Tomato Shibby's Releases

Discussion in 'Tomato Firmware' started by shibby20, Feb 26, 2011.

  1. Lorenceo

    Lorenceo Networkin' Nut Member

    Has anyone else noticed that openssl will sometimes lock up, generating a lot of CPU load while trying to download ad blocklists?
    Example below:
  2. eahm

    eahm LI Guru Member

    Any news on this?
  3. hshah

    hshah LI Guru Member

    Does anyone know if it is possible to update nginx on the router without having to update the entire firmware?
  4. ruggerof

    ruggerof Network Guru Member

    Install and run it from Entware-NG
  5. hshah

    hshah LI Guru Member

    Is it possible to install Entware on JFFS?
  6. hshah

    hshah LI Guru Member

    Well that was easy... did that, installed nginx. Now the original one is still there, so I just disable that from the GUI?
  7. Jose C

    Jose C Serious Server Member


    Sent from my iPhone using Tapatalk
  8. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    It has become really calm here! Are you all just happy with current release, or did so many people ditch Linksysinfo and Tomato? :(
  9. apreslin

    apreslin Connected Client Member

    I have used Tomato for about 7 years. The main reason I have stuck with it because I love the ability to see bandwidth usage of all the devices of my network in nice pretty graphs and tables along with logging visited web sites, and ASUS stock or DD-WRT doesn't give that.

    Unfortunately in the latest builds of Tomato Shibby, I have not been able to have a constant stable 5GHz network. I'm not sure where it started, although of course MultiWAN seemed to make the firmware a different animal. The issues started on my ASUS RT-AC68U. Hoping different hardware that runs on a different wireless driver might bring a different result, I upgraded to the ASUS RT-AC3200. I still have the issues with unstable 5GHz. About once a day or so, 5GHz seems to go down and all devices disconnect. I know that going back to version 132 may fix the issue, although I don't want to stay frozen on a build from 2015. I have seen others in this thread also report this issue. I have also seen some other network stability quirks, but it's hard to definitively say it's the wireless and not my device or WAN connection in those cases. I do not see any issues logged at the issues tracker describing this issue, so not sure if I'm just having bad luck or it's not impacting a significant amount of other people. Yesterday, in hopes of fixing the stability, I decided to give Kille72's fork a shot. So far so good, but it's only been a day. Although, I've read through the changelog and do not see any changes that are obvious regarding 5GHz stability so I have low expectation there.

    I do understand that can be the nature of using 3rd party firmware, and I'm definitely thankful for all the time and effort Shibby and others have put into it. I have researched all the options and tried tweaking various settings that I thought may possibly affect it, but have never been able to eliminate the drops. I've tried different channels of course. It's frustrating since of course the best speeds with limited interference is on 5GHz 802.11ac, and I have 15 devices on 5GHz and 9 on 2.4GHz on my network.
    Last edited: Aug 28, 2017
    RichtigFalsch likes this.
  10. Tomato User

    Tomato User Network Newbie Member


    I'm using this as a wired setup.
    When I do a speed test, download speed is 40Mbs slower than if I watch a youtube video while doing a test.

    My dlink gets good speeds without a youtube video running.

    anyone know why this is happening?
    Supposedly the Asus is good for 700Mb+


    Last edited: Aug 27, 2017
  11. NutsN'bolts

    NutsN'bolts Network Newbie Member

    @asprelin: Same here, any multiwan version was bad for me.
    I'm still on 132 cause i need (selective)upnp and that doesnt work for me with any multiwan version.
    I've also read that Tomato wont support SQM Qos with fq_codel and thats something i would really love to try to get rid of the bufferbloat and latency spikes when downloading and gaming.
    I really love Tomato but i guess i have to switch to LEDE Project (open wrt) soon.
    Same as aspreslin i dont wanne stay on a 2015 build forever...
    apreslin and RichtigFalsch like this.
  12. Tomato User

    Tomato User Network Newbie Member

    I was using tomato-K26USB-1.28.RT-N5x-MIPSR2-140-AIO-64K now I loaded tomato-K26-1.28.RT-N5x-MIPSR2-140-Mini.
    Same results.

    *Also I am unable to disable IPv6 IPSec Passthrough.
    After saving if I refresh the page, its checked again.
    Last edited: Aug 27, 2017
  13. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    Unless you need MultiWAN maybe Toastman's build woudl b best for you? He adds only most important features to his builds and has the focus on stability.
    After years of experiments even my old 3500Lv2 seems to be running fine now.
    apreslin likes this.
  14. Mihai Olimpiu-Cristian

    Mihai Olimpiu-Cristian Networkin' Nut Member

    That's a MIPS CPU, Tomato doesn't enable CTF on MIPS so forget about that 700+. Best performance boost is obtained by enabling fast nat by typing modprobe bcm_nat. Give it a try. Best case scenario you will get 200-250 mbps.
    About the speed increase when watching a movie: I have no clue. Could be some kind of weird ISP throttling?

    Sent from my MI 6 using Tapatalk
    Tomato User likes this.
  15. Tomato User

    Tomato User Network Newbie Member

    Thank you.
    I have a dlink and it gets full speed with no youtube playing.
    I will try fast nat, thanks


    It does seem to work
    Are there any security implications using modprobe bcm_nat?

    Last edited: Aug 28, 2017
  16. apreslin

    apreslin Connected Client Member

    I'm glad you suggested this. I knew Toastman builds existed, but never really investigated it since it seemed like Shibby was the most popular and active in development. I don't need features such as MultiWAN and stability is important to me. I just put Toastman on my ASUS RT-AC3200, and if it keeps 5GHz stable, I don't think I'll look back.

    I notice you can use DFS channels too, something that you couldn't do with Shibby as described in
    Last edited: Aug 28, 2017
    RichtigFalsch likes this.
  17. asturnauta

    asturnauta Addicted to LI Member


    I have an Asus rt-AC68u with this firmware. This router has a button to turn on/off leds.
    It is possible to enable this button with this firmware?

    Thanks a lot.
  18. Sean B.

    Sean B. Network Guru Member

    There's no support for the button yet, or will be at all that I'm aware of ( not sure why though ). However, the LEDs can be controlled from software via modifying the StealthMode script.
  19. poiu12

    poiu12 Connected Client Member

    It depends. With recent progress in Fast Path, it's possible to get faster speed on MIPS cpu. It's even possible to run some qos functions at the same time, which is impractical for CTF. Hope Shibby will adapt Fast Path into tomato soon.
  20. Mihai Olimpiu-Cristian

    Mihai Olimpiu-Cristian Networkin' Nut Member

    That is new... thanks for sharing.

    Sent from my X98 Plus 3G using Tapatalk
  21. PeterT

    PeterT Network Guru Member

    From looking at that link, it's for LEDE that in turn is based on OpenWRT and is using a kernel 4.xxxx.

    I seriously doubt that it could be back ported to Tomato

    Sent from my Nexus 7 using Tapatalk
  22. The Master

    The Master Network Guru Member

    LEDE has the same Limits as Tomato. Most WLan drivers are NOT OpenSource. So Example. My R7000 Router has LEDE Support BUT NO Wlan.
  23. sandspike

    sandspike Network Guru Member

    Looks like Toastman's builds have no updates, and Shibby's updates are always unstable and focused on Multi-WAN. I'm thinking this could be the end of my Tomato experiment on my R7000. Just too many stories of unstable builds, so I am still on Shibby 1.32, what is everyone else running? I read in Toastman's thread that Koitsu left....that's not good.
  24. Mr9v9

    Mr9v9 Serious Server Member

    You guys talking about users leaving, wanting to leave, or even issues that never seem to get fixed have to just stop depressing everyone else. Some users just have bad luck, suck at their job, or seriously don't know what the hell they are doing with electronics in their home. There is going to be a disagreement but the facts are buried here for everyone to read.

    Tomato has always been unstable because there are users who always want it to do something new with outdated code or tools...without paying for the development mind you. (Yes I know most of you who donate.) They would like it to match the latest and greatest features after playing with something that offers them those tools.

    All the great devs here including @shibby20 have poured more time and effort than you or I would ever want to devote, just to keep us end users happy and getting what they want out of this experiment. The miles of complaints are just insane...yes there are issues, have I experienced them? Not to the same level as some of the crazy stories I have read on here over the years that are borderline occult. But to give up because some graph is the wrong color now, or my f*(&^%#$ UPnP isn't working anymore! Just makes zero sense to users like me for a Beta firmware.

    Here is the solution to all your complaints:
    If you are a Pro that requires certain features working out of the box and it is mission critical, then seriously just get yourself a Mikrotik or Meraki router for your business right now. What were you thinking?

    If you are still having "wifi range/stability issues" get yourself an enterprise WiFi deployment using something like Ubiquiti. Set your configs for range to "Auto" and stop tinkering for "The Most Powerful WiFi in the Area!"

    If you have no idea what you are doing here and following the herd with your Router, then get yourself something with a simple GUI like TPLink or Asus. Don't leave though, learn! :D

    If you are a fancy boy, fancy girl, or fancy gender-neutral :oops: and like impressing your friends with your Router, but you have no idea what you are doing, then try out a Synology router for a change of scenery.

    If you are a weekend techie and understand what you want out of your home network, then hack your Router & use one of the fine updated builds of DD-WRT towards your setup, plus a change of pace!

    If you are one of those "cool guys" that likes to hang out here, get yourself two Routers, both with great Tomato support, and try out different flavors, configs, settings on the second one. That firmware list is long with many branches! Get a stable setup running that makes you smile :D, then set it as the heart of your main network and forget about every problem you ever read on these forums. If issues crop up you can always go back to to your old one right? As always we are all here to help you! ;)

    If you are a hardcore user and knows how to make your Atheros enabled SoC with UART ports hanging out an off the grid anywhere Router, then why are you even here reading this? Get your ass back to compiling for your 80+ packages on your custom setup of OpenWrt.

    Let's not make this leap to the end of Tomato on page 80. We still have a ways to go to get to page 100 you know?
    TRIUMF, QQQTJ, Elfew and 8 others like this.
  25. NutsN'bolts

    NutsN'bolts Network Newbie Member

    Ahh sorry, but you have triggered me with this sentence... :(
    You are talking about beta firmware but the last "stable" build of shibby is v132 of 2015 !!
    What I'm trying to say is that I can understand people who don't want to stay forever on a two year old build to not break things that have worked properly before.

    Well i can only speak for my self but I personally dont need and want any crazy new features.
    To be honest, I dont even know what features you mean.
    Adblocking with the Router would be nice but recent Vpn-Client/openvpn updates and working upnp is all I need.
    I think that I understand what Beta means, but new things should be beta, not old features imho.
    So basicly im not the guy who requested anything, im just the one who cries when something essential (for me) isnt working anymore..

    For me it seems like that there is no real quality control with those beta builds if it breaks simple things like UPNP.
    Sorry but i can't mention this often enough.

    Of course I can upgrade to arm-based and Tomato-supported hardware to test kille's build but currently I have no reason to do so.
    I would really love to help with those "betas" but I guess my knowledge and skill is too weak to be a helping hand...

    Anyway, I've switched to a WRT1900acs and try my luck with LEDE ...
    But I still like tomato and I'm not saying I'm finished with it ;)

    Sorry for my bad english and keep up the great work !!
  26. RMerlin

    RMerlin Network Guru Member

    These are one-man projects. It's not like we have a team of dedicated testers in a QA department to test every single aspect of our development.
    TRIUMF, Darkbing, QQQTJ and 5 others like this.
  27. NutsN'bolts

    NutsN'bolts Network Newbie Member

    You are right and I honor your work. Trust me on this !

    All I can say is that tomato was always great and "very stable" for me.
    I've used Victek's builds in the past and ended up at Shibby's.
    I dont use any crazy features and configurations and with Tomato my Router never had any stability and performance issues.
    Maybe i ran into a few QoS problems but most of them were probably my own faults, as i'm not a extra skilled techie guru like others here.

    So for me it is time to switch to something new, which is updated more frequently and has some new features i like to try out.
    For example SQM QoS...

    I will still use tomato for my access points and maybe for selective VPN, if I don't run into performance issues with my new line 100/40.
    And I will probably miss the nice GUI of Tomato. ;)

    Sorry for so much OT !
  28. Dhaval Shah

    Dhaval Shah Network Newbie Member

    Hey guys I have been using tomato on many routers for years

    Recently I bought Asus RT as 56u and found some bugs
    1. USB drives don't mount after power off/reboot
    Unless unplugged and plugged again
    2. When bandwidth limiter is enabled USB storage reads speeds go to a very slow like 200KBps which is very weird
    I have 500 gb her formated to ext 4
    Have tried other pendrives in diff formats too
  29. AndreDVJ

    AndreDVJ LI Guru Member

    Both read and writes to USB drives are slow when bandwidth limiter is enabled on ARM routers. I guess there's no fix for this issue.
  30. RaStr1

    RaStr1 New Member Member

    Hello, can anybody help me how to enable QOS properly for VPN connection (PPTP client). Currently I can see that all VPN traffic is not matched against any QOS Match Rule, I believe it is because in iptables I can see all VPN traffic only in the PREROUTING chain of mangle table but not in the FORWARD or OUTPUT where QOSO chain is referred. So I do believe that I have to add some new rule into PREROUTING chain for VPN interface(s) but since I am not expert in iptables nor QOS I do not want to screw-up my router.
  31. ziddey

    ziddey Network Guru Member

    Is there a way to specify a specific bssid for a wireless client? There are multiple APs with the same SSID and it somehow always ends up connected to the weakest one. I can specify a channel but it seems to hold no bearing. If I disable and re-enable the wifi, it will almost always connect to the stronger AP, but will be back to the bad one a few hours later.
  32. gawd0wns

    gawd0wns Network Guru Member

    I applaud everyone for the work they have put into this firmware, and the support many in the community have provided over this forum. You have built something truly remarkable. Instead of complaining, I think people should be asking themselves how they can help this project continue, and grow.

    I have donated in the past, and I would honestly be happy with paying for this firmware if it meant attracting/hiring more developers, continued development, and to pay people for their hard work. I think this is a question every large open source project faces sooner or later, and let's face it, life happens and our priorities change. Whether as a not-for-profit, or for-profit entity, doesn't matter to me. It might be even more onerous, and more time consuming-I don't know-This is ultimately up to the developer.

    Just putting it out there out.
  33. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    The problem is the new hardware as we know. WiFi is having more and more trouble, because of the old Tomato-Kernel. So Tomato has changed from the probably most stable and performant firmware ever (on WRT54s) to a plattform with sub average stability (but still great usability). It's not too bad, but the perfection on the original Linksys just has set near unsurpassable standards.

    The idea (was it from Toastman or Koitsu?) of having the Tomato GUI using some current backend, like DD-WRT (with it's horribly outdated GUI) seems more and more interesting with recent hardware changing even more.
    Also I though about using tomato just for gateway-routing and using an additional access point for WiFi as an option.
    Fredrik likes this.
  34. eahm

    eahm LI Guru Member

    @RichtigFalsch, OT here, I haven't tested recent Linksys routers, are they really that good and stable? Maybe it's time to test one again?
  35. Tom Parkison

    Tom Parkison Addicted to LI Member

    Is anyone else experiencing router lock-ups and WiFi just dying after some time of being up? I had to reboot my router last night because the 5 GHz WiFi just completely died, after rebooting the router 5 GHz started working again. It was up for about 30 days and then all of a sudden things just went to crap.
  36. maurer

    maurer Network Guru Member

    that's why i've scheduled a weekly reboot on my e2000
    Malakai likes this.
  37. calcousin55

    calcousin55 Reformed Router Member

    I haven't had any problems on my Asus RT-N66U its been up for a couple of months with no issues
  38. Guso.

    Guso. Networkin' Nut Member

    I've that issue with my E2000 as well and my solution was to disable logs of everything, including ad-block, I've no technical explanation for this but it's running as I'm writing for like a year or so
  39. RichtigFalsch

    RichtigFalsch Addicted to LI Member

    It's a gradual thing. The closer to the original hardware the better, because the base of Tomato couldn't be changed since then. So for example the step from the latest supported MIPS models (like the ASUS RT-AC66U) have much less problems than ARM based routers (modt current models). But even those later MIPS models won't run as stable with Tomato as the older MIPS1 devices and so on.

    Of course with too old hardware you lose all 'modern' features, like 802.11ac or Gigabit-LAN.
    That's why I said, that maybe using an old WRT54 with an external GBit-Switch and an additional 802.11 Access Point was a great solution, regarding stability and performance. Only the Gateway-Bandwidth would be limited by the router's speed, at higher speeds than about 30MBit/s.
  40. eahm

    eahm LI Guru Member

    I've been using Tomato for like 15 years and here I completely missed your point, I thought you were talking about the newest Linksys Routers compared to all the other main brands.
  41. bobneville

    bobneville Networkin' Nut Member

    Me too.

    Enviado desde mi iPhone utilizando Tapatalk
  42. Guiness17

    Guiness17 New Member Member

    Loaded Shibby 132 and 140 AIO on a Netgear R6300 V1, and not seeing AC. Wireless network mode drop down box doesn't have an option for AC, and when I selected Auto I seen an 'N' network. Am I doing something wrong?
  43. AndreDVJ

    AndreDVJ LI Guru Member

  44. Sean B.

    Sean B. Network Guru Member

    A wireless N configuration, at least on Toastmans firmware, will enable AC. My 5ghz is configured as

    Mode: Access Point
    Network Mode: N Only
    Preamble: Green Field
    Channel width: 80mhz
    Security: WPA2
    Encryption: AES

    SSID 5 : edit
        Network type            : Infrastructure
        Authentication          : WPA2-Personal
        Encryption              : CCMP
        BSSID 1                 : 08:62:66:xx:xx:xx
             Signal             : 99%
             Radio type         : 802.11ac   <------------
             Channel            : 56
             Basic rates (Mbps) : 24 39 156
             Other rates (Mbps) : 18 19.5 36 48 54
  45. TTROUT

    TTROUT Reformed Router Member

    Your MCS rates show, that it is not in AC mode.
    And Radio Type is only telling you, that it carries the ac compatible flag.
    No you did not enable AC mode:)
  46. Sean B.

    Sean B. Network Guru Member

    Yes, it is ac mode. That was from my laptop which does not have an ac card. Didnt think I'd have to prove it to the extent. When home, I'll post one from the desktop which does. It's not that hard to figure out.
  47. Sean B.

    Sean B. Network Guru Member

    Here you go, from the desktop with an AC card:

    SSID 4 : edit
        Network type            : Infrastructure
        Authentication          : WPA2-Personal
        Encryption              : CCMP
        BSSID 1                 : 08:62:66:xx:xx:xx
             Signal             : 99%
             Radio type         : 802.11ac
             Channel            : 56
             Basic rates (Mbps) : 12 24 58.5
             Other rates (Mbps) : 18 36 48 54 526.5
    And in case that's not enough, here's a link to the thread where @AndreDVJ confirmed my findings when I came across this fact:
  48. jontis

    jontis New Member Member

    I was looking around because I try to get an X11 ssh jump via tomato to work.
    When I read dropbear / options.h, X11 seems commented out, as default. Is it enough to uncomment before build to enable X11 and get the jump to work?

    Can this enabled dropbear just be copied into the router or is the process more complicated?
  49. Guiness17

    Guiness17 New Member Member

    What are you using to display your MCS rates? A search turned up InSSIDer.
  50. Sean B.

    Sean B. Network Guru Member

    Windows command prompt:

    netsh wlan show network mode=bssid
  51. maurer

    maurer Network Guru Member

    It's more complicated(compiling needed) so just install openssh from entware as I've already suggested via pm
  52. jontis

    jontis New Member Member

    Per advice to get a full feature ssh server in tomato, I've installed entware-ng on a usb-stick.
    There we're some steps that were not fully clear, and I'm stuck on some problem.
    The server seems to fail user authentication with sshd Account root has expired

    This is /etc/shadow:

    Normal login with the accounts work. Any help and suggestions about where to look for the problem would be appreciated.
  53. WaJoWi

    WaJoWi Serious Server Member

    Hi folks

    Since I set up several vlan, port forwarding doesn't work anymore. What could be the reason for this?
  54. maurer

    maurer Network Guru Member

    solution here
    vi /etc/shadow

    And edit the line for root, making changes at the bold areas.

  55. jontis

    jontis New Member Member

    Many thanks for advice. I've also found similar information and tried changing that number in /etc/shadow to different positive number but to no avail. I also copied the numbers from the shadow file on my mint installation. not working either. I'm certain that sshd reads /etc/shadow in some way because it notices when a user is not in it, but it keeps saying that it is expired.

    cat /etc/shadow


    cat /etc/passwd

    log of failed logins:
    Oct 2 15:58:06 unknown sshd[2737]: Server listening on port 22.
    Oct 2 15:58:06 unknown sshd[2737]: Server listening on :: port 22.
    Oct 2 15:58:14 unknown sshd[2739]: Account sshd has expired
    Oct 2 15:58:14 unknown auth.err sshd[2739]: error: Could not get shadow information for NOUSER
    Oct 2 15:58:14 unknown sshd[2739]: Failed none for invalid user sshd from port 56611 ssh2
    Oct 2 15:58:15 unknown sshd[2739]: Failed password for invalid user sshd from port 56611 ssh2
    Oct 2 15:58:17 unknown sshd[2739]: Connection closed by invalid user sshd port 56611 [preauth]
    Oct 2 15:58:22 unknown sshd[2742]: Account root has expired
    Oct 2 15:58:22 unknown auth.err sshd[2742]: error: Could not get shadow information for NOUSER
    Oct 2 15:58:22 unknown sshd[2742]: Failed none for invalid user root from port 56612 ssh2
    Oct 2 15:58:25 unknown sshd[2742]: Failed password for invalid user root from port 56612 ssh2
    Oct 2 15:58:27 unknown sshd[2742]: Connection closed by invalid user root port 56612 [preauth]
  56. maurer

    maurer Network Guru Member

    i've actually add a secondary user for dropbear access and i just test it and worked:
    grep maurer /etc/shadow
  57. WaJoWi

    WaJoWi Serious Server Member

    Doesn't anyone have an idea? :-(

    Port forwarding does not work in any of the networks (vlan). So neither in the main network ( nor in the second vlan ( I've already disabled all firewall rules and tried iptables. Unfortunately, I had no success. Does anyone else have a similar configuration running that does port forwarding work or knows what I need to change?
  58. jontis

    jontis New Member Member

    It worked for me with dropbear with manual (sed) edits of the passwd and shadow file, but not for openssh-server. Not sure why.
    I got it working with openssh-server when I used the shadow suite to add user and passwd. I might have done something wrong too, this was complicated for me.

    Now is the issue of getting xauth to work for a tunneled jump with X11 forwarding :)
  59. poiu12

    poiu12 Connected Client Member

    TCattd likes this.
  60. Elfew

    Elfew Network Guru Member

    RogueScholar and TCattd like this.
  61. DOFFactory

    DOFFactory Reformed Router Member

    Yeah, the best would be to rebuild also the version 132, as most of us are still on that version, without the physical access to the router :-/ @shibby20, please consider...
    jerrm, mmosoll and molnart like this.
  62. maurer

    maurer Network Guru Member

    it will never be solved by shibby alone.
    the fixes must come from broadcom - as the driver is closed source - so most likely we'll never see this fixed...
  63. zyrex

    zyrex Networkin' Nut Member

    Same here had to downgrade to 132 as after the addition of multiwan, the wifi started acting up a lot.
    love the stability of 132, but security concerns such updated vpn, and now the wpa2 is worrying.. :(
  64. pomidor1

    pomidor1 Networkin' Nut Member

    Shibby said no,
    no it's no ;-)
    There are others here, headed by @AndreDVJ, who could do it,
    new tomato 132; ask them
  65. P2q000

    P2q000 Network Newbie Member

    do you have a link to Shibby No? Is tomato router not maintained software?
  66. pomidor1

    pomidor1 Networkin' Nut Member

    no more 132 tomato, only multivan 138 , 140 propably 141 etc. multivan
    in polish forum Shibby said
  67. Elfew

    Elfew Network Guru Member

    There is not reason (and it seems to be almost impossible to integrate all changes since multiwan addition to old v132) to update v132. MultiWAN is stable enough, try and you will see.
    RogueScholar and MongooseProXC like this.
  68. pomidor1

    pomidor1 Networkin' Nut Member

    I have a multivan and I'm happy, but a lot of people use version 132
    I think apart from Shibby there is a specialist who would be able to add security patches and new versions of vpn, nano etc. This is not mission impossible ;-) especially for ARM routers and maybe someone would be tempted to do something like this.
    No need to move everything
  69. zyrex

    zyrex Networkin' Nut Member

    Thanks for the info Elfew and pomidor1, think i reverted after 134, ill try the latest and see how my RT-AC66U feels about it this time :).

    * Just remember anyone upgrading again to clear nvram and add your settings manually as what I remember the settings parameters changed between 132 and 133 onwards.

    @pomidor1 by chance did shibby mention anything about wpa2?
    dd-wrt, lede-project seems they both have it patched.
  70. pomidor1

    pomidor1 Networkin' Nut Member

    no it is not possible
    this is a bug, bradcom bug driver, they are precompiled and for years have no new open source, then the asus or broadcom must correct the bug, release open source precompiled drivers, it's possible but unlikely, Shibby is waiting for it for years.
  71. DOFFactory

    DOFFactory Reformed Router Member

    Well, since between me and a router there is cca. 10.000km (ie. I have no physical access, while the router is used by users), and the upgrade from v132 to anything above (with multiwan) will break the settings, @shibby20 or whoever else should kindly consider providing this last upgrade of this ROM. I think it will take 1h of compiling...
  72. Fishkniktommac

    Fishkniktommac Serious Server Member

    Multivan is full of BUGs and and does not work for me at all.
    I also use 132 ! In this version WPA2 Enterprise certificate authentication via radius
    EAP-TLS is working.

    The 132 will be probably not be fixed. We got to switch to DD-WRT now?
  73. JoeyJoeJoe

    JoeyJoeJoe Guest

    @DOFFactory @Fishkniktommac

    I'm moving my R7000 to stock once my ER-X arrives and my N66U is now on Merlin. They will be patched soon enough, have slightly better range and I'll have lots to learn which can be both fun and frustrating. I'll even have the option to try LEDE, but not until a simpleton such as myself can easily revert back to stock. It's certainly more constructive than going Sergio Leone with the The Bold, the Underlined and the Italic. Whatever happened to gratitude and grace?

    Perhaps the writing is on the wall or maybe there is still a bright future for Tomato. Either way I'm thankful for each release @shibby20 and Toastman have brought us.
    Last edited by a moderator: Oct 23, 2017
  74. maverick9

    maverick9 New Member Member

    Haven't ran the openssl s_client option but, do you have any idea's on how to disable weak ciphers like DES-CBC3-SHA?
  75. AndreDVJ

    AndreDVJ LI Guru Member

    As someone who maintains a repository, I am getting very upset...

    Essentially there are 20 months of work since 132.

    In my own repository, I can track over 700 changes since 132, and some of them I had spent many hours to make them work (and not to mention how many times I bricked my own router).

    Ohh I pushed a commit with few lines of code, and probably drove me mad at some point. Piece of software worth mentioning:

    1) dnsmasq and its hacks
    2) OpenSSL - thank goodness I got rid of most of its hacks, and implemented something better
    3) libcurl - each update is a whole new adventure
    4) busybox - stay away from this it's gonna melt your mind
    5) nano - I don't think even the maintainers test their own tarballs
    6) cstats/rstats - I regret every second spent at them
    7) Recently that RADIUS stuff - I have some leads around nas binary and script, but I will not do anything to debug these guys. Probably I won't be able to fix as I don't want to waste additional time setting up a RADIUS server, getting the whole certificate thing right, and not sure if the client will work. I'm no guru in that area.

    And softwares that can't be upgraded anymore that I tested, wasted my time (or bricked my router), and some of them I had to revert.

    I flashed my R7000 over 100 times, and my R8000 will face the same fate (not to mention a dead WNR3500Lv2). Worth mentioning the time consumed with changes that didn't work as expected, binaries not working or wreaking havoc, and stuff I'm simply not able to fix, such as having blink controlling one of my R8000 LEDs because I have no idea how to make led binary reach one of the gpio addresses.

    Not to mention days looking at AsusWRT code (eventually I feel Asus will convert everything to blobs), some wasted at DD-WRT code (almost nothing is useful for Tomato), and being absolutely mad trying to navigate through Genie code (blobs, blobs, blobs and more blobs).

    So I literally don't want to backtrack all these changes just to make an "updated 132". There are changes that was tailored specifically for Multi-WAN that took me days to get them working and I have no idea right now what do to in order to work on "updated 132".

    Tomato is pretty much maintained by individuals on their free time, and no one of us are actual software developers as far as I know. We don't team up, we don't have a "work schedule", we don't share a repository. All we do is to make unaltered source code available.

    I simply try to maintain Tomato because that's a way for me to learn how Linux things work and get familiar with software, commands, tools, etc. That's the reason I still stick around. Otherwise, I'd have absolutely no reason to even bother about Tomato.

    I am very used to thankless jobs. My "real-life" job itself is a thankless one that's incredibly stressful. Maintaining Tomato is another one, and very time consuming.

    There is no organization backing up Tomato. Simply some individuals in their free time, and actually wanting to kill (or waste) some time.

    Demanding something from individuals who can quit Tomato at any second (literally everyone), seriously I don't know who's more insane: Who bothers wasting time with Tomato source code fully knowing that no good will come out of it, or who demands something we have no idea how to fix. I'm already insane enough.

    Whoever is up to the challenge to "update 132", the source code is there for everyone. I could do this myself, but I do not want to do this, and won't even bother even trying.

    In fact I challenge you, who's demanding something that was working on 132 and broke when MultiWAN was introduced, and be advised you're gonna waste many things to achieve that. Time wasted is the least of your concerns. You will spend also some cash for additional hardware - yes you're gonna brick your router - and I hope you have a top-tier computer to minimize time wasted with failed builds.

    Learning experience may be rewarding, and that's all you will get for all the waste and spendings.

    That's all I'm willing to comment at this point. Proof that backs up every single word in this point is scattered across forum posts (and even on this thread).
  76. DOFFactory

    DOFFactory Reformed Router Member

    I would be upset myself, if I would be a developer with a product that proved to be not only buggy but also insecure to use.

    I feel solidary to you, but let's face it. Since the introduction of the multiwan version, the firmware is very buggy - in-usably buggy. Compare that to the v132 which works for me now with an uptime of 2 years or so, without any major issues. I personally did not ask for introducing multiwan, it should be optional, a completely separate developmental branch. Anyway...

    This is the reason why few people developed git, versioning, etc. It says a lot if you cannot checkout on a branch...

    I know that in arguing with me you try to pose yourself as somebody "superior" who "develop/maintain" this ROM (=decides like a boss) and who simply "knows everything better," however, as a "developer/maintainer" you go immediately blind+deaf about the basic responsibility to address core security-related requests from your users. Again, I am not talking about some "please-introduce-multiwan"-type of requests (which are questionably justifiable), but core security-related requests which are essential to any router functionality (100% justifiable).

    I tried to and will support open-source development as much as I can. But now I can see that tomatousb and shibby developers/maintainers are not keen on their users' security and addressing a documented bug, just because they spent hours on reintroducing a tons of other bugs. Fine, but I as a user I cannot accept this anymore.

    To stop the flame, the next time I am physically close to my router, I am removing your blessed ROM, and Asus will have my full support instead. The choice between insecure (v132) or unstable (post-v132) software is not an option anymore in a post-Snowden era. IMHO, as for an open-source developer it is way too easy to take the full credit for the perks, but no responsibility in staying faithful to the very nature of a hardware/software you are developing on (router) - and this is not good. Peace.
  77. zyrex

    zyrex Networkin' Nut Member

    I'm not a frequent poster seemingly since this is my fourth post since 2014, but ive been using the builds you guys have made since before I registered for an account, and need to emphasis of how good of a job you guys have done! THANK YOU!!!

    The stock firmware from the manufacturer rarely updates their consumer firmware's.
    When I bought the RT-AC66U as it was new, I flashed it the same day to tomato as a warranty void warning could not hold me back from the security gain I get by using 3rd party firmware and that held very true to this day as the stock firmware a year later had default settings that exposed ftp to the wan (news story "Asus routers have ftp server open to wan, how to stop this!"), now that is a insecurity which is unacceptable.
    although I would have probably disabled ftp all together before setting the router up on the network, this is something the community would have pointed out the second the router firmware would have seen the light of day.

    April 7, 2014, Heart-bleed was publicly disclosed, that is an unacceptable insecurity.
    You guys patched that in a heartbeat, that is what I loved about the work you guys put in, ive always loved the open-source community because of stuff like this.

    Sony has shipped back-doors. Cisco has shipped back-doors. HP, Microsoft and pretty much every other vendor.
    With every government in the world wanting their own back-doors to everything these days.
    this is the reason the hours you guys have put int is such awesome work, where more than one pair of eyes look at the code and it is in some repository people can check for themselves.

    Just read up why broadcom does not want a opensource driver
    They do not want an open source driver that documents their hardware interfaces so someone can clone their chip registers. They would prefer that this never happen, since it means that if they have a large chunk of the market.
    Douches :(

    Yeah there will always be versions worse than other versions (132 being super stable and great uptime), post 132 not so much, but that does not mean that 140+ can not be made stable. and all the sudden 141 might have the same solid uptime as 132.

    The flexibility of having a strong router because of you guys, and the ability to have ad-blocking/malware domain blocking on the router is just phenomenal, and id rather disable WiFi and VPN all together just to get the flexibility tomato gives you and have another router on the side doing what post 132 is buggy at.

    Thanks again guys, superb work!
    momonth, Fredrik and Darkbing like this.
  78. Elfew

    Elfew Network Guru Member

    @Fishkniktommac - feel free to repurt these bugs
    @AndreDVJ - +1, I agree with you
    @DOFFactory - enjoy the stock firmware, feel free to release an updated v132 with latest fixes and share it :)

    WPA2 issue is solved in Windows (8+) - client side - there was a security update. Tomato fw doesnt use 802.11r so we shoudl be fine.
  79. RMerlin

    RMerlin Network Guru Member

    You realize Asus hasn't released any update either, right?
    Last edited: Oct 20, 2017
  80. pomidor1

    pomidor1 Networkin' Nut Member

    However, if you do not have access to physical hardware, this is a problem, because switching from 132 to multivan requires physical access.
    It would be great if we could find a specialist who would introduce new packages that have a meaning to security to 132. I do not think anyone would against either Shibby or other developers (who thank you for the hard work).This improve the code so I thought and it was a great benefit to the tomato program
  81. MongooseProXC

    MongooseProXC Connected Client Member

    Hey, I just signed up to this forum to thank you and all the developers for the time they put into Tomato. I don't know what the hell everyone is gabbing about Ver. 132 and what not, but MultiWAN is perfectly stable for me. I've clocked in a few months uptime and the only hiccups I've experienced were caused by my ISP. These people need to move on.

    The amount of features that can be packed into a tiny low power box is just amazing! Keep up the good work and thanks again for everything!
    Last edited: Oct 20, 2017
    momonth likes this.
  82. Tommy Toms

    Tommy Toms New Member Member

    I just signed up on this forum, though I've been a reader for many years, to say THANK YOU to all of you who have worked to develop Tomato. I've used Tomato, DD-WRT, OpenWRT and now LEDE. Each FW has it's pros and cons, devices it supports or doesn't, things it does well or not so well, like all open source projects (in fact device support has dictated which FW choices I have available more often than my personal choice has). The fact that these folks have been able to take a project like Tomato and make it what it is today is damn amazing! I've tried to make the time in my schedule to learn more so I could contribute more to this community (which is easier said than done, and something I've not been very successful at), and have tried to donate to each project to help however it can. To those who feel burnt, worn, beat up, tired, delirious, or insane from their efforts on these great open source projects behalf, from me and a whole lot of others that I know and love your products, thank you so very much! Keep up the good work and if I can ever help feel free to call on me.

    momonth likes this.
  83. Tommy Toms

    Tommy Toms New Member Member

    DOFFactory, How much do you know about the Tomato development ecosystem? There isn't really a team working on tomato dev. There are several individuals who develop different aspects of the software, share that code with others and the end result are the several different builds of Tomato that you see available today. As has been mentioned there is nothing Shibby or the other Tomato devs can do about KRACK until Broadcom or someone upstream releases a fix, because that part of the software is not open source (and thus opens the argument about using closed source software in an open source product... discuss, in the knowledge that without that Tomato wouldn't work on a lot of devices... but elsewhere please). Do as you please with what software you run and support, but before you start pointing fingers and lecturing/arguing about product security and development remember open source is developed so when someone, like yourself, wants to do something different with the software they can grab the source, learn how to make the changes they want to make and use it that way. I personally haven't experienced the issues you seem to have with the multi-wan version (not to say I haven't had to work around some issues), but wouldn't blame you for looking at other FW options if Tomato no longer fits for you. So in this post-Snowden era, instead of yelling at the guys helping us all out for free, try learning how to contribute to the community or working with someone who can and go wild building the FW you want. I know that doesn't fulfill our societal need for instant gratification, but creating something you really want can be more rewarding. Good luck with your network predicament.
    PetervdM likes this.
  84. Justio

    Justio Addicted to LI Member

    No offence to anyone on this forum but from my point of view time would be spent better doing something else than replying to ignorant users
    Hope not to be wrong but this was, among others, one of the reasons koitsu left...ans it seems it has affected also toastman (though it is only my assumption)

    With these two active developers leaving tomato project, tomato for MIPS seems almost dead....from my knowledge there is just one occasional developer left on the field (shibby).

