 minute mark. The router is still accessible via lan. I resave the settings, and all devices connect back up, but then it happens again. Any ideas of things to check?
  91. callous

    callous Network Guru Member

    Sorry based on memory usage I would have to disagree:
    Before openvpn client 2 configuration saved:

    After openvpn client 2 configuration saved (then lost 5ghz band completely):
    Last edited: Apr 22, 2016
  92. deviantintegral

    deviantintegral New Member Member

    I reset to stock settings and still was unable to connect - and it's the same issue with the 136 release. It looks like it's actually association that is dropping on and off. If I run watch wl -i eth1 status, I see it drop every 5-10 seconds seconds. Also, there's this in the AP's logs:

    Fri Apr 22 01:34:48 2016 hostapd: wlan0: STA 50:46:5d:6e:85:50 IEEE 802.11: authenticated
    Fri Apr 22 01:34:48 2016 hostapd: wlan0: STA 50:46:5d:6e:85:50 IEEE 802.11: associated (aid 3)
    Fri Apr 22 01:34:48 2016 hostapd: wlan0: STA 50:46:5d:6e:85:50 IEEE 802.11: disassociated

    I just flashed asuswrt-merlin, and it's working fine as a client, so I think it's unlikely to be a config issue. Any ideas?
  93. w5pny

    w5pny Reformed Router Member

    I have this same problem with 132 on my RT-n66u having just gotten into a situation where I need wireless client.
    Does anyone now what the latest version is where wireless client works??????
  94. Bobby J

    Bobby J Reformed Router Member

    Shibby, I see that the non-USB builds were posted this morning. When you get a chance, can you update the MD5SUMs for the newly posted builds? They don't match for the new files posted today, 4/22 (e.g. Thanks
  95. monoton

    monoton Serious Server Member

    Thank you Shibby for a great firmware.
    I couldn't find any bugtracker for this project so I just post what I've found here.

    Router: Asus RT-AC66U
    Firmware: Tomato Firmware 1.28.0000 MIPSR2-136 K26AC USB VPN-64K

    1. QoS: Bandwidth Distribution (Inbound) shows that only the Default class is being used.
    Bandwidth Distribution (Outbound) looks good.

    2. Wireless channels when set to United States are weird.
    At 80Mhz only auto is available.
    At 40MHz only two channels are available depending on lower, upper (Lower:36,44 Upper:40,48)
    At 20MHz only four channels are available (36,40,44,48)
    The channels looks right if set to EU.
  96. Lorenceo

    Lorenceo Networkin' Nut Member

    Have been playing around with QoS settings, specifically the classification rules on v136. Previously had a catch all rule for connections over 2MB to be set to the default (low) priority, at the bottom of the list. Had another one above this classifying port 80, 443 and 8080 traffic up to 512KB as a higher class. After disabling the lower priority catch all rule the upload traffic on port 8080 is being put in the correct class. Seems that the latest versions may evaluate traffic classes a bit differently?
    Could very well be an error on my part, and QoS has been working in a way I wasn't intending prior to the Multiwan versions, and I just hadn't noticed.

    WAN traffic totals are definitely less than functional on PPPoE though.
  97. BryanMohr

    BryanMohr New Member Member

    Does anyone know the latest release that definitely works on a NetGear WNR3500v2 (the 4mb model)? And, is it available in a .chk format or do I need to pre-load something else first?

    I tried loading DD-WRT (so that I could upgrade to Shibby's 135 afterward) and semi-bricked the router. I got it back to stock, then tried using TFTP to install 135 Mini using TFTP and bricked it again. After several hours of trying to get it back to stock, I was able to do it by using the pin-short method (if that wasn't going to work, the router was going in the trash so I decided to risk it). Now it's up and running just fine but on the stock firmware which I don't really like.
  98. Brian_E

    Brian_E Reformed Router Member

    I tried build 136 on my RT-AC68U but several features were not working properly; in particular, no bandwidth monitoring and problems with saving logs to a flash drive. It worked for a few hours and then no matter what I tried, I couldn't get it to work again despite reformatting the flash drive, trying it in the USB 2 and USB 3 sockets, etc. I did do the NVRAM clears before and after and rebuilt the configuration from scratch.
  99. uneedus

    uneedus Networkin' Nut Member

    I tried 136 on my Asus RT-n16. IPv6 does not route, and the router does not send advertising. If I telnet into the router. I can ping6 both a workstation on the lan, as well as my gateway IP on the wan. However I cannot route packets via v6 thru the router. I am using native from my ISP, and have the Point to point link set up in the wan script. Everything works normally on 130. I reset the NVRAM and input all the settings in the GUI one by one from my list, using the exact settings and wanup script that I am using in 130. I looked at both routing tables and they are identical other than the mac address portion in the fe00 area, since each of the routers have a different MAC address. Since I must have V6 available, I reverted back to my 130 router for now.

    Any Ideas as to what is going wrong?
  100. Kanuki

    Kanuki Serious Server Member

    Hi... I just received my new RT-AC3200 today.

    I just flashed it with Shibby's build 136.

    I notice that Wireless signal from 5G/eth3 is very very weak.

    Is it normal here?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice