Recent Forum Posts
From categories:
page 1123...next »

I recently upgraded from 1.28.0000 MIPSR2-132 K26AC USB AIO-64K

I had to wipe setting and reconfigure and now everything is working perfectly except my AT&T microcell. That can't connect at all. I've been through support with AT&T and they have thrown up their hands.

With older version, it worked great. Suggestions or links to other threads would be very appreciated.

Hello I would like to know a script that does the following: All users using DHCP or Static IP (if possible) get their download speed checked every 1 minute, if after 3 checks an IP address is using almost all available download speed he receives a download (upload too if possible) limit for 2 hours. After 2 hours that specific IP can utilize once again almost all (or all) bandwidth and the whole process gets repeated again. Also in case there is other IP addresses that use almost all download speed while the other IP address(es) is in the limit the same process should be done for this IP(s) too (Checks the download speed 3 times if after 3 times it is still using almost all download it gets a limit). This process should be repeated and running 24/7.
This should be possible with a script taking the Bandwidth from Real-Time tab for all IP addresses and then comparing all of them individualy to Bandwidth Limiter for LAN. After there is found one IP that abuses the internet speed a limit should be set for that specific IP, same for the next IPs

I'm trying to setup three routers running tomato (2 secondarys running toastman and primary with shibby , but may change to toastman build due to shibby's nvram use). What I'm trying to do is setup the secondary routers as access points connected wired to the primary router.
Step 1 was to create the access points which was easy and work correctly, now the secondary routers share SSIDs and credentials with the primary and all traffic is routed through the primary router.
Step 2 is to make a guest virtual lan, and that worked fine on the primary router. But from here I'm lost. I've tried to configure a secondary router for a second lan bridge (no dhcp, that should be handled by the primary), a vlan connected to the bridge, and add a virtual wireless interface as an access point to the same bridge.

My secondary to primary path is wired, and I didn't configure the primary's VLAN to any port. I'm not sure if this is correct because traffic from secondary's vlan will be arriving on the primary through a lan port.

The problem I'm having is when I connect to the guest vlan on the secondary my DHCP request doesn't get a reply.
This subject is pushing my basic networking knowledge, and this one is over my head. This may not be possible, or this design could be ass-backwards. Does anyone have suggestions on where to find a description how to do this?

To summarize, I have successfully configured the primary router with the secondary routers acting as switches/access points. I've successfully created virtual guest access on the primary (with a unique IP, and DHCP range). Everything appears to work correctly from the primary. On the secondary router I've setup the same guest virtual lan and tried to forward this traffic back to the primary. I can't connect through the secondary's virtual guest account because DHCP requests aren't processed through the primary.

Hello I would like to know a script that does the following: All users using DHCP or Static IP (if possible) get their download speed checked every 1 minute, if after 3 checks an IP address is using almost all available download speed he receives a download (upload too if possible) limit for 2 hours. After 2 hours that specific IP can utilize once again almost all (or all) bandwidth and the whole process gets repeated again. Also in case there is other IP addresses that use almost all download speed while the other IP address(es) is in the limit the same process should be done for this IP(s) too (Checks the download speed 3 times if after 3 times it is still using almost all download it gets a limit). This process should be repeated and running 24/7.
This should be possible with a script taking the Bandwidth from Real-Time tab for all IP addresses and then comparing all of them individualy to Bandwidth Limiter for LAN. After there is found one IP that abuses the internet speed a limit should be set for that specific IP, same for the next IPs

@linusbro
So far no luck.
I might want to look into an PfSense solution at some time.

Re: Multiple VPN's by JohnsterJohnster, 23 Apr 2017 08:58

1. do you need the access to WebGUI over WiFi ? so, you must allow it !
Administration > Admin Access > Allow Wireless Access: checking the box
2. Web-GUI is the service known as 'httpd' (use the command "top" to view all running services in your router)
- if there is not httpd service, you can try restart it:

killall httpd
sleep 1
httpd -p 80

- try again the functionality of Web-GUI, but I think it was BUG of the earlier versions of tomato… so, you need to flash the tomato firmware again :-/
Re: Can't access webgui anymore by s3n0s3n0, 17 Apr 2017 17:46

Advanced Settings > Firewall > Multicast
Enable IGMPproxy: enable
LAN: enable

…or you can try the UDPXY feature too (UDP stream over HTTP, helped by proxy):

Enable Udpxy: yes
Max clients: 3 (for example)
Udpxy port: (choose your UDPXY port)

LOL !

1. in Basic Settings > Network, in the router you must to disable the WAN DHCP connection (by changing the Type: "DHCP" to "Disabled") as first
2. the check-box with WAN port to LAN bridge will appear then

Hi Folks,

EDIT: I got some help and solved the problem by removing the password from the client configuration.
this simplified the connection and solved the problem.

I am trying to configure my router as an open VPN client to connect to my Raspberry Pi OpenVPN server but i haven't had any luck.
I am able to connect to my vpn server with my windows and my android client correctly, but I am unable to get my tomato router to connect.
I apologize in advance for my noobness on Linux and tomato in advance. I am new to both but trying hard to learn.
After two weeks of forum reading and digging through OpenVPN and tomato forums, trying different client configuration options in the tomato GUI vpn, and generally banging my head against the wall i havn't made any progress.
I am coming to the conclusion that most of what I am looking at is above my current Linux/tomato reading level.

Perhaps someone with a better understanding can spot my error? :-)

here is my server.conf:

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1

And this is the client config that works with windows and android:

client
dev tun
proto udp
remote mydynamicdnsaddress.com ####(portnumber)
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
<ca>
-----BEGIN CERTIFICATE-----
*********certificate is here ******
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
*******second certificate here*****
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
********privatekeyhere*****
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
***STATIC KEY IS HERE***
-----END OpenVPN Static key V1-----
</tls-auth>

and here is my current configuration options in Tomato:
Start with WAN: disabled
Interface Type: TUN
Protocol: UDP
Server Address/port: mydynamicdnsaddress.com ####(portnumber)
Username/Password Authentication: enabled
Username: client name from my openvpn configuration(same as name of .ovpn file)
Password: password I use to connect on windows
Username Authen. Only: disabled
Extra HMAC authorization: outgoing(1)
Create NAT on tunnel: enabled
Poll Interval:0
Redirect Internet Traffic: enabled
Accept DNS Configuration: Relaxed
Encryption cipher: AES-256-CBC
Compression: None
TLS Renegotiation Time: -1
Connection retry: -1
Verify server certificate (tls-remote): disabled
Custom configuration:
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
auth SHA256
verb 1

Keys:copied from .ovpn file
Redirect through VPN: disabled

When I enable the VPN with the above settings I get:

Apr 13 22:30:24 unknown daemon.notice openvpn[3088]: OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  1 2016
Apr 13 22:30:24 unknown daemon.notice openvpn[3088]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
Apr 13 22:30:24 unknown daemon.warn openvpn[3090]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 13 22:30:24 unknown daemon.err openvpn[3090]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Apr 13 22:30:24 unknown daemon.notice openvpn[3090]: Exiting due to fatal error
Apr 13 22:30:24 unknown user.notice root: vpnrouting: clean-up

If i enable username authen. only, it appears to connect, but then the TLS handshake fails.

Do y'all see anything that looks glaringly wrong?
Any help is appreciated.

Thanks,

Chris

I am very interested in your work. Can an admin please allow him to post the link or, Ioannis, can you maybe spell it out or in some other way indicate how to find it?

EDIT: I should really learn to read… "Just search for Tomato-Router-Splash-Page-With-Password by upggr on github"

Thanks!

Hey Johnster, have you found a solution for this? I want to do the same thing on my Asus RT-N66U. Hulu does not like my VPN so I want to make one radio bypass the VPN or use my other Hulu friendly VPN. I was thinking that multiWAN may be a solution if you can direct each radio to its own WAN port.

Re: Multiple VPN's by linuxbrolinuxbro, 10 Apr 2017 21:48

Hello

I am new to tomato but have gotten everything up any running well. Even VPN is working good. MY question is where do I put the DNS ip for the server I want to use? It is using my ISP's dos server and thats not what I want. Under Basic-Network-Lan there is no entry place that i can see. From everything I've read it should be there?? Shouldn't it be on the page I've attached? Sorry I can't figure how to attach an image.
Any help would be appreciated
jtimmyf

aviy, Did you flash the R9000? If so, how did it go? I have one as well to replace my RT-N66U. I've never flashed a Netgear router before so I'm a little hesitant to move forward without talking to some people who have.

Re: netgear r9000 by Roland BarberRoland Barber, 04 Apr 2017 22:33

Hello,

I have a Netgear router which runs Tomato and at the moment I have a Huawei E5170s-22 connected to the WAN port of it. This works like a charm, but now I'd like to connect an AVM Fritz!Box between the Netgear and the Huawei and use it as a VoIP-Gateway. All other LAN ports are in use and the FritzBox only has 100MBit/s Ethernet and therefore I don't want it in my GBit LAN behind the Netgear router.

I already wrote an IP like 192.192.1.0 into the 'Route Modem IP' field, but of course that didn't work. Is it possible to set this up so that I can access both web frontends and how can I do it?

Best regards,
Michael

2 modems/routers on WAN port by myschamyscha, 04 Apr 2017 18:50
Linksys EA4500
vovans82vovans82 03 Apr 2017 23:18
in discussion Discussions / General » Linksys EA4500

Hello, can you please tell me if Linksys EA4500 is compatible with Tomato firmware please. I found some old threads saying no but maybe there is a new Tomato version that supports it ? Thanks!

Linksys EA4500 by vovans82vovans82, 03 Apr 2017 23:18

I have never installed or used tomato and downloaded and flashed my Netgear R7000 with the beta VPN tomato-K26USB-1.28.9054MIPSR2-beta-vpn3.6.rar. My computer gets an IP address, but the power light just blinks and I can't access the web admin ui. Not sure what to do from here.

I have 2 LAN VLANs.

I have the entire subnet of one of them routed over the VPN connection.

I would like to be able to use VNC to access one of the computers on that subnet, but it times out.

How can I adjust the routing so that the computer can respond directly to incoming connections from the non-VPN routed VLAN?

Thank you.

-Doc

The speed of an encrypted VPN tunnel is dependent on the CPU of the device handling the connection. The router CPU is much slower than that of a PC. It is also single-threaded, so multi-core does not make a difference as far as I am aware.

Using a more powerful device as the VPN gateway will help. Using a SOHO router is pretty much always going to result in relatively slow speeds.

m25: This iteration of adblocking: http: // www (dot)linksysinfo(dot)org/index.php?threads/script-clean-lean-and-mean-adblocking.68464/ does have a line in the adblock.sh to select/modify the interfaces. I use it on all, so have not tried it, so it may or may not work as you intend.

Edit - you'll need to figure out the weblink since I'm not allowed to post links. Sigh.

Re: Shibby Builds by user17600user17600, 27 Mar 2017 18:25
page 1123...next »
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License