Hello, Hola, Bonjour... Last update. July 18, 2014. Read Section 3. Changelog. The firmware files in this section are leased to people with knowledege what they do (not all humans know it). Target: To test this firmware and report back your opinion and findings. Result: To release and enjoy an stable and performance firmware in your router keeping safe your privacy and data. ********************************************************************** DISCLAIMER: These firmwares are extremely unlikely to brick your router BUT some functionality may be broken. USE AT YOUR OWN RISK. I am not responsible for any damage or loss that you incur using these firmwares including but not limited to loss of profits. ********************************************************************** Index. Section 1. How to install or Upgrade. Section 2. Hints and cautions. Section 3. Changelog. Section 4. What is inside of the beta release? Section 5. Wishes, Tests to perform and Thanks. Section 6. NGINX Web Server. User Manual. ********************************************************************* Section 1. How to install or Upgrade. 1.a) Update from previous Tomato RAF beta (1.1d or 1.1e or 1.1f-g-h-i...). _ Do the update when your device is iddle or few Internet traffic is going throught, it may extend the Flashing time and give you some warnings (Timeout). _ Stop (Unmount) and unplug any USB device you may have. _ Use the Administration/Upgrade option in your router menu an then upload the file you downloaded. 1.b) Update process from previous Tomato RAF version: _ Do the update when your device is iddle or few Internet traffic is going throught, it may extend the Upgrade time and give you some warnings (Timeout). _ Stop (Unmount) and unplug any USB device you may have. _ Use the Administration/Upgrade option in your router menu an then upload the file you downloaded. PLEASE, DO a NVRAM ERASE during the update or using the option in Administration/Configuration options menu. Config the settings from scratch manually, do not used restored configurations. 1.c) Update process from stock firmware: - In most of cases you need to upgrade a bridge firmware depending on your model router or perform a tftp push. For Linksys E series you can upgrade directly from the stock firmware. For Asus RT-N16 use the bridge firmware file that you can find in my utilities and recover section or use the ASUS recovery tool to update directly the Tomato RAF file for your router. I use always a tftp command utility setting the Asus router in recovery mode (pressing the reset button while power on until the power led flash once every 1-2 seconds and fixing an static IP in my network card like this: Computer IP: 192.168.1.5 Network mask: /24 Gateway IP (router): 192.168.1.1 and then in terminal command prompt I type: Prompt$> tftp 192.168.1.1 > bin > put (name of the file to upload to the router).trx and wait until the end upload message appears. Then wait for 5 minutes, power off your router and power on again. Restore your network card settings, (automatic DHCP) That's all, enter in your router menu using the default IP (192.168.1.1) with your browser. ********************************************************* Section 2. Hints and cautions. _ In this upgrade and due to the firmware size you may encounter that the welcome screen in the router do not appear when the reboot process has been exhausted, don't worry, wait 20-30 seconds and then type your router IP (192.168.1.1) in the browser window. It will appear. The reason? New timeouts have been programmed in the update firmware but will not be active until you do the next upgrade, your past firmware had shorter reboot and upgrade timings. _ To remind ... default user = admin , default password = admin ********************************************************* Section 3. Changelog. * - Whats's new in 9014 R1.3 Beta Releases? Models supported in the Beta (final release will support additional models): Asus RT-N10 (some versions)-> YES Asus RT-N12 B1--------------> YES Asus RT-N16 ----------------> YES Asus RT-N18 ----------------> YES Asus RT-N53 ----------------> YES Asus RT-N66U ---------------> YES Asus RT-AC56U --------------> YES Asus RT-AC66U --------------> YES Asus RT-AC68U --------------> YES Asus RT-AC87U --------------> WIP Belkin F7D3301 -------------> YES Belkin F7D4301 & F7D8301 ---> YES Belkin F7D4302 & F7D8302 ---> YES Belkin F7D9302 -------------> YES Netgear R7000 -------------> YES Cisco-Linksys M10 ------------------> YES Cisco-Linksys E800 -----------------> YES Cisco-Linksys E900 -----------------> YES Cisco-Linksys E2000 ----------------> YES Cisco-Linksys E1200 v2 -------------> YES Cisco-Linksys E1500 ----------------> YES Cisco-Linksys E1550 ----------------> YES Cisco-Linksys E1000 v.2-2.1 --------> YES Cisco-Linksys E2550 ----------------> YES Cisco-Linksys E2500 v1--------------> YES Cisco-Linksys E2500 v3--------------> YES Cisco-Linksys E3000 ----------------> YES Cisco-Linksys E3200 ----------------> YES Cisco-Linksys E4200 v1--------------> YES Cisco-Linksys WRT-320N -------------> YES Cisco-Linksys EA6500 ---------------> YES Linksys-Belkin WRT 1900AC ----------> WIP Tenda N6 ---------------------------> YES Tenda N60 --------------------------> YES Tenda W1800R ----------------------> YES Netgear WNR3500L v2 ----------------> YES -------------------------------------------------------------------------------------------------- Release 9014-v1.3h .... July 2014. Working on it. #~ Libsodium 0.6.1 update, security and lite configuration fingerprint. #~ Nginx 1.6.0 (stable) updated. #~ First try to replace OpenVPN with TINC (lancethepants project). -------------------------------------------------------------------------------------------------- Release 9014-v1.3g ..... June 29,2014. #~ Tomato v1.28.9014 MIPSR2-RAF-v1.3g MIPS && ARM Platform #~ Openssl 1.0.1h update security and bug fixes. #~ dnsmasq 2.72 test3. #~ PHP 5.5.13. #~ ucarp 1.5.2 - Jun 10 2014 #~ nettle 3.0 #~ minidlna 1.1.3 -------------------------------------------------------------------------------------------------- Release 9014-v1.3f ... May 27,2014. #~ Tomato v1.28.9014 MIPSR2-RAF-v1.3f AND ARM Platform root@RT-N16:/tmp/home/root# dnsmasq --ver Dnsmasq version 2.71 Copyright (c) 2000-2014 Simon Kelley Compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC. #~ Quagga. OSPF, RIP, and SNMP Agent Monitoring + GUI. * #~ TCPdump + GUI. wikipedia please... #~ Netflow + GUI. More Information here. http://en.wikipedia.org/wiki/NetFlow #~ Native VLAN support (Cisco Style) #- UCARP. UCARP allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover. It is a portable userland implementation of the secure and patent-free Common Address Redundancy Protocol (CARP, OpenBSD's alternative to the patents-bloated VRRP). http://ucarp.org #- DNScrypt resolvers.* #- DNScrypt update to version 1.4.0. * Thanks to Aaron Finley for the draft code. ** Thanks to Lance Fredrickson (lancethepants). ------------------------------------------------------------------------------------------------------------------------- Release 9014-v1.3e (wip May 5,2014) internal test finished May,16,2014. Forecast Release May,17,2014. #~ OpenVPN 2.3.4 -- released on 2014.05.02 (Change Log) The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements. The Windows installer I001 has additional code to prevent problems during install and uninstall if installer bitness is wrong or if the OpenVPN-GUI or an OpenVPN process is running. The Windows installers also bundle OpenSSL 1.0.1g, which means that they are immune to the heartbleed vulnerability (OpenVPN-specifics here). All Windows users of OpenVPN 2.3-rc2-I001 through OpenVPN 2.3.2-I003 should upgrade their installations immediately. #~ MiniDLNA update to version 1.1.2 from original idea by Bao William-bwq518 implemented by shibby. Changelog. 1.1.2 - Released 06-Mar-2014. - Show client status on our basic presentation page. - Add a new force_sort_criteria option, to globally override the SortCriteria value sent by the client. - Fix a couple resource leaks. - Add configuration include file support. - Support DLNA/UPnP-AV searches issued by clients using the Grilo framework. - Fix some clients playing artwork instead of movie. - Fix bookmarks on Samsung Series E clients. - Add an extra folder level if there are multiple media locations. - Fix some multicast membership issues with changing network settings. - Make max number of children (connections) configurable. - Fix choppy playback with some file types on Panasonic clients by increasing the max connection limit.. #~ Comcast DSCP and buffer overflow fix. Thanks to @tvlz for pointing it and Lance Fredrickson (lancethepants) for switch GUI. ipv6: don't install anycast address for /128 addresses on routers. http://goo.gl/WI0Nk8 Incoming DSCP to 0x00. http://goo.gl/FHUkrq #~ DNSSEC. credits to Lance Fredrickson (lancethepants). #~ Linksys E2500 v3, EA6500 v1, Tenda N60 support added. Thanks to @tvlz and bwq for the patch. #~ dnsmasq -no-resolv -strict-order switch placed in Basic-network GUI like DNSSEC switch too. Explanation: - The --no-resolv flag simply means; Don't read /etc/resolv.conf. Get upstream servers only from the command line or /etc/dnsmasq.conf - The --strict-order flag means; By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf - The none Flag don't write anything in /etc/dnsmasq.conf file. Leaving control to the user. #~ router/services.c warnings during (don't tread a pointer as one integer, *ipv6 not used....) compilaton fixed. #~ libsodium-0.5.0. 13-May-2014 23:11 . Updated, it saves ~30KB in the firmware file size. Changelog. - sodium_mlock()/sodium_munlock() have been introduced to lock pages in memory before storing sensitive data, and to zero them before unlocking them. - High-level wrappers for crypto_box and crypto_secretbox (crypto_box_easy and crypto_secretbox_easy) can be used to avoid dealing with the specific memory layout regular functions depend on. - crypto_pwhash_scryptxsalsa208sha256* functions have been added to derive a key from a password, and for password storage. - Salsa20 and ed25519 implementations now support overlapping inputs/keys/outputs (changes imported from supercop-20140505). - New build scripts for Visual Studio, Emscripten, different Android architectures and msys2 are available. - The poly1305-53 implementation has been replaced with Floodyberry's poly1305-donna32 and poly1305-donna64 implementations. - sodium_hex2bin() has been added to complement sodium_bin2hex(). - On OpenBSD and Bitrig, arc4random() is used instead of reading /dev/urandom. - crypto_auth_hmac_sha512() has been implemented. - sha256 and sha512 now have a streaming interface. - hmacsha256, hmacsha512 and hmacsha512256 now support keys of arbitrary length, and have a streaming interface. - crypto_verify_64() has been implemented. - first-class Visual Studio build system, thanks to @evoskuil - CPU features are now detected at runtime. And that's all for version 1.3e. ---------------------------------------------------------------------------------------------------------------------------------- Release 9014-v1.3d (April 23,2014) _ SQlite: Updated to version 3.8.4.3 _ PCRE: Updated to pcre 8.35 04 April 2014 (arm lib support) Release 9014-v1.3c April 22, 2014 _ Dnsmasq updates and DNSSEC consolidation (2.69 test version) read more http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions Test from your PC with .. dig test.dnssec-or-not.net TXT after you modified dnsmasq custom window with proxy-dnssec. _ New version for RT-AC56U and RT-AC68U. Beta, please report functions. _ Busybox 1.22 .. Read changelog in http://www.busybox.net/ _ BCMcrypto (Assorted Cryptographic Algorithms) updated Y2012 and common with new AC routers and ARM platform models. _ BCM57xx (Network driver) updated to Y2012 version and common for AC and ARM platform models. _ eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.110.27.20012 (Asus driver 13July2013) _ eth1: Broadcom BCM4329 802.11 Wireless Controller 5.110.27.20012 (b/g/n) _ eth2: Broadcom BCM4331 802.11 Wireless Controller 5.110.27.20012 (b/g/n) _ NGINX updated to release 1.5.11 _ PHP updated to release 5.5.10 _ miniupnpd updated to release 1.8 _ zlib patched and updated to version 1.2.8 _ Openssl updated to version 1.0.1g* *About Heartbleed vulnerability in OpenSSL: How to test the correct version in your router. Tomato RAF doesn't support 'openssl version' command.. then the right command will be: Tomato v1.28.9014 MIPSR2v1.3c K26 USB root@router:/tmp/home/root# strings /usr/lib/libcrypto.so | grep OpenSSL OpenSSLDie DH_OpenSSL OpenSSL_add_all_ciphers OpenSSL_add_all_digests UI_OpenSSL DSA_OpenSSL %s(%d): OpenSSL internal error, assertion failed: %s MD5 part of OpenSSL 1.0.1g 7 Apr 2014 SHA1 part of OpenSSL 1.0.1g 7 Apr 2014 SHA-256 part of OpenSSL 1.0.1g 7 Apr 2014 SHA-512 part of OpenSSL 1.0.1g 7 Apr 2014 libdes part of OpenSSL 1.0.1g 7 Apr 2014 DES part of OpenSSL 1.0.1g 7 Apr 2014 Big Number part of OpenSSL 1.0.1g 7 Apr 2014 RSA part of OpenSSL 1.0.1g 7 Apr 2014 OpenSSL DH Method Diffie-Hellman part of OpenSSL 1.0.1g 7 Apr 2014 Stack part of OpenSSL 1.0.1g 7 Apr 2014 lhash part of OpenSSL 1.0.1g 7 Apr 2014 EVP part of OpenSSL 1.0.1g 7 Apr 2014 ASN.1 part of OpenSSL 1.0.1g 7 Apr 2014 PEM part of OpenSSL 1.0.1g 7 Apr 2014 X.509 part of OpenSSL 1.0.1g 7 Apr 2014 CONF part of OpenSSL 1.0.1g 7 Apr 2014 OpenSSL default CONF_def part of OpenSSL 1.0.1g 7 Apr 2014 TXT_DB part of OpenSSL 1.0.1g 7 Apr 2014 OpenSSL default user interface OpenSSL CMAC method OpenSSL HMAC method AES part of OpenSSL 1.0.1g 7 Apr 2014 }RC2 part of OpenSSL 1.0.1g 7 Apr 2014 IDEA part of OpenSSL 1.0.1g 7 Apr 2014 OpenSSL RSA method DSA part of OpenSSL 1.0.1g 7 Apr 2014 OpenSSL DSA method OpenSSL PKCS#3 DH method You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html RAND part of OpenSSL 1.0.1g 7 Apr 2014 MD4 part of OpenSSL 1.0.1g 7 Apr 2014 RC4 part of OpenSSL 1.0.1g 7 Apr 2014 RC5 part of OpenSSL 1.0.1g 7 Apr 2014 Blowfish part of OpenSSL 1.0.1g 7 Apr 2014 CAST part of OpenSSL 1.0.1g 7 Apr 2014 OpenSSL 'dlfcn' shared library method root@router:/tmp/home/root# Done in Version 1.2x Released 20 December 2013. Firmware Changes: - Dnsmasq updates (2.69. dated Dec 16 2013), - Nginx updated to 1.4.4 together with PHP-FastCGI process manager. - Login name customized window. - IPv6. Some sites (facebook) not accesible. Code again TCP MSS clamp for IPV6 with ppp connection, Thanks to Vladislav Grishenko to point it. - IPv6. Added Option in DHCPv6-PD to access some difficult ISP settings. Useful for some NZ and AU ISP's. - QoS broken with IPv6 solved. Need to test statistics. - DHCPv6-PD random connection problem solved. - IPv6 ICMP firewall added. - IPv6 SSH pass added. - Kernel patches for carrier-on bug, 14 service patchs more applied. - Tools-ping: allows now ping to hyphen url's (no-ip.org). http://www.linksysinfo.org/index.php?attachments/upload_2013-12-9_17-32-54-png.2564/ - Dnscrypt-proxy: upstream to 1.3.3 version - Libsodium: upstream to 0.45 version - Dropbear: upstream to 2013.62 version. Includes ecdsa key. - Openssl: generates ecdsa host key. - Menu language typos. Thanks to Elfew. ..... Version 1.2w, 23 Nov. 2013 - dnsmasq updates (2.68rc1) - siproxd (VoIP) center. Version 1.2v, 14 Nov. 2013 - dnsmasq updates - Moskow Time +4 UTC fixed Version 1.2u, dnsmasq Updates Version 1.2u, dnsmasq Updates Version 1.2s, Buggy version. Version 1.2p , October 20,2013 look for changes in repo.cz/tomato .. Version 1.2i , September 29,2013 http://repo.or.cz/w/tomato.git/commit/f8c50e97880f3354bb9f6caf590802fa393d483b http://repo.or.cz/w/tomato.git/commit/407c7a5c5676491678f01f92b8b7f113da949073 http://repo.or.cz/w/tomato.git/commit/983398a9d722268e5a828bdcf1e0a39e8fe5994c http://repo.or.cz/w/tomato.git/commit/97b2e3f8071efd5dcc3b0b06567099a10502ec8a http://repo.or.cz/w/tomato.git/commit/1e8ef575745583028d78e0292d0424d491a8ed4b Version 1.2g , September 26,2013. *- OpenVPN updated to 2.3.2 release *- OpenSSL updated to 1.0.1e release *- dnsmasq updated to patches dated 25Sept2013. *- BW Limiter bug solved. *- Captive Portal works again. *- Switch to enable Remote access when DMZ is enabled (Port Forwarding GUI). Version 1.2e , September 18,2013. http://repo.or.cz/w/tomato.git/commit/12746cfc79298a8f04b0da35479e2aaa0c9e8401 http://repo.or.cz/w/tomato.git/commit/2e47fc296d0cb9030f5445933c43d5acc2acd110 http://repo.or.cz/w/tomato.git/commit/1e36e1452a14d56ef75b90ed174696af52d293e0 http://repo.or.cz/w/tomato.git/commit/bb894ebf829539853d97f9d255c558dc671e519c In resume, dnsmasq works much better now, IPv6 changes and RT-AC66U high latency LAN ping bug fixed. Version 1.2 , August 26th, 2013. - Firewall Rules included for NGINX when enabled. - DMZ don't conflict when you remotely access the router. - IPv6 Updates. - DNSCRYPT-PROXY: Compatible when IPv6 is enabled. - ACCESS RESTRICTION: Include IPv6 string filter. Solved bug from z release. - NGINX: Option to keep configuration files untouched after manual edition. - nvram: qos rules added. - VLAN: Correct mapping Netgear 3500L V2 allowing tagging now. - Access Restriction: delete a rule don't work using Chrome/Firefox (known) browser. - dnsmasq: Update August 23,2013. - dnsmasq: Set SOREUSEADDR as well as SOREUSEPORT on DHCP sockets when both available. - usbmodeswitch: Update version 1.27. Read changelog for new models. - bridge: avoid ethtool on non running interface. - bridge: respect RFC2863 operational state. - NGINX: adding reverse proxy environment path. - NGINX: Version 1.4.2 updated. Proxy server added. Version 1.1y, August 6, 2013. - Busybox 1.21.1 (stable). udhcpc control and lsof added. --http://repo.or.cz/w/tomato.git/commit/87a40a1775f5267eb6dc2937abd641d302abf739 - ASCII character set information note in GUI --http://repo.or.cz/w/tomato.git/commit/29edfac4a1dbb77ed0fc876060eac87358617c84 - Status Overview GUI with new Label for RAM --http://repo.or.cz/w/tomato.git/commit/29edfac4a1dbb77ed0fc876060eac87358617c84 - QoS and BW Limiter not compatible Info message. --http://repo.or.cz/w/tomato.git/commit/29edfac4a1dbb77ed0fc876060eac87358617c84 - Acces Restriction was restricting Port 53 services -- http://repo.or.cz/w/tomato.git/commit/a71e582a6f92fa8b7cae5144753ecb7ff5bb5087 Version 1.1x, August 1st, 2013. - Compatible firmware for RT-N66u new revisions -- http://repo.or.cz/w/tomato.git/commit/f9c4d632005b30b5f89221654a383c332377be9e - Default VLAN values for UPnP -- http://repo.or.cz/w/tomato.git/commit/d94a76fa03e818ad4fdb0237361e0b1a23a6feb5 - Kernel tune compilation parameter -- http://repo.or.cz/w/tomato.git/commit/d94a76fa03e818ad4fdb0237361e0b1a23a6feb5 - Text adaptation in GUI -- https://github.com/Victek/TomatoRAF/commit/6c27a7caeb5dfd4a7c36d3d680fbec7d16fa5ef2 - TCP Cubic as default congestion control -- https://github.com/Victek/TomatoRAF/commit/1f6cbbaca86e0678c3bc0e6a746cd5e82b41fac6 Version 1.1w, July 3, 2013. - Wireless driver for all versions --- http://repo.or.cz/w/tomato.git/commit/585fcbe4598e158b85e72cbbd9278b2b138d3af0 - exFAT configuration --- http://repo.or.cz/w/tomato.git/commit/585fcbe4598e158b85e72cbbd9278b2b138d3af0 - exFAT support --- http://repo.or.cz/w/tomato.git/commit/47972d41594f973798767f8a8a9fc0bcfe89e687 - IE6 upgrade request --- http://repo.or.cz/w/tomato.git/commit/47972d41594f973798767f8a8a9fc0bcfe89e687 - Extrarules to iptables for UDP request --- http://repo.or.cz/w/tomato.git/commit/91349658f8e771e135be04f885c21abbbb2cfb58 Version 1.1v, June 20, 2013. - New wireless driver for RT-N53, E3200 --- provisional on test. - usbmodeswitch updated to version 1.2.6 --- http://repo.or.cz/w/tomato.git/commit/9c955521e7a652c850f67cd71e4fa4d5902f08f5 - dnscrypt-proxy updated to version 1.3.0 -- http://repo.or.cz/w/tomato.git/commit/29ba78bc887de1a8c01bb5536ec2693d18563e43 - Added features to dnscrypto-proxy -------- http://repo.or.cz/w/tomato.git/commit/e926c11ff8ec60029166479a4577ced4fbe348d6 - PPP removed, not longer needed ----------- http://repo.or.cz/w/tomato.git/commit/e16dd46c6efccf7a05bcbbbdf6f47fd2dd0b292d - CPU % bug -------------------------------- http://repo.or.cz/w/tomato.git/commit/77b663b4f3217746ec5eeaca21d0096a1285a014 - libsodium to help dnscrypt-proxy --------- http://repo.or.cz/w/tomato.git/commit/c15b017c55c2bf74258de2f9c5478419e1764b06 Version 1.1u, June 17, 2013 - Kernel patches ---- http://repo.or.cz/w/tomato.git/commit/ac83df5a1751f84da07c61da9d8d1f4d383064fc - Netfilter optimization ---- http://repo.or.cz/w/tomato.git/commit/49040ef0bc5820d4a7abe9baca8ff1923884c4fa - VLAN's. RT-N66U model bug ---- http://repo.or.cz/w/tomato.git/commit/f5dbdf6478c040858117d7b962e2153373321068 - Access Restriction, iptables restore error ---- http://repo.or.cz/w/tomato.git/commit/72461a9ea71929bd48c327e25525093f8765dda3 Version 1.1t, June 6, 2013 _ Last patches for dnsmasq 2.67CS7. _ udhcpc is included also for 802.11Q VLAN and Ports. _ dnscrypt-proxy ntp server bug solved. _ internal code clean. Version 1.1s, June 3, 2013 - Updates for dnsmasq2.67CS6. - New BW Limiter. Accurate in rate limit. - Custom DNS configuration window for dnsmasq. - DynNDS Crypto for safe DNS navigation. Version 1.1r _ Updates for dnsmasq2.67 and pace syslog option _ NGINX custom window configuration replaces almost of basic parameters. _ VLAN and VID's creation and swap on the fly. Version 1.1o _ Link Control protocol customized LCP settings (pppoe) _ Web Server almost works, the configuration firewall rules are not implemented yet, you can do manualy using Firewall script window. iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT _ More patches for IPv6. _ iptraffic (cstats) more patches. Version 1.1n _ Partial revert of iptraffic 64bit counters, don't need all values ported to 64 bits. IPTraffic gui working again. Version 1.1m _ Tools- Ping IPv6 works now. _ IPTraffic and cstats. Extended counters to 64 bits to avoid bugs when a big amount of downloads are done. _ New drivers for Sierra IP-Direct modem. _ Netgear WRN3500L V2 can be updated through the Update firmware window now. Up to Version 1.1k _ DNSmasq 2.67 with patches up to today done in Tomat git. _ rp-pppoe 3.11 _ Dropbear 2013.58 _ BusyBox ... 1.20.2 release. _ NGINX 1.4.0. Web Server with HHTP-HTTPS-SPDY ready. _ PHP 5.4.14. PHP-Cli, PHP-Fastcgi. _ PCRE 8.32. _ Network Traffic Congestion Control (Look at the bottom of QoS Basic menu). _ NTPD Server. _ OpenSSl release 1.0.1c _ Ext3 filesystem OOM (Out of Memory) issue fixed. _ Captive Portal (Nocat) Operation fixed. But this feature will be replaced by NoDog, Don't care about hhtps bug. _ Bandwidth Limiter (using TC Shaping) fixed. _ MicroSD available has Multi Flash Reader unit (RT-N66U). Write Speed 1.5MB/sec, Read Speed 7MB/sec (Class 10 MicroSD). _ VLAN .. Up to 16 VLAN. _ IGMP Proxy ... TCP and UDP (for IPTV). _ VWIFI .. (Virtual Wireless) Up to three additional wireless SSID per each radio device. _ IP Traffic ... Down/Upload rate per each IP in the LAN. _ PPTP (VPN) Client/Server. _ New RAF logo. _ Included ssl block capacity via iptables using Restrictions GUI (From EasyTomato ports). _ Microcom utility to send AT commands to your 3G modem. _ Ethernet Port Status (from RMerlin and shibby ports). *********************************************************** ** How to use microcom utility? 1st. Discover the tty id of your device. From telnet type: root@unknown:/tmp/home/root# cat /proc/tty/drivers 2nd. Once dicovered run microcom by typing: root@unknown:/tmp/home/root# microcom -t 5000 -s 115200 /dev/tty00 at OK at%imei 346875885**** ********************************************************** Section 4. What is inside of the beta release? _ You may see NGinx 1.4.0 + PCRE 8.32 + PHP 5.4.14 and binaries.., ready to be tested (User Manual at Section 5). _ You may see siproxd 0.8.1 traces and binaries, WIP, not finished yet. _ You may see libosip 2.4.0.0 traces and binaries, WIP, not finished yet _ You may see Nodog Captive Portal 0.9_beta 9.9.6, WIP, not finished yet. It will replace Nocat, why? Bandwidht limiter add. * But no one of these modifications or any other tests will transmit or leak any personal information about your device, computer, software, user name or passwords, public IP, country where you live, data. I do not create backdoors or statistics about the number of users running Tomato RAF. ************************************************************** Section 5. Wishes, Tests to perform and Thanks. What I would ask you to test? _ Please use the Bandwidth limiter to check that no random reboots are present [it occurs after browsing many url or download big amount of data] _ Please check BW limiter. It should limit < 200+400KB (for a ceiling of 5MB/sec) under the selected value due to unwanted TCP header. _ Please test IPv6 addresses ping tool. _ Please chek the web server, Response speed, php, rate limiter, concurrent users, web documents using USB pendrive... _ Please check NOCAT. _ Please check WAN-LAN bandwidth performance. If you have WAN Gigabit Access tell me the Down/Up speed attached. _ Please test the right performance and speed of VPN. _ And any other thing you may consider necessary. _ Please check Access Restriction features. You can enter the domain name without .com or .net .. (i.e. type 'facebook' without ') _ Test tty command and microcom command if you have 3G modem. Thank you in advance for your cooperation. If you like to Donate to my PayPal account do it in victek.is-a-geek.com site. Tomato RAF Vicente Soriano. **************************************************************** Section 6. NGINX Web Server. User Manual. nginx can deploy dynamic HTTP content on a network using FastCGI, SCGI handlers for scripts, uWSGI application servers or Phusion Passenger module, and it can serve as a software load balancer. Is an open source application with advanced security and small footsize. NGINX for Tomato has been build from the source code and integrated with other packages by Tomato RAF Team. Why we choice NGINX for Tomato firmware?, read this; http://news.netcraft.com/archives/2012/10/02/october-2012-web-server-survey.html Questions & Answers. Q. ) What modules are implemented in Tomato Web Server? A. ) All the standard modules available for NGINX. Most remarkable modules are: _ HTTP and HTTPS scalable to SPDY (We will explain how to generate secure certificates in this Manual). _ CGI and FastCGI. _ Rate limiter, Flood protection and Speed Limiter. Q. ) May I add more features not covered in Tomato integration? A. ) Yes, download Tomato RAF source code, you can modify or add more features OR ask Tomato developpers for a customized application Q. ) May I replace my home web server by the version built in Tomato? A. ) Definetively Yes, but pay antention to the Router specifications we observed when we create NGINX for Tomato. _ USB available to place, replace, modify, add your web documents. _ 64MB RAM Memory. Q. ) How many users can access to the NGINX-Tomato Web Server? A. ) In order to leave main process working without hicks we established a number of 256 users per second with a maximum of 1024 concurrent connections. Your browser establish many connections when you access a web site. Q. ) What's the maximal speed transferring files achieved by NGINX-Tomato Web Server? A. ) Can be modified in the Web Server Control Pannel with available settings. Q. ) Can I fix the priority of the webserver over other router process to improve the response time to requests? A. ) Yes, it's available in the Control Panel. Q. ) I have one spare router and I want to use it just for Web Server with high traffic. A. ) Then contact us and we can provide you a modified version according your router specifications. Q. ) May I create a connection between the Captive Portal and the NGINX-Tomato Web server to use it as MMC or Sponsors adds? A. ) Sure, it's one of the targets we developped it, ask us, we create Intranet version. Q. ) Where I can find more information about NGINX and what's posible to do with this feature? A. ) In http://en.wikipedia.org/wiki/Nginx or http://wiki.nginx.org/ or http://nginx.com/services.html User Manual. All the adjustments and effects are shown in the User Interface page (Web Server) in your router. Enjoy! Tomato RAF Team.