    To ignorant users (if there are any, of course): just give it a try and compile yourself the firmware, and only after post/ask/argue about it with the ones who do the job for FREE
    Last edited: Oct 21, 2017
    ruggerof likes this.
  85. ruggerof

    ruggerof Network Guru Member

    Interesting how some people have no sense of reality.
  86. xips_

    xips_ Networkin' Nut Member

  87. pomidor1

    pomidor1 Networkin' Nut Member

  88. Rangaistus

    Rangaistus Reformed Router Member

    PS> after reading my response, i'd like to clarify that i am not criticizing the tomato project nor the people involved. i wrote the following from a philosophical viewpoint.

    the conversation about opensource development, is very interesting to me. it may be off topic here in the shibby thread, but i feel if it branches off into its own post, it will lose interest. i would like discuss it in depth however. we don't discuss it, and every once in a while a contributor blows up with an upsetting post. then people show support by appreciation and things cool off. @Jacky444 was upset a while ago and was on the brink of leaving the project.

    i have been using tomato close to 10 years now. for me, it is a serious software product. normally in software, there's a loop of development-release-feedback (in the form of appreciation, critique, bugs, feature requests). what is interesting with tomato is that the developers do it as a hobby and any form of feedback other than appreciation seems to create this pressure that pushes their time-spent away from hobby and into work. when it's work it is no longer fun to do, and they feel reluctant to continue.

    the donations are another complication. it associates a monetary value to a work done that has much higher social value. if the donations are not sufficient it causes the impression that the work is undervalued. this is similar to a friend inviting you over for dinner and you offer them little money for all their effort preparing the dinner. it is a rude gesture. if they ask for money, is it now a business transaction or a social event? it is difficult to find the balance.

    another aspect that i'd like to address is particular to tomato: contributors doing it for personal reasons. you are either in the know, or don't know. and people in the know do not team up. the progress of the project seems to be a by-product. i am not sure what is needed, for the sake of the project and 1000s of users, to do more team work, sharing of information and passing the figurative torch. there could be a distribution of effort rather than a single individual bearing all the load, responsibility and stress. it would create a less difficult path from the not-knowing group to the knowing group. over time, it could increase the number of people in the knowing group, lessen the work and maybe even increase the enjoyment.

    philosophy aside, from a practical standpoint:
    i'd like to ask the contributors: how can i help? what would make your time spent on this project more enjoyable and less stressful? do you think documenting how-to do things (such as merging, compiling, etc) would benefit you and/or the project in the long term? would working as a team simplify things or make things more cumbersome? is there anything i can do that your time does not seem wasted?

    if you feel that this discussion is not fit for public but you'd like to state your opinion in private, i welcome related PM.
  89. mgeorge

    mgeorge Serious Server Member

    Hi, I am trying to compile an app for tomato. I've been searching how to do that and found that source needs to be compiled with mipsel-uclibc-gcc from tomato source? Is that the only way? Why the the package from ubutnu gcc-mipsel-linux-gnu couldn't be used? I've been trying to do that, but the mipsel-uclibc-gcc output was that there is not input file to compile, despite that I was calling it with test.c -o test. Anyone has any suggestion, idea?

  90. Rangaistus

    Rangaistus Reformed Router Member

    shibby 140 is (incorrectly?) logging ipv4 as ipv6, at least for openvpn:

    build 138:
    daemon.notice openvpn[xxxx]: TCP connection established with [AF_INET]
    daemon.notice openvpn[xxxx]: [certName] Peer Connection Initiated with [AF_INET]

    build 140:
    daemon.notice openvpn[xxxx]: TCP connection established with [AF_INET6]::ffff:
    daemon.notice openvpn[xxxx]: [certName] Peer Connection Initiated with [AF_INET6]::ffff:

    i have ipv6 disabled.
  91. PetervdM

    PetervdM Network Guru Member

    this is a new feature in openvpn. revert to the previous behaviour, you might have to enter either "proto udp4" or "proto tcp4" - which one of the two is applicable - into the custom config.
  92. bigjohn

    bigjohn LI Guru Member

    Hi guys - popping in here to this active thread.... anyone notice Shibby site is down?
  93. pomidor1

    pomidor1 Networkin' Nut Member

    3, 4 days ago Shibby wrote a post on the openlinksys website so it's rather a case of Shibbie's website
    crusher9 likes this.
  94. Elfew

    Elfew Network Guru Member

    What did he write? Any news about his comeback? :) Openlinksys seems to be down too...
  95. pomidor1

    pomidor1 Networkin' Nut Member

    openlinksys also today is dead haha
    and our admin openlinksys @kille72 on vacation ;-)

    Shibby's short answer to the user's question is whether there is a hardware fault wan in ac68u and how to check
  96. pedro311

    pedro311 Addicted to LI Member

    I just let @kille72 know, that openlinksys is down (shibby is aware of it too).
    Last edited: Oct 27, 2017
    Elfew likes this.
  97. pomidor1

    pomidor1 Networkin' Nut Member

    Big Brother Shibby watches ;-)
    TomatoAnon up, Openlinksys up, up:cool:;):)
    Techie007, Jose C and Elfew like this.
  98. gpmhome

    gpmhome New Member Member

    Thanks for having me.

    May I point out that the tomato firmware on my Netgear R8000 was the most stable, fastest ever and all I can do is to say: Thank you shibby.

    Any idea when a tomato version for the R8500 will be available? A friend bought the R8500 listening to the sales man instead buying what he was told to do and then asked me for help but I have absolutely no clue about all that, shibby please help :)

    Any info would be very much appreciated thanks.
  99. pomidor1

    pomidor1 Networkin' Nut Member

    New Broadcom processors have a different sdk (R8500 probably too) Shibby is working on getting AC68u ver C1 ready for tomato, so it might help to add R8500 later
  100. redsandvb

    redsandvb Network Guru Member

    Excellent! Thanks Shibby!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice