Hi, Hola, Bonjour... Last update. December 23, 2013. Beta Release Tomato RAF 1.28.9013 v1.2x The firmware files in this section are leased to people with knowledege what they do (not all humans know it). Target: To test this firmware and report back your opinion and findings. Result: To release and enjoy an stable and performance firmware in your router keeping safe your privacy and data. ********************************************************************** DISCLAIMER: These firmwares are extremely unlikely to brick your router BUT some functionality may be broken. USE AT YOUR OWN RISK. I am not responsible for any damage or loss that you incur using these firmwares including but not limited to loss of profits. ********************************************************************** Index. Section 1. How to install or Upgrade. Section 2. Hints and cautions. Section 3. Changelog. Section 4. What is inside of the beta release? Section 5. Wishes, Tests to perform and Thanks. Section 6. NGINX Web Server. User Manual. ********************************************************************* Section 1. How to install or Upgrade. 1.a) Update from previous Tomato RAF beta (1.1d or 1.1e or 1.1f-g-h-i...). _ Do the update when your device is iddle or few Internet traffic is going throught, it may extend the Flashing time and give you some warnings (Timeout). _ Stop (Unmount) and unplug any USB device you may have. _ Use the Administration/Upgrade option in your router menu an then upload the file you downloaded. 1.b) Update process from previous Tomato RAF version: _ Do the update when your device is iddle or few Internet traffic is going throught, it may extend the Upgrade time and give you some warnings (Timeout). _ Stop (Unmount) and unplug any USB device you may have. _ Use the Administration/Upgrade option in your router menu an then upload the file you downloaded. PLEASE, DO a NVRAM ERASE during the update or using the option in Administration/Configuration options menu. Config the settings from scratch manually, do not used restored configurations. 1.c) Update process from stock firmware: - In most of cases you need to upgrade a bridge firmware depending on your model router or perform a tftp push. For Linksys E series you can upgrade directly from the stock firmware. For Asus RT-N16 use the bridge firmware file that you can find in my utilities and recover section or use the ASUS recovery tool to update directly the Tomato RAF file for your router. I use always a tftp command utility setting the Asus router in recovery mode (pressing the reset button while power on until the power led flash once every 1-2 seconds and fixing an static IP in my network card like this: Computer IP: 192.168.1.5 Network mask: /24 Gateway IP (router): 192.168.1.1 and then in terminal command prompt I type: Prompt$> tftp 192.168.1.1 > bin > put (name of the file to upload to the router).trx and wait until the end upload message appears. Then wait for 5 minutes, power off your router and power on again. Restore your network card settings, (automatic DHCP) That's all, enter in your router menu using the default IP (192.168.1.1) with your browser. ********************************************************* Section 2. Hints and cautions. _ In this upgrade and due to the firmware size you may encounter that the welcome screen in the router do not appear when the reboot process has been exhausted, don't worry, wait 20-30 seconds and then type your router IP (192.168.1.1) in the browser window. It will appear. The reason? New timeouts have been programmed in the update firmware but will not be active until you do the next upgrade, your past firmware had shorter reboot and upgrade timings. _ To remind ... default user = admin , default password = admin ********************************************************* Section 3. Changelog. * - Whats's new in 9013 R1.2 Beta Releases? Models supported in the Beta (final release will support additional models): Asus RT-N10 (some versions)-> YES Asus RT-N12 B1--------------> YES Asus RT-N16 ----------------> YES Asus RT-N53 ----------------> YES Asus RT-N66U ---------------> YES Asus RT-AC66U --------------> YES Belkin F7D4301 -------------> YES Cisco M10 ------------------> YES Cisco E800 -----------------> YES Cisco E900 -----------------> YES Cisco E2000 ----------------> YES Cisco E1200 v2 -------------> YES Cisco E1500 ----------------> YES Cisco E1550 ----------------> YES Cisco E1000 v.2-2.1 --------> YES Cisco E2550 ----------------> YES Cisco E3000 ----------------> YES Cisco E3200 ----------------> YES Cisco E4200 v1--------------> YES Cisco WRT-320N -------------> YES Netgear WNR3500L v2 --------> YES -------------------------------------------------------------------------------------------------- CHANGELOG. Release 9014-v1.3 _ Dnsmasq updates and DNSSEC consolidation (2.69 test version) read more http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions Test from your PC with .. dig test.dnssec-or-not.net TXT after you modified dnsmasq custom window with proxy-dnssec. _ New version for RT-AC56U and RT-AC68U. Beta, please report functions. _ Safe Cloud version for Tomato RAF. You can store your logs and settings in your Internet account (Dropbox) .. and restore it!!. _ Busybox 1.22 .. Read changelog in http://www.busybox.net/ _ BCMcrypto (Assorted Cryptographic Algorithms) updated Y2012 and common with new AC routers and ARM platform models. _ BCM57xx (Network driver) updated to Y2012 version and common for AC and ARM platform models. _ eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.110.27.20012 (Asus driver 13July2013) _ eth1: Broadcom BCM4329 802.11 Wireless Controller 5.110.27.20012 (b/g/n) _ eth2: Broadcom BCM4331 802.11 Wireless Controller 5.110.27.20012 (b/g/n) _ NGINX updated to release 1.5.11 _ PHP updated to release 5.5.10 _ miniupnpd updated to release 1.18 _ RT-AC56U and RT-AC68 ready to distribute first release ... Done in Version 1.2x Released 20 December 2013. Firmware Changes: - Dnsmasq updates (2.69. dated Dec 16 2013), - Nginx updated to 1.4.4 together with PHP-FastCGI process manager. - Login name customized window. - IPv6. Some sites (facebook) not accesible. Code again TCP MSS clamp for IPV6 with ppp connection, Thanks to Vladislav Grishenko to point it. - IPv6. Added Option in DHCPv6-PD to access some difficult ISP settings. Useful for some NZ and AU ISP's. - QoS broken with IPv6 solved. Need to test statistics. - DHCPv6-PD random connection problem solved. - IPv6 ICMP firewall added. - IPv6 SSH pass added. - Kernel patches for carrier-on bug, 14 service patchs more applied. - Tools-ping: allows now ping to hyphen url's (no-ip.org). http://www.linksysinfo.org/index.php?attachments/upload_2013-12-9_17-32-54-png.2564/ - Dnscrypt-proxy: upstream to 1.3.3 version - Libsodium: upstream to 0.45 version - Dropbear: upstream to 2013.62 version. Includes ecdsa key. - Openssl: generates ecdsa host key. - Menu language typos. Thanks to Elfew. ..... Version 1.2w, 23 Nov. 2013 - dnsmasq updates (2.68rc1) - siproxd (VoIP) center. Version 1.2v, 14 Nov. 2013 - dnsmasq updates - Moskow Time +4 UTC fixed Version 1.2u, dnsmasq Updates Version 1.2u, dnsmasq Updates Version 1.2s, Buggy version. Version 1.2p , October 20,2013 look for changes in repo.cz/tomato .. Version 1.2i , September 29,2013 http://repo.or.cz/w/tomato.git/commit/f8c50e97880f3354bb9f6caf590802fa393d483b http://repo.or.cz/w/tomato.git/commit/407c7a5c5676491678f01f92b8b7f113da949073 http://repo.or.cz/w/tomato.git/commit/983398a9d722268e5a828bdcf1e0a39e8fe5994c http://repo.or.cz/w/tomato.git/commit/97b2e3f8071efd5dcc3b0b06567099a10502ec8a http://repo.or.cz/w/tomato.git/commit/1e8ef575745583028d78e0292d0424d491a8ed4b Version 1.2g , September 26,2013. *- OpenVPN updated to 2.3.2 release *- OpenSSL updated to 1.0.1e release *- dnsmasq updated to patches dated 25Sept2013. *- BW Limiter bug solved. *- Captive Portal works again. *- Switch to enable Remote access when DMZ is enabled (Port Forwarding GUI). Version 1.2e , September 18,2013. http://repo.or.cz/w/tomato.git/commit/12746cfc79298a8f04b0da35479e2aaa0c9e8401 http://repo.or.cz/w/tomato.git/commit/2e47fc296d0cb9030f5445933c43d5acc2acd110 http://repo.or.cz/w/tomato.git/commit/1e36e1452a14d56ef75b90ed174696af52d293e0 http://repo.or.cz/w/tomato.git/commit/bb894ebf829539853d97f9d255c558dc671e519c In resume, dnsmasq works much better now, IPv6 changes and RT-AC66U high latency LAN ping bug fixed. Version 1.2 , August 26th, 2013. - Firewall Rules included for NGINX when enabled. - DMZ don't conflict when you remotely access the router. - IPv6 Updates. - DNSCRYPT-PROXY: Compatible when IPv6 is enabled. - ACCESS RESTRICTION: Include IPv6 string filter. Solved bug from z release. - NGINX: Option to keep configuration files untouched after manual edition. - nvram: qos rules added. - VLAN: Correct mapping Netgear 3500L V2 allowing tagging now. - Access Restriction: delete a rule don't work using Chrome/Firefox (known) browser. - dnsmasq: Update August 23,2013. - dnsmasq: Set SOREUSEADDR as well as SOREUSEPORT on DHCP sockets when both available. - usbmodeswitch: Update version 1.27. Read changelog for new models. - bridge: avoid ethtool on non running interface. - bridge: respect RFC2863 operational state. - NGINX: adding reverse proxy environment path. - NGINX: Version 1.4.2 updated. Proxy server added. Version 1.1y, August 6, 2013. - Busybox 1.21.1 (stable). udhcpc control and lsof added. --http://repo.or.cz/w/tomato.git/commit/87a40a1775f5267eb6dc2937abd641d302abf739 - ASCII character set information note in GUI --http://repo.or.cz/w/tomato.git/commit/29edfac4a1dbb77ed0fc876060eac87358617c84 - Status Overview GUI with new Label for RAM --http://repo.or.cz/w/tomato.git/commit/29edfac4a1dbb77ed0fc876060eac87358617c84 - QoS and BW Limiter not compatible Info message. --http://repo.or.cz/w/tomato.git/commit/29edfac4a1dbb77ed0fc876060eac87358617c84 - Acces Restriction was restricting Port 53 services -- http://repo.or.cz/w/tomato.git/commit/a71e582a6f92fa8b7cae5144753ecb7ff5bb5087 Version 1.1x, August 1st, 2013. - Compatible firmware for RT-N66u new revisions -- http://repo.or.cz/w/tomato.git/commit/f9c4d632005b30b5f89221654a383c332377be9e - Default VLAN values for UPnP -- http://repo.or.cz/w/tomato.git/commit/d94a76fa03e818ad4fdb0237361e0b1a23a6feb5 - Kernel tune compilation parameter -- http://repo.or.cz/w/tomato.git/commit/d94a76fa03e818ad4fdb0237361e0b1a23a6feb5 - Text adaptation in GUI -- https://github.com/Victek/TomatoRAF/commit/6c27a7caeb5dfd4a7c36d3d680fbec7d16fa5ef2 - TCP Cubic as default congestion control -- https://github.com/Victek/TomatoRAF/commit/1f6cbbaca86e0678c3bc0e6a746cd5e82b41fac6 Version 1.1w, July 3, 2013. - Wireless driver for all versions --- http://repo.or.cz/w/tomato.git/commit/585fcbe4598e158b85e72cbbd9278b2b138d3af0 - exFAT configuration --- http://repo.or.cz/w/tomato.git/commit/585fcbe4598e158b85e72cbbd9278b2b138d3af0 - exFAT support --- http://repo.or.cz/w/tomato.git/commit/47972d41594f973798767f8a8a9fc0bcfe89e687 - IE6 upgrade request --- http://repo.or.cz/w/tomato.git/commit/47972d41594f973798767f8a8a9fc0bcfe89e687 - Extrarules to iptables for UDP request --- http://repo.or.cz/w/tomato.git/commit/91349658f8e771e135be04f885c21abbbb2cfb58 Version 1.1v, June 20, 2013. - New wireless driver for RT-N53, E3200 --- provisional on test. - usbmodeswitch updated to version 1.2.6 --- http://repo.or.cz/w/tomato.git/commit/9c955521e7a652c850f67cd71e4fa4d5902f08f5 - dnscrypt-proxy updated to version 1.3.0 -- http://repo.or.cz/w/tomato.git/commit/29ba78bc887de1a8c01bb5536ec2693d18563e43 - Added features to dnscrypto-proxy -------- http://repo.or.cz/w/tomato.git/commit/e926c11ff8ec60029166479a4577ced4fbe348d6 - PPP removed, not longer needed ----------- http://repo.or.cz/w/tomato.git/commit/e16dd46c6efccf7a05bcbbbdf6f47fd2dd0b292d - CPU % bug -------------------------------- http://repo.or.cz/w/tomato.git/commit/77b663b4f3217746ec5eeaca21d0096a1285a014 - libsodium to help dnscrypt-proxy --------- http://repo.or.cz/w/tomato.git/commit/c15b017c55c2bf74258de2f9c5478419e1764b06 Version 1.1u, June 17, 2013 - Kernel patches ---- http://repo.or.cz/w/tomato.git/commit/ac83df5a1751f84da07c61da9d8d1f4d383064fc - Netfilter optimization ---- http://repo.or.cz/w/tomato.git/commit/49040ef0bc5820d4a7abe9baca8ff1923884c4fa - VLAN's. RT-N66U model bug ---- http://repo.or.cz/w/tomato.git/commit/f5dbdf6478c040858117d7b962e2153373321068 - Access Restriction, iptables restore error ---- http://repo.or.cz/w/tomato.git/commit/72461a9ea71929bd48c327e25525093f8765dda3 Version 1.1t, June 6, 2013 _ Last patches for dnsmasq 2.67CS7. _ udhcpc is included also for 802.11Q VLAN and Ports. _ dnscrypt-proxy ntp server bug solved. _ internal code clean. Version 1.1s, June 3, 2013 - Updates for dnsmasq2.67CS6. - New BW Limiter. Accurate in rate limit. - Custom DNS configuration window for dnsmasq. - DynNDS Crypto for safe DNS navigation. Version 1.1r _ Updates for dnsmasq2.67 and pace syslog option _ NGINX custom window configuration replaces almost of basic parameters. _ VLAN and VID's creation and swap on the fly. Version 1.1o _ Link Control protocol customized LCP settings (pppoe) _ Web Server almost works, the configuration firewall rules are not implemented yet, you can do manualy using Firewall script window. iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT _ More patches for IPv6. _ iptraffic (cstats) more patches. Version 1.1n _ Partial revert of iptraffic 64bit counters, don't need all values ported to 64 bits. IPTraffic gui working again. Version 1.1m _ Tools- Ping IPv6 works now. _ IPTraffic and cstats. Extended counters to 64 bits to avoid bugs when a big amount of downloads are done. _ New drivers for Sierra IP-Direct modem. _ Netgear WRN3500L V2 can be updated through the Update firmware window now. Up to Version 1.1k _ DNSmasq 2.67 with patches up to today done in Tomat git. _ rp-pppoe 3.11 _ Dropbear 2013.58 _ BusyBox ... 1.20.2 release. _ NGINX 1.4.0. Web Server with HHTP-HTTPS-SPDY ready. _ PHP 5.4.14. PHP-Cli, PHP-Fastcgi. _ PCRE 8.32. _ Network Traffic Congestion Control (Look at the bottom of QoS Basic menu). _ NTPD Server. _ OpenSSl release 1.0.1c _ Ext3 filesystem OOM (Out of Memory) issue fixed. _ Captive Portal (Nocat) Operation fixed. But this feature will be replaced by NoDog, Don't care about hhtps bug. _ Bandwidth Limiter (using TC Shaping) fixed. _ MicroSD available has Multi Flash Reader unit (RT-N66U). Write Speed 1.5MB/sec, Read Speed 7MB/sec (Class 10 MicroSD). _ VLAN .. Up to 16 VLAN. _ IGMP Proxy ... TCP and UDP (for IPTV). _ VWIFI .. (Virtual Wireless) Up to three additional wireless SSID per each radio device. _ IP Traffic ... Down/Upload rate per each IP in the LAN. _ PPTP (VPN) Client/Server. _ New RAF logo. _ Included ssl block capacity via iptables using Restrictions GUI (From EasyTomato ports). _ Microcom utility to send AT commands to your 3G modem. _ Ethernet Port Status (from RMerlin and shibby ports). *********************************************************** ** How to use microcom utility? 1st. Discover the tty id of your device. From telnet type: root@unknown:/tmp/home/root# cat /proc/tty/drivers 2nd. Once dicovered run microcom by typing: root@unknown:/tmp/home/root# microcom -t 5000 -s 115200 /dev/tty00 at OK at%imei 346875885**** ********************************************************** Section 4. What is inside of the beta release? _ You may see NGinx 1.4.0 + PCRE 8.32 + PHP 5.4.14 and binaries.., ready to be tested (User Manual at Section 5). _ You may see siproxd 0.8.1 traces and binaries, WIP, not finished yet. _ You may see libosip 2.4.0.0 traces and binaries, WIP, not finished yet _ You may see Nodog Captive Portal 0.9_beta 9.9.6, WIP, not finished yet. It will replace Nocat, why? Bandwidht limiter add. * But no one of these modifications or any other tests will transmit or leak any personal information about your device, computer, software, user name or passwords, public IP, country where you live, data. I do not create backdoors or statistics about the number of users running Tomato RAF. ************************************************************** Section 5. Wishes, Tests to perform and Thanks. What I would ask you to test? _ Please use the Bandwidth limiter to check that no random reboots are present [it occurs after browsing many url or download big amount of data] _ Please check BW limiter. It should limit < 200+400KB (for a ceiling of 5MB/sec) under the selected value due to unwanted TCP header. _ Please test IPv6 addresses ping tool. _ Please chek the web server, Response speed, php, rate limiter, concurrent users, web documents using USB pendrive... _ Please check NOCAT. _ Please check WAN-LAN bandwidth performance. If you have WAN Gigabit Access tell me the Down/Up speed attached. _ Please test the right performance and speed of VPN. _ And any other thing you may consider necessary. _ Please check Access Restriction features. You can enter the domain name without .com or .net .. (i.e. type 'facebook' without ') _ Test tty command and microcom command if you have 3G modem. Thank you in advance for your cooperation. If you like to Donate to my PayPal account do it in victek.is-a-geek.com site. Tomato RAF Vicente Soriano. **************************************************************** Section 6. NGINX Web Server. User Manual. nginx can deploy dynamic HTTP content on a network using FastCGI, SCGI handlers for scripts, uWSGI application servers or Phusion Passenger module, and it can serve as a software load balancer. Is an open source application with advanced security and small footsize. NGINX for Tomato has been build from the source code and integrated with other packages by Tomato RAF Team. Why we choice NGINX for Tomato firmware?, read this; http://news.netcraft.com/archives/2012/10/02/october-2012-web-server-survey.html Questions & Answers. Q. ) What modules are implemented in Tomato Web Server? A. ) All the standard modules available for NGINX. Most remarkable modules are: _ HTTP and HTTPS scalable to SPDY (We will explain how to generate secure certificates in this Manual). _ CGI and FastCGI. _ Rate limiter, Flood protection and Speed Limiter. Q. ) May I add more features not covered in Tomato integration? A. ) Yes, download Tomato RAF source code, you can modify or add more features OR ask Tomato developpers for a customized application Q. ) May I replace my home web server by the version built in Tomato? A. ) Definetively Yes, but pay antention to the Router specifications we observed when we create NGINX for Tomato. _ USB available to place, replace, modify, add your web documents. _ 64MB RAM Memory. Q. ) How many users can access to the NGINX-Tomato Web Server? A. ) In order to leave main process working without hicks we established a number of 256 users per second with a maximum of 1024 concurrent connections. Your browser establish many connections when you access a web site. Q. ) What's the maximal speed transferring files achieved by NGINX-Tomato Web Server? A. ) Can be modified in the Web Server Control Pannel with available settings. Q. ) Can I fix the priority of the webserver over other router process to improve the response time to requests? A. ) Yes, it's available in the Control Panel. Q. ) I have one spare router and I want to use it just for Web Server with high traffic. A. ) Then contact us and we can provide you a modified version according your router specifications. Q. ) May I create a connection between the Captive Portal and the NGINX-Tomato Web server to use it as MMC or Sponsors adds? A. ) Sure, it's one of the targets we developped it, ask us, we create Intranet version. Q. ) Where I can find more information about NGINX and what's posible to do with this feature? A. ) In http://en.wikipedia.org/wiki/Nginx or http://wiki.nginx.org/ or http://nginx.com/services.html User Manual. All the adjustments and effects are shown in the User Interface page (Web Server) in your router. Enjoy! Tomato RAF Team.