Hi! I just switched over from dd-wrt to tomatousb shibby mod and I can't get my nvram to commit to flash. I had to create a backup script to back up my nvram after every change because it just won't last a power cycle. When I saw the save button wasn't issuing a commit I started doing it manually but still won't commit. I am using Tomato Firmware 1.28.0000 MIPSR2-100 K26 USB Mega-VPN on a Asus RT-N16. Everything works perfect and I LOVE this firmware but would really like to have my settings back after the router reboots. Any ideas? Suggestions?
nvram settings are very sensative. The most common problem is if you simply go over the limit size limits, your router will automatically clear the NVRAM settings. It doesn't take much. For example if I configure two VPN clients, and VPN server with the keys entered in the UI I'm over the limit. The other common problem is some binary data will confuse the router. Even sometimes non-binary data. For example I had one time where the only thing I could possible attribute to causing the NVRAM reset was the CRYPT passwd stored in nvram… I didn't manage to reproduce that problem, so my guess could be wrong.
My recommendation is never ever ever use "nvram setfile2nvram". Even if the file itself is completely ascii, the permissions and such will store as binary, and sometimes that causes problems.
My best recommendation regardless of cause, is try to offload things that are configured in NVRAM elsewhere. Just do the absolute minimum configuration necessary in the UI to bring your router up.
One trick is enable jffs. There is an option in the later builds to run something when jffs comes up. Don't use it. Instead, create a file called /jffs/.autorun . In that script you can do additional configuration. For example this is what I have in my /jffs/.autorun file:
#!/bin/sh cd /jffs/etc for i in *.custom do cp "/jffs/etc/$i" "/etc/$i" if [ "$i" = "dnsmasq.custom" ] then service dnsmasq restart else cat "$i" >> "/etc/$(basename "$i" .custom)" fi done
What this does copy files like /jffs/etc/dnsmasq.custom, /jffs/etc/group.custom, /jffs/passwd.custom, and /jffs/shadow.custom to my /etc directory. That way I don't need to store those in nvram. The restart of the dnsmasq service is just to make sure my custom settings are read… For the other files I have it sufficient for me to just append the non-custom files.
Other bits of data you wish to store in jffs require different tricks. For example to store my VPN server keys in jffs I simple leave the values blank in the UI and then use the following custom configuration options:
I can't help to feel this is also more secure, is if the keys appear in the UI there is always the possibility they will be accessible in my browser cache as well.
Of course, if you aren't doing extensive configurations and your nvram still keeps resetting, then you are probably looking at a hardware failure.
One problem with the tomato UI in general, is absolutely everything goes into nvram, with long descriptive names. The newer the build you get, the more of your nvram you will find is used up just storing default values… In the past people have tried patches like not storing default values, compressing variable strings, even hacking the firmware to allow one to store past the limits. Unfortunately, all attempts have hit unseen complications… So none of that is in the stable builds. Still it quite clear that something needs to be done, as it is quite common now to even have problems storing what I consider basic configuration information.
Wow thanks docbill! I feel like I owe you a beer :)
Yea I have both VPN servers and all their config on nvram. This makes a lot of sense since I currently have:
Total / Free NVRAM: 32.00 KB / 4 (0.01%)
I like what you did using the jffs as kind of a replacement for nvram, but I can't really grasp how the services know to look at your .custom files in /ect/ directory instead of nvram for configuration information. Sorry if this is a dumb question, kind of new to this. I will definately start with the OPENVPN configuration as it seems pretty straight forward and really cleaver :)
Hey wouldn't manually running the vpn service using a different conf location be just as good? That way you don't even have the configuration information in nvram like the whole:
instead i think we can do something like this maybe?
service /etc/openvpn/vpnserver1 —cd /jffs/etc/openvpn/server1 —config config.ovpn start
You can continue to use the gui. Just place your cert locations in the custom config, section. Pretty much just copy paste what you have. When it starts up, it will know from the custom config where to find the certs and will start as it usually does.
Yea I got it to load those certs and keys from jffs already thanks! Now I guess whats left is getting some more stuff out. I started to go through my nvram sets and I saw a couple of values that I want to take out and was wondering if it was possible to copy from jffs using the .autorun script.
Are there any .custom files for these I can reference? :)
Thanks in advance!!!
The references custom files is hidden in the tomatoUSB code itself. I'm sure it is documented somewhere in the wiki, as that is where I found it originally…