Tomato Shibby's Releases

Discussion in 'Tomato Firmware' started by shibby20, Feb 26, 2011.

  1. misuercarriere

    misuercarriere Reformed Router Member

    I'm currently using AIO AT-138 and have the option. Perhaps it's only for AIO? Maybe some other builds too?
  2. tomato

    tomato Network Newbie Member

    The asus router only has 4mb flash, So AIO is not an option. Maybe other can share their finding?

    I can only install Mini or mini IPV6 version.

    Sent from my SM-N910H using Tapatalk
  3. gary201

    gary201 New Member Member

    I have a Linksys E4200 v1 (2.5 and 5ghz radios). I've been running v1.32 for quite a while and yesterday updated to 1.4 (tomato-E4200USB-NVRAM60K-1.28.RT-N5x-MIPSR2-140-Mega-VPN.bin). I always do the full 15 second reset/power off/power on/release reset process, then manually reconfigure everything. What I have discovered is the 5ghz radio goes offline after a period of time, then after usually no more than a full minute, comes back up. Obviously everything using that looses its connection (phones, Linksys wumc710, etc.) Has anyone else observed radio disconnections similar to this? If it persists, I may just have to go back to v1.32 that I had been using for years.
  4. tomato

    tomato Network Newbie Member

    Sorry, this is obviously unrelated. But can you check if there is dns-crypt menu under network->basic, on you 140 version? Thanks

    Sent from my SM-N910H using Tapatalk
  5. gary201

    gary201 New Member Member

    I can't check that because I got fed up w/the radio outages on the 5ghz band and dropped back to v1.38 (which is still higher than what I was at, which was 1.32). The problem has not reoccurred since. There isn't a menu entry "dns-crypt", however, on the basic > network menu a checkbox for "Use dnscrypt-proxy", which isn't checked by default and not enabled, either on the versions I have been using nor when I was running v1.4.
  6. tomato

    tomato Network Newbie Member

    This is exactly what i was looking for. So you do have that option, mine doesn't have that. maybe because we run different package version. you were running Mega version and i'm running Mini version. can anyone else confirm that mini version doesn't include the dnscrypt-proxy package?
  7. imran khalid

    imran khalid Connected Client Member

    no such issue seen here, rock solid on e4200 v1, you must check your hardware mate if issue persists, 1.40 is non issue for sure
  8. imran khalid

    imran khalid Connected Client Member

    Thanks for super build 1.40, its rock solid on my old baby e4200 v1.
    i'm missing your support for ASUS RT-AC88U, any chance you support it? please
  9. eahm

    eahm LI Guru Member

    Not trying to push, any news/eta on AC1900P? Thanks.
  10. krux01

    krux01 LI Guru Member

    My iOS devices do not connect to wifi for a few minutes after waking them up. They connect almost immediately on firmware 1.32 and prior. I updated to 1.40 and the issue remains. I have cleared nvram and set all setting back up. But like I said this problem has been there in every release since 1.32. I am running AIO build on a RT-N66R (RT-N66U). Has anyone else seen this issue? If so is there a fix?
  11. maurer

    maurer Network Guru Member

  12. AndreDVJ

    AndreDVJ LI Guru Member

  13. Edrikk

    Edrikk Network Guru Member

    @AndreDVJ -- Since Tomato doesn't use patch files, I wonder if it makes sense to add a common word (maybe "TOMATO PATCH") to items like this (which I assume is a tomato specific change) to allow for third party components to become more "drop-in"-able. That way new devs can search for that string to know where they have do some merging when updating.

    The other option would be to do something similar to what I did with miniupnp (as much as possible), and wrap Tomato specific code in ifdefs, and submit upstream to allow for drop-in updates.

    For example:

    #ifdef TOMATO
      #define XAUTH_COMMAND "/opt/X11R6/X11/xauth -q"
       #define XAUTH_COMMAND "/usr/bin/X11/xauth -q"

    They may not accept such items upstream (as you could argue that every project would then have ifdefs), but if they do, it'll make life cleaner/easier for Tomato maintenance.
    M_ars and AndreDVJ like this.
  14. maurer

    maurer Network Guru Member

  15. mugs07

    mugs07 Network Newbie Member

    Is anybody using this @eibgrad script on something newer than 1.32 or possibly have all traffic go through ISP except selective IP's, which go through VPN?

    When I tried using it, I was unable to get any traffic to go through VPN or outside VPN. There may be issues with newer Multi-WAN firmware and the script (not sure what other alternatives there are for solutions for this scenario.)
  16. Cl00ny

    Cl00ny New Member Member

    Upgraded from 132 to 140 and now Miniupnpd isnt working anymore...
    Erased nvram several times and configured by hand.

    RT-N16 MIPSR2-140 K26 USB Mega-VPN

    edit: flashed 140 AIO but same result...
    does miniupnpd work for you guys ?
    Last edited: Jun 2, 2017
  17. bjlockie

    bjlockie Network Guru Member

    I would like to see the transfer stats use appropriate units (KB, MiB, GiB).
    2,583,395.00 KB is not as useful as it could be.
    Is it really KB or KiB? :)

    I would also like the TomatoAnon to highlight which record is your router.
    I suspect there is a parsing error with my record.
  18. Cl00ny

    Cl00ny New Member Member

    MINIUPNPD still not working for me in 140!

    Would be nice to get some help or a possible fix for my problem but no one seems to care, i guess u dont rely on upnp as much as me...
    Should i open my own thread about this ? - Im pretty sure that im not the only one with this problem ?!
  19. bjlockie

    bjlockie Network Guru Member

  20. Cl00ny

    Cl00ny New Member Member

    I need upnp for my gaming devices / gaming consoles to open ports automaticly for certain games and services.
    There must be a problem with miniupnpd in 140, cause it worked with no problem in 132... i dont even know how to debug this, im really relying on ur help guys.
  21. reimer

    reimer Addicted to LI Member

    I updated to v140 on a N66U using the AC build. I am using OpenVPN and have it set to the AES-128-CBC cipher.

    Previously, when I connected with any client, I can check the logs and it tells me it was connected with AES-128-CBC. Now after updating to v140, the logs are showing that it is connecting at AES-256-CBC. I have made no other changes to the VPN configuration. Both the settings in Tomato and my clients are still set to AES-128-CBC.

    I'm not familiar with the new security improvements in OpenVPN so I was curious if this was normal. Thanks.
  22. gary201

    gary201 New Member Member

    For my E4200 v1, my iPhone periodically will drop the 5ghz band connection and refuse to reconnect until the router is rebooted. I didn't have this issue with 1.32, but with 1.4 the 5ghz radio that stops working (everything looses the connection on that band). So I dropped back to 1.38 and now just the iPhone will stop connecting. I'll probably drop back to 1.32 this weekend, which is where I was and never had any issues.
  23. cloneman

    cloneman LI Guru Member

    I tried Shibby 1.40 on MIPS today. I've noticed the QoS bandwidth calculation on the right side is still missing (qos-settings.asp), ever since MultiWAN releases started. Last one to have them was v1.32.

    Will this be corrected?
    Elfew and Cl00ny like this.
  24. tapasr_56d18fd83b51b

    tapasr_56d18fd83b51b Network Newbie Member

    Has someone tested the RT-N66U firmware on a DSL-N66U. Because the DSL version of this router has both an Ethernet wan and DSL wan connection, I am curious if this could work. I am planning to buy this router, but I would love to use the shibby's firmware.
  25. maurer

    maurer Network Guru Member

    no, RT-N66u fw it's not working for DSL-N66U (you won't see - probably never - tomato on this device)
    if you really want FOSS software for DSL-N66U you could try openwrt/LEDE but the DSL part is not working...
    tapasr_56d18fd83b51b likes this.
  26. bjlockie

    bjlockie Network Guru Member

    Is there a process for asking the web interface be changed?

    I really think the web interface should use appropriate units (eg. 9,473.02 MB should be 9.47302 GB).
  27. JustinChase

    JustinChase Networkin' Nut Member

    You're the 3rd or 4th to request this since I did a couple weeks ago. I hope it gets changed soon also.

    Sent from my HTC6545LVW using Tapatalk
  28. Cl00ny

    Cl00ny New Member Member

    Please fix miniupnpd... was so happpy to test 140 but i cant live without a working upnp.
  29. Elfew

    Elfew Network Guru Member

  30. JustinChase

    JustinChase Networkin' Nut Member

    Are the kille72 builds the same source as shibby, just built more frequently, or is it something rather different? I read he's probably got the reporting fixed already, but I don't even know how or where to find his builds.

    Sent from my HTC6545LVW using Tapatalk
  31. Elfew

    Elfew Network Guru Member

  32. iv7777

    iv7777 Reformed Router Member

    Hey everyone, I've found the ARM build has a problem restoring all NVRAM variables back to the router from a configuration file saved before. For example, the following are not restored:

    Then I traced the problem back to nvram_arm/main.c in the source code in line 216:

    if (issyspara(p))
    nvram_set(p, v);

    What it does is to perform a variable name check, if it either contains "wl", "wan", "lan", or it's in the list of "shared/defaults.c", the variable will be restored using nvram set equivalent command. If not found, then they are ignored. This missing varaiables could potentially cause lots of problem after restoring a settings from a configutaton file. The solution is to either add all variables to "shared/defaults.c" or just disable the check. For simplicity, just comment it out, recompile and problem solved:

    // if (issyspara(p))
    nvram_set(p, v);

    I found out this problem may potentially exists in all ARM builds and I have attached the original and the fixed main.c file for your review. Hope someone could commit this in the git.
  33. kille72

    kille72 LI Guru Member

    Thanks! Can any programmer review this change please?

    /nvram_arm/main.c, line 216:

            v = strchr(p, '=');
            if (v != NULL)
                *v++ = '\0';
    -            if (issyspara(p))
    +        //  if (issyspara(p))
                    nvram_set(p, v);
                p = v + strlen(v) + 1;
                p = p + 1;
        return 0;
    Last edited: Jun 6, 2017
  34. tothjsz

    tothjsz Connected Client Member


    I have an Asus RT N18U router with Tomato Shibby v140 on it. I found an interesting "error":

    I have a home and a guest lan:

    01 internal - guest lan.png

    2 different wireless interfaces (+SSID) were created and assigned to these lans.

    02 virtual wireless interfaces.png

    The mac filter was/is switched on:

    03 mac filter is on.png

    Previously, if mac filter was switched on, then only known devices could connect to these wireless networks.

    Now, any device can connect to the 2nd wireless network, but only known devices can connect to the 1st.

    04 device list.png

    So, it looks like, the mac filter is valid for the 1st wireless network only. Is it ok? I think not, because the macmode is "allow" for both wifi network.

    05 macmode.png
  35. kille72

    kille72 LI Guru Member

    In what version does it work correctly?
  36. tothjsz

    tothjsz Connected Client Member

  37. kille72

    kille72 LI Guru Member

    Ok, I immediately suspect MultiWAN as the culprit...
  38. tothjsz

    tothjsz Connected Client Member

    Ok. Of course it doesn't disturb me, because it is much easier to configure the guest wireless network with version 140 (I don't have to switch off manually the mac filter for guest wifi).
  39. JustinChase

    JustinChase Networkin' Nut Member

  40. kille72

    kille72 LI Guru Member

    I compile only ARM versions...
  41. Edrikk

    Edrikk Network Guru Member

    The correct solution is generally not to by-pass checks (which in this case was likely put in to avoid unwanted nvram vars from being saved across routers I would think), but rather to add the missing ones to the "shared/defaults.c" list.

    For example, rrule0 is already there in the file, so others should be added below it.
    tsynik, Elfew, kille72 and 1 other person like this.
  42. kw_broadens

    kw_broadens Reformed Router Member

    Agreed. The general principle is that any data coming from "outside" should be validated.
    boardlord and kille72 like this.
  43. Elfew

    Elfew Network Guru Member

    Did you try to reset NVRAM and configure everything from scratch? No backups etc?

    EDIT: I am sorry, I saw your first post. Did you enable UPnP for your interface? You can find the settings in Port Forwarding -> UPnP/NAT-PNP -> enable UPnP + select at least one LAN (enabled on)
  44. JustinChase

    JustinChase Networkin' Nut Member

    Thanks for clarifying

    Sent from my HTC6545LVW using Tapatalk
  45. tothjsz

    tothjsz Connected Client Member

    Hm, it looks like I found the reason. Anybody can realize what the problem is, if she/he compare the macmode settings of version 132 and 140.

    This is the settings of version 132:
    macmode v132.png

    And this is the settings of version 140:

    macmode v140.png

    Yes, wl0.1_macmode is missing.......
    Elfew likes this.
  46. Elfew

    Elfew Network Guru Member

    Thx for debugging
  47. iv7777

    iv7777 Reformed Router Member

    Agreed, the best solution would be adding all variables to "shared/defaults.c" list. However, it might not to be very practical due to the following issues:
    • All variables used in all packages incorporated into the firmware need to be included in the list. This goal could be a little challenge, considering they all come from different developers and require a highly orchestrated team effort to make a complete list. Before this is done, at any given moment, the NVRAM restoration process will always has a flaw of potentially "missing" variables
    • Even though it will finally be done, it's still very tedious to add some variables such as "rrule1, rrule2, rrule20...etc." These variables are for Access Restriction rules, which could be many and who knows when this number would have to end. Just don't feel good to see adding from rrule1 to rrule99
    • What about some custom variables created by custom script ? If they are not restored it's simply an inconvenience for the user
    • The current variable name check is not very strict anyway. Any corrupted names with "wl" "wan", "lan" in it may still be imported. For example, adfnsadfawl878*(*& will be accepted because it contains "wl".
    I guess under the current circumstances, a more feasible solution is to work around it by having a CRC check during both saving and restoration process. The chance of corrupted variables is pretty much eliminated. However, this is just my thought and it is beyond my capability. It would be nice to see if someone have a better solution.
    kille72 likes this.
  48. aDarkness

    aDarkness Connected Client Member

    Hello Everyone! I was wondering if Shibby planned on/ has released a tomato version for the R7000P? Thanks!
  49. Lorenceo

    Lorenceo Networkin' Nut Member

    I've set up a different LAN subnet on my R7000 running v140 Multiwan for use as a guest network, on its own VLAN. It seems that there's a few bugs with it though.

    Firstly, on the guest network an IPv6 DNS server is announced. It's the router's IPv6 address. This in itself is fine, but while it will reply to pings, it won't answer DNS queries. This means any device connected on the br1 subnet is very sluggish to browse the web as the devices try to send DNS queries to the IPv6 DNS server, but don't get any responses.
    I do have it set to request a separate /64 for br1.

    Secondly, while connected to this subnet some websites do not work as reliably. A notable example of this is - it can't complete its upload tests due to a socket error:

    I suspect this problem may be related to having two WAN connections, as when I tried to reproduce this on another router (an RT-N16 also running v140) with a single WAN connection, there were no such socket errors.

    Does anyone have suggestions as to what the best way around this would be? Happy to provide any debug information that may be required.

    Edit: After a fair bit of setting tweaking it seems QoS is related to the socket errors. When QoS is disabled, devices on the second subnet do not run into the socket error. Turning QoS back on results in the error again.
    Last edited: Jun 12, 2017
  50. RBoy1

    RBoy1 Connected Client Member

    Yes I reported this issue sometime ago it was in v138 of the firmware. It was linked to a specific client. Everytime my one my portable WiFi bridge client connected to the network it cause the WiFi to go offline after a minute and then come back online but only then my WiFi client would no longer connect to it. Unfortunately I'm back to 132 as the most stable version. This was a WNR3500Lv2
  51. apreslin

    apreslin Connected Client Member

    I have the exact same behavior on version 140 on an Asus RT-AC3200. Happens about once a day or so, 5GHz goes offline for about a minute. All devices get disconnected then reconnect within a minute or so.
  52. James Bond

    James Bond Reformed Router Member

    Shibby 140 MIPSR1-140 K26 Max.
    Sometimes specific DNScrypt server fails to work as expected and I switch to another DNSCrypt server.
    After that Adblock behaves weirdly: log shows blocklist was loaded, but blocked addresses are resolved.
    The only solution so far is to reboot router.
  53. morebytes

    morebytes New Member Member

    Does anyone notice any bugs for DUAL WAN setting? Esp on Netgear WNDR4500V2 hardware?
  54. rs232

    rs232 Network Guru Member

    Last edited: Jun 16, 2017
  55. somms

    somms Network Guru Member


    Possible minor v140 bug for Shibby's attention:

    Running v140 since Shibby released, there have only been 2 instances where the tomato WINS using Samba file sharing service has seemed to stopped working (Network shares no longer auto populate on client computers connected to the network using WINS).

    Each time I noticeds WINS no longer responding, it is very easy to restart this service just by stopping selecting No to enable file sharing and then back to Yes, no authentication to re-enable again.

    Never had this issue under the previous v138 with the same gateway R7000 router and upgraded from v138 to v140 by clearing out the full NVRAM and then configuring the router exactly the same settings as the previous v138 so I don't believe this is an issue of previous NVRAM setting.

    Anyways, just wanted to pass on this very minor WINS service seeming to intermittently getting stuck and otherwise this v140 firmware has been just as rock-steady stable as the previous v138 on my R7000. Thanks Shibby!:)

    BTW: Anyone know what command I could enter under telnet in order to monitor if this samba file sharing service is still working on my R7000? This may aid me in troubleshooting next time I notice the client computers no longer auto populating network shares using WINS. Thanks!
  56. Kisch

    Kisch LI Guru Member

    Hi, I have upgraded my R7000 to Shibby v140 from v132 and have problem with Color Scheme. I have USB stick with Color Scheme attached to R7000. Same settings as I had with v132. I use this string in USB Support/Run after mounting:

    cp -r /tmp/mnt/FLASH_1GB/stornur_v1/* /var/wwwext/

    and cant make it work. With v132 it worked nicely.
  57. bax345

    bax345 New Member Member

    Hi I have a question on the CRC-32 in tomato firmware. I want to edit the .config file to disable all the crc components in it. I tried going through make menuconfig, and ran make after changing all the settings and saving it to .config. However, I kept getting /bin/sh: 1: mipsel-linux-gcc not found. How would I go about this process

    Thanks for taking the time out to help.
    Last edited: Jun 20, 2017
  58. redshibby

    redshibby Serious Server Member

    Last edited: Jun 26, 2017
  59. BrandonS

    BrandonS Serious Server Member

    I just updated to 140 and noticed while my TincVPN is connected and pingable, I can't actually get across the tunnel. This worked with multiple sites prior to upgrading to 140. I am using one site that is 1.1pre11 (132) and the other site with 1.1pre14 (140). I'm currently set to use compression of 10 (fast lzo) which may be the culprit. I did find a post on the tinc mailing list that sounds like the issue:

    Is anyone else using 1.1pre11 and 1.1pre14 together and if so with what compression? I am trying to narrow down whether this is the shibby 140 build or the tinc 1.1pre14 build so I can get a bug report to the proper group.

    EDIT: I just noticed no matter which compression value I use, in the Nodes Status menu the 140 build always shows "compression 0". It looks like the compression dropdown isn't setting the value. I need to confirm it is working with no compression once I can change one of the other nodes.

    EDIT for the EDIT: The compression was only showing 0 for the local host which appears to be normal behavior.
    Last edited: Jun 28, 2017
  60. AndreDVJ

    AndreDVJ LI Guru Member

    If I recall correctly, both ends must use the exact same Tinc version.
    Sean B. likes this.
  61. Sean B.

    Sean B. LI Guru Member

    I agree with AndreDVJ, they must be the same.
  62. Malakai

    Malakai Networkin' Nut Member

    Don't know if that is true for the connection of 2 Tomato routers but I have one Tomato by Shibby v136 router with Tinc1.1pre11 and 2 Debian Jessie servers with tinc 1.0.24-2.1+b1, everything working as expected (at least from a communication between the hosts point of view).

    PS : no compression used in my case.
  63. BrandonS

    BrandonS Serious Server Member

    I am able to confirm tinc 1.1pre11 and 1.1pre14 have been working together today after re-configuring my hosts not to use compression. I could get some of the 11's to use it together but once I introduced 14 everything went to hell. I had daemons start crashing and hanging up. I also had to add some manual port forwarding even though the script is set to firewall automatic. The only thing I noticed between the version mismatch which appears new is that I am geting a lot of errors on the older version:
    Jun 28 00:47:16 RT-10C37B417818 daemon.err tinc[24598]: Received late or replayed packet, seqno 0, last received 17578

    At this point I suspect it is a tinc issue and not a shibby issue.
  64. BrandonS

    BrandonS Serious Server Member

    I am liking the adblock integration in the newer shibby builds. Does anyone know how to get to the console or if that exists? I am seeing some inconsistencies with adblocking like it stops after turning off debug. I also haven't found pixelserv so I am hoping to dig into it a bit more.
  65. Jorge Benavides

    Jorge Benavides Reformed Router Member

    Hello guys:

    I'm using Shibby's MIPSR2-140 K26 Max on an E2000 converted from WRT-320N

    It's happened several times now, that when electricity fails, and the router comes up back again, it does not connect to the internet at all. Digging up a little bit, I find the field "Route Modem IP" in the Basic page gets some garbage in it (letters and such).
    I manually correct it to "" and internet becomes available again.

    Has this ever happened to you?
    Is it a known bug?
    Any ideas how to correct it?
    Or a scripted correction in order to clean up that field from the Init script?

    Thanks on any help offered.
  66. Darkseed

    Darkseed New Member Member

    In all MultiWAN versions of the firmwares K26RT-N and K26RT-AC above 132 for RT-N66U I found a bug that is that the network mask is not saved when the PPTP network type is selected. Those if you enter, after saving, the netmask returns to
    In the 132 version of the firmwares, with the PPTP network type in the Basic > Network > WAN / Internet, the network mask is stored and accepts the entered values.
    Is it possible to bypass this bug, which is available in firmware 136, 137,138 and 140 ?
    Thanks for the help!
  67. NutsN'bolts

    NutsN'bolts Network Newbie Member

    Hey folks, I can confirm that MiniUPnPd in 140 isnt working with PSN/XBL.
    Only Teredo (win7) is showing in the list after a while.
    Other services doesnt work and i get moderate or strict NAT, which is really bad for most online games i like to play... Could u please fix it or tell me how to fix it myself ? Thanks.

    RT-N66U, shibby 140 AIO
  68. jochen

    jochen Network Guru Member

    I found a bug concerning wget (and therefore DDNS custom urls):
    wget https:// is working on ipv4 connections, but not on ipv6.
    You can test it here:
    wget: error getting response: Connection reset by peer
    Both URLs are pointing to the same server, but one has only an A-record, the other only an AAAA-record.
  69. Lorenceo

    Lorenceo Networkin' Nut Member

    It appears that port forwarding on v140 doesn't work as expected on anything other than the primary WAN connection.
  70. Brian McIntosh

    Brian McIntosh New Member Member

    I tried v140 on an R7000 and it seemed to load OK. The issue I had was my openVPN connection to giganews would not connect. Everything was running perfect on 138. I have reloaded 138, and the VPN connects again just fine.

    The only error in the log was:

    Jul 10 02:33:37 unknown daemon.err openvpn[2281]: Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:31: tls-remote (2.4.1)

    If you look below, I have copied the tomato config page from giganews. (I would have posted a link, but cannot as I am a forum newbie!

    They have some entries for custom config:

    resolv-retry infinite
    keepalive 10 60
    tls-remote ---------------------
    verb 3

    The tls-remote section is the server address of the vpn used on the basic tab of the OpenVPN config. This seems to be the issue that is causing the VPN to not connect.

    I am back happily running on 138 now - no issues, same config.


    Tomato OpenVPN Setup Instructions for VyprVPN
    Using Shibby Tomato

    Determine if your router is compatible with Tomato firmware. We used Shibby's Tomato build for this tutorial; however, you may be able to apply these instructions to other builds of Tomato as well.

    Official Shibby Tomato Website: -----------

    Please note: We offer limited support for this configuration due to many variables that can cause connection or performance issues. This firmware is open-source with many versions and a growing list of supported hardware. We cannot guarantee VyprVPN's performance or functionality on your router.

    Bold items are things you will click or type

    1. Flash your router with the appropriate Tomato firmware build. *Take care in this process. Giganews cannot be held liable for any damage to your router, as flashing third-party firmware can "brick" the device, making it unusable.*

    2. Once the router is running Tomato, open your browser and navigate to the firmware interface by entering ----------- in the address bar. Press Enter.

      You may or may not be prompted to log in with credentials, depending on if you already set and Admin username or password in the firmware.

    3. On the left-hand side of the page, click VPN Tunneling, then click the OpenVPN Client sub-option.

    4. Configure the following settings in the Basic tab:
      1. Check the box for Start with WAN.
      2. Set Interface Type to: TUN
      3. Set Protocol to: UDP
      4. For the Server Address/Port section, you will specify your desired VPN endpoint. You may select a server name to enter in this field from the list below.
        VyprVPN Server
      5. Set Port to: 1194
      6. Set Firewall to: Automatic
      7. Set Authorization Mode to: TLS
      8. Check the option for Username/Password Authentication.
      9. Enter your Giganews username and password in the appropriate fields.
      Username Authen. Only should be unchecked.

      Create NAT on tunnel should be checked.

    5. Configure the following settings in the Advanced tab:
      1. Set Poll Interval to: 0
      2. Redirect Internet traffic should be unchecked.
      3. Set Accept DNS Configuration to Strict
      4. Set Encryption Cipher to: BF-CBC
      5. Set Compression to: Enabled
      6. Set TLS Renegotiation Time to: 0
      7. Set Connection Retry to: 30
      8. Verify Server Certificate should be unchecked.
      9. Copy and paste the following text in the Custom Configuration box:
        resolv-retry infinite
        keepalive 10 60
        tls-remote [host name of vpn server]
        verb 3
    6. Note: For the "tls-remote" line, change the example server hostname of --------------- to the desired server location hostname. It needs to match what you entered in the Server Address/Port field for the client options.
      1. In the Certificate Authority box, paste the text from this file: ---------------
      2. Click the Save button on the bottom right-hand side of the page.
      3. Once the settings are saved, press the Start Now button to initiate the connection. It may take several minutes for the connection to establish.
    7. Visit the link below to verify you are connected.

    8. Enjoy VyprVPN in your Tomato router!
  71. RMerlin

    RMerlin Network Guru Member

    tls-remote no longer exist in OpenVPN 2.4. Replace it with:

    verify-x509-name xxxxx
  72. NutsN'bolts

    NutsN'bolts Network Newbie Member

    Uhm, so no help with (my) miniupnpd problem ?
    Whats going on with the dev ? Is this project not active anymore ? :(
  73. Elfew

    Elfew Network Guru Member

    Try latest build from @kille72 - 2017.2 - it contains a lot changes. Without logs it is not possible to debug it and fix your issue -> provide more info!

    Tomato project is an open source, devs have own life and it is only a hobby, respect it!
  74. NutsN'bolts

    NutsN'bolts Network Newbie Member

    Well thanks for ur reply...
    So im basicly lost cause im not using a ARM hardware based Router, i dont even have one.
    I have got 3x RT-N16 and 2x RT-N66U.
    Which logs are u talking about ?
    I would love to give u guys more info but i dont really know which kind of info u need. :(

    Is this the fix for my problem ?

    Yes i do understand and respect it!
    Let me tell u that i have even donated a few years ago to honor their effort but i really cant understand why miniupnpd is not working anymore with the latest version shibby version.
    Upnp is important for me, at least for my gaming console(s) and a few online games i like to play in my freetime and thats why im so unhappy right now. Basically im just too noobish to understand why it shouldnt work anymore and im not skilled enough to help myself.
    All i know is that someone had the same problem with the lastest version (shibby 140) but idk if he fixed it himself cause he doesnt reply here anymore or to my pm's...
  75. PetervdM

    PetervdM Network Guru Member

    you probably have to return to v132 to get things running again. remember this is all "beta" firmware at best. maybe it will be solved in a future version. you will have to test that upcoming versions to see if they solve your problem. in that respect you may have to switch to arm in the near future mips development is lagging and new / upgraded functionality consumes more memory and nvram which are lacking in even the most recent mips routers.
  76. AndreDVJ

    AndreDVJ LI Guru Member

    Five routers... I wonder what's your setup, addressing, VLAN's if any, etc. I personally got two (R7000 and R8000) and my R8000 is turned off.

    You must first understand the purpose of uPnP, which is essentially a daemon which listens to requests from applications to forward TCP/UDP ports to the host where the request came from, so you don't need to forward ports to your hosts all the time.

    Then you should review your setup. Who's gonna serve uPnP? Who's running DHCP? Any VLANs with different addressing? Is someone being Double-NAT'ed?

    Any network configuration is ought to be as simple as possible, with few devices as possible.
    Elfew and kille72 like this.
  77. NutsN'bolts

    NutsN'bolts Network Newbie Member

    Thanks for ur help guys...
    Im only using my RT-N66U as my main router and one RT-N16 as a VPN client to serve 2 other clients on my LAN.
    Yes im using double NAT with a Fritzbox Router (Fritzbox Modem and Router (with no other clients besides my RT-N66U) -- WAN Port -- RT-N66U -- Gaming Console(s) , i dont see any other option than double NAT atm cause my ISP is providing VOIP over my VDSL connection (PPPoE vlan7).
    All my LAN and WLAN clients are going over the N66U, all DHCP, besides the fritzbox which has a static IP.

    Fritzbox (Modem + Router, only N66U as client)
    N66U with DHCP enable (all my network)
    WAN type: static (
    Im using the Route modem IP option to access the fritzbox over my (W)LAN.
    Btw, ive upgrade cause i wanted to try Adblock which really seems to be a nice feature.
    Selective upnp would be also great...

    I think that i will give AsusMerlin firmware a try, it seems that the dev has a decent acitivity and beta firmware doesnt break functions like upnp.
    I really dont need dual wan (at least if it breaks functions like upnp), just a up to date firmware (maybe security updates?, Open VPN, isolated guest Network and very basic QoS)
    If im happy with the firmware (stability and essential features (for me) like upnp and guest network, Basic QoS) im gonne donate a beer to that dev, maybe abit more if really happy ! ;)
  78. Mr9v9

    Mr9v9 Serious Server Member


    1. I haven't had a UPNP or even NAT-PNP problem since 129 so I am not sure what problems you are experiencing on 140? Three of my routers can forward the ports just fine.

    2. UPNP is a security risk so relying on it is just asking for problems and just plain lazy.

    3. Set your Router to Gateway Mode and forward your ports manually like other network pros.

    4. Stop complaining about not being able to play your games, and make your own forum post that is related to your problem.
    kille72, pedro311 and Elfew like this.
  79. kzrssk

    kzrssk LI Guru Member

    edit: n/m Asked the same thing a few months ago
  80. NutsN'bolts

    NutsN'bolts Network Newbie Member

    @Mr9v9, I get ur point and ur absolutely right...

    But pls dont get me wrong, I would just need UPNP for my PS4 devices (PSN).
    I know it sounds a bit lazy but upnp was the best scenario for me and my roommate, as we both require "NAT type OPEN" for some games.

    For example Rainbow Six Siege: With working UPNP the game opens the right ports automaticly and it will even work with two PS4's at the same time.
    I couldn't archive this with portforwarding, I've tried it before.

    I'm aware of upnp (on my entire LAN) being a secruity risk and thats why I was so happy to try a custom miniupnpd config with shibbys firmware.
    As far as i know shibby made it possible to select UPNP only for specific LAN devices with a custom miniupnp config in the GUI but I couldn't test it cause UPNP/miniupnpd has stopped working (for me).
    Maybe because of my setup(double NAT), i realy dont know.
    It's really driving me crazy that it worked before with no problem (without the usefull custom config option).
    Hope u guys can understand my point here...

    I think that i'm not that lazy but my english is not very good so it's hard for me to describe my problem and discuss with u guys.
    Trust me I feel sorry to waste ur time here and I also feel like a donk cause i cant help himself !

    Now i'll save up for a AC68U to give kille's build a try... ;)
  81. locossaurorex

    locossaurorex New Member Member

    Hi all,
    I try tomato-WZR1750-ARM--140-AIO-64K.trx on WZR1750DHPD, the flash was successful, and i get login page.
    But when i reboot router it bricks with this message in serial:

    check_trx: start flash1.trx
    Invalid boot block on disk
    check_trx: exit flash1.trx
    fw is broken
    blinking led 2
    break key pressed!!

    If i exec nvram erase, it goes back , but again on reboot it bricks.
    Someone have a solution ?

    Full Log :

    Copyright (C) 2000-2008 Broadcom Corporation.

    Memory Test start(0x00000000) end(0x07E00000) size(132120576)
    Data line test start:0x00000000 pattern 0x00000001 0x00000003 0x00000007 0x0000000F 0x00000005 0x00000015 0x00000055 0xAAAAAAAA
    Address line test start:0x00000000 len:0x7e00000 pattern 0xAAAAAAAA 0x55555555
    Fill test patnum:2
    fill Pattern 5555AAAA Writing... Reading...
    fill Pattern AAAA5555 Writing... Reading...
    Memory Test start(0x88000000) end(0xA0000000) size(402653184)
    Data line test start:0x88000000 pattern 0x00000001 0x00000003 0x00000007 0x0000000F 0x00000005 0x00000015 0x00000055 0xAAAAAAAA
    Address line test start:0x88000000 len:0x18000000 pattern 0xAAAAAAAA 0x55555555
    Fill test patnum:2
    fill Pattern 5555AAAA Writing... Reading...
    fill Pattern AAAA5555 Writing... Reading...
    Init Arena
    Init Devs.
    Boot partition size = 262144(0x40000)
    Found a Esmt NAND flash:
    Total size: 128MB
    Block size: 128KB
    Page Size: 2048B
    OOB Size: 64B
    Sector size: 512B
    Spare size: 16B
    ECC level: 8-bit
    Device ID: 0x92 0xf1 0x80 0x95 0x40
    DDR Clock: 533 MHz
    Warning: using legacy sdram_ncdl parameter to set DDR frequency. Equivalent setting in clkfreq=800,*0* will be ignored.
    et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller (r377098)
    CPU type 0x0: 800MHz
    Tot mem: 524288 KBytes

    CFE mem: 0x07E00000 - 0x07F9A984 (1681796)
    Data: 0x07E53480 - 0x07E53948 (1224)
    BSS: 0x07E53958 - 0x07E98984 (282668)
    Heap: 0x07E98984 - 0x07F98984 (1048576)
    Stack: 0x07F98984 - 0x07F9A984 (8192)
    Text: 0x07E00000 - 0x07E488F0 (297200)
    Boot: 0x07F9B000 - 0x07FDB000
    Reloc: I:00000000 - D:00000000

    Device eth0: hwaddr XX-XX-XX-XX-XX-XX, ipaddr, mask
    gateway not set, nameserver not set
    check_trx: start flash1.trx
    Invalid boot block on disk
    check_trx: exit flash1.trx
    fw is broken
    blinking led 2
    break key pressed!!
  82. Papka__

    Papka__ LI Guru Member


    Looks like there is a small bug with DNS servers configuration. If you used manual DNS servers setup in WAN settings and then changed to Auto, without removing manually previously entered values, old DNS servers still will be used together with received from provider. Have no idea if same behavior was in previous versions, but I found this in 140.
  83. ruggerof

    ruggerof Network Guru Member

    In your FritzBox GUI setup page, put your N66U as "Exposed Host" and in your N66U, manually forward ports to your PS4.

    Fritz.JPG AC68U.JPG
    NutsN'bolts likes this.
  84. NutsN'bolts

    NutsN'bolts Network Newbie Member

    First of all thanks for ur help !

    Just tested with exposed host option and shibby 140 but i will still get a Moderate NAT type, even with all RS:Siege Ports forwarded.
    I have rebooted both routers and my PS4 just to make sure.

    I'll create my own thread about this and I really hope that it can be done with tomato cause i love this firmware...

    Last edited: Jul 19, 2017
  85. JustinChase

    JustinChase Networkin' Nut Member

    it seems version 140 is not showing download traffic reliably, it's showing upload traffic only. I jumped from a much older version to 140, so I'm not sure where the problem started.

    I don't see the issue all the time, I sometimes see download traffic in the IP Traffic graphs, but then it just disappears.

    Any ideas how far back I need to go to get back to working traffic info?
  86. Elfew

    Elfew Network Guru Member

    It is fixed in the kille72's build
  87. JustinChase

    JustinChase Networkin' Nut Member

    That's great for those with arm processor, but I don't. So, do you know how far back i have to roll back to get a working version?

    Sent from my HTC6545LVW using Tapatalk
  88. Elfew

    Elfew Network Guru Member

    Unfortunately you have to wait for @shibby20 to release a new build with these fixes for older routers. Anyway you can try Toastman builds
  89. JustinChase

    JustinChase Networkin' Nut Member

    I just looked into Toastman's builds (I used it prior to Shibby's releases), and it seems his latest update (from changelog) is August of 2016, so I'm assuming it's not got any of the latest fixes and enhancements.

    Maybe I just need to buy a new router to get onto the arm branch, which seems to be updated more frequently.

    What would anyone suggest as a good, yet affordable router to upgrade to at this point?

  90. Elfew

    Elfew Network Guru Member

    @JustinChase - Toastman released a lot of build in early 2017, maybe try his 4shared folder.

    About new device, I had RT-N16 Asus for over 5 years (still working fine), anyway I moved house last year and I bought Asus RT-N18u (ARM based device) - it has a lot of RAM, FLASH memory and enough power for most of home networks... moreover full support from Tomato devs :)
  91. JustinChase

    JustinChase Networkin' Nut Member

    Thanks so much for the help and information. I'm going to start researching the router options that the OP shows as being supported.

    If I'm going to buy a new router, I'd like to get one that might be able to do reasonably fast VPN service also. My current router doesn't have enough CPU power to do the encryption anywhere near fast enough to be usable. I already have horribly slow satellite internet, and turning on VPN just makes it completely unusable.

    It looks like the Netgear R7000 has a 1Ghz dual core processor, which should be better than what I have. I haven't seen one with a faster processor so far. i can get one for about $120, which seems reasonable.

    I also found an ASUS RT-AC68U (T-Mobile version) for about $80, which also has a 1Ghz dual core procesor, which seems very reasonable.

    Anyone have any thoughts on choosing between these 3 options?
  92. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    In theory you can choose the one you like more, as they are very similar. You can even use similar software on both, since there's Merlin's, DDWRT and Tomato for both routers.

    Only difference that I have occured, yet, is that QoS isn't working in the Merlin builds for R7000, as is using vendor specific blobs on the Asus routers. Otherwise you are free to choose what you prefer or what's cheaper.
  93. SJMarty

    SJMarty Serious Server Member

    I have two RT-AC66R routers configured as router/AP. They were both running v1.28. Since I was running such an old version, I decided to try out the newer firmwares available (Shibby v1.40, Merlin v380.67_0, and stock ASUS v380.7743).

    I took the AP down and flashed to Merlin and then stock checking out both. When I went to flash from stock to v1.40 within the GUI, I get this message...

    Invalid Firmware Upload
    To comply with regulatory amendments, we have modified our certification rule to ensure better firmware quality. This version is not compatible with all previously released ASUS firmware and uncertified third party firmware. Please check our official websites for the certified firmware.

    I dug our my notes and saw that I should be flashing from the ASUS Firmware Restoration utility. Here is where it gets weird...

    No matter what what version of Shibby firmware I try to flash, after the router reboots, it's running v1.28 again!

    I've tried everything...30/30/30, clearing NVRAM, factory defaults, etc. I've tried to flash from stock to v1.30, v1.32, and v1.40. All with the same results. It makes no sense. I'm at a loss.

    My goal at this point is to run Shibby v1.40. Any assistance is appreciated.
  94. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    I had similar problems with an ASUS 66 once. I had to flash it using recovery methods (tftp) to actually make it work.
    SJMarty likes this.
  95. SJMarty

    SJMarty Serious Server Member

    Do you happen to recall the specifics? I tried the TFTP client in Windows and also a TFTP GUI client. Both say the binary was successfully passed, the power light stops flashing, but the router does nothing. I've left it for 45+ minutes and no change in the lights.
  96. Xstar13

    Xstar13 Network Newbie Member

    SJMarty likes this.
  97. SJMarty

    SJMarty Serious Server Member

    Would someone running v1.40 be able to post a screenshot of their "About" page?
  98. Malakai

    Malakai Networkin' Nut Member

    Tomato version is and will always be 1.28, no matter what.
    Shibby version will be 132, 136, 140, etc.

    So the correct place to look for versions is : Tomato Firmware 1.28.0000 - 140 K26ARM USB AIO-64K

    If you have 140 there, then you have the last version by Shibby.
    SJMarty likes this.
  99. ah1465

    ah1465 Reformed Router Member

    From advancedtomato v140

    Tomato Firmware 1.28.0000 -3.4-140 K26ARM USB AIO-64K
    USB support integration and GUI, IPv6 support, Linux kernel and Broadcom Wireless Driver (r456083)
    Copyright (C) 2013-2014 Tomato-ARM Team

    Tomato-ARM Team:
    - Michał Rupental (Shibby)
    - Ofer Chen (roadkill)
    - Vicente Soriano (Victek)

    - Complete interface re-design
    - GUI related improvements, optimizations and changes
    - Various themes and color schemes
    - AdvancedTomato logo by Jacky, re-vectored by WaLLy3K
    - Based on Tomato by Shibby

    Copyright (C) 2014 Jacky Prahec
    OpenVPN integration and GUI
    Copyright (C) 2010 Keith Moyer,
    "Shibby" features
    - Transmission integration
    - GUI for Transmission
    - NFS utils integration and GUI
    - Custom log file path
    - SD-idle tool integration for kernel 2.6
    - 3G Modem support (big thanks for @LDevil)
    - MutliWAN feature (written by @Arctic, modified by @Shibby)
    - SNMP integration and GUI
    - APCUPSD integration and GUI (implemented by @arrmo)
    - DNScrypt-proxy integration and GUI
    - TOR Project integration and GUI
    - OpenVPN: Routing Policy
    - TomatoAnon project integration and GUI
    - TomatoThemeBase project integration and GUI
    - Ethernet Ports State
    - Extended MOTD (written by @Monter, modified by @Shibby)
    - Webmon Backup Script

    Copyright (C) 2011-2013 Michał Rupental
    "JYAvenard" features
    - OpenVPN enhancements & username/password only authentication
    - PPTP VPN Client integration and GUI
    Copyright (C) 2010-2012 Jean-Yves Avenard
    "Victek" features
    - Extended Sysinfo
    - Captive Portal. (Based in NocatSplash)
    - Web Server. (NGinX)
    Copyright (C) 2007-2011 Ofer Chen & Vicente Soriano
    "Teaman" features
    - QOS-detailed & ctrate filters
    - Realtime bandwidth monitoring of LAN clients
    - Static ARP binding
    - VLAN administration GUI
    - Multiple LAN support integration and GUI
    - Multiple/virtual SSID support (experimental)
    - UDPxy integration and GUI
    - PPTP Server integration and GUI
    Copyright (C) 2011 Augusto Bott
    Tomato-sdhc-vlan Homepage
    "Lancethepants" features
    - DNSSEC integration and GUI
    - DNSCrypt-Proxy selectable/manual resolver
    - Comcast DSCP Fix GUI - Tinc Daemon integration and GUI
    Copyright (C) 2014 Lance Fredrickson
    "Toastman" features
    - Configurable QOS class names
    - Comprehensive QOS rule examples set by default
    - TC-ATM overhead calculation - patch by tvlz
    - GPT support for HDD by Yaniv Hamo
    - Tools-System refresh timer

    Copyright (C) 2011 Toastman
    Using QoS - Tutorial and discussion
    "Tiomo" features
    - IMQ based QOS Ingress
    - Incoming Class Bandwidth pie chart

    Copyright (C) 2012 Tiomo
    "Victek/PrinceAMD/Phykris/Shibby" feature
    - Revised IP/MAC Bandwidth Limiter
    Tomato-hyzoom feature
    - MySQL Server integration and GUI
    Copyright (C) 2014 Bao Weiquan, Hyzoom,
    Special Thanks

    We want to express our gratitude to all people not mentioned here but contributed with patches, new models additions, bug solving and updates to Tomato firmware.

    Based on Tomato Firmware v1.28

    Copyright (C) 2006-2010 Jonathan Zarate

    Built on Tue, 09 May 2017 02:43:20 +0200 by Jacky,
    Thanks to everyone who risked their routers, tested, reported bugs, made suggestions and contributed to this project. ^ _ ^

    Sent from my SAMSUNG-SM-N900A using Tapatalk
    SJMarty likes this.
  100. SJMarty

    SJMarty Serious Server Member


    It's rather embarrassing the amount of time that I'll never get back for making the mistake of looking at the top left corner of the GUI. :confused:

    Thanks, all.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice