Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Firmware-update: FreshTomato 2020.8

FreshTomato logo (79 pix) FreshTomato is een van Tomato afgeleide firmware voor verschillende op ARM of MIPS gebaseerde routers van Asus, D-Link, Huawei, Linksys, Netgear, Tenda en Xiaomi. Het kan gezien worden als de voortzetting van 'Tomato by Shibby' sinds deze ontwikkelaar, Michał Rupental, zijn tijd aan andere projecten wil besteden. De FreshTomato-firmware voegt ten opzichte van de originele firmware van de fabrikant diverse extra opties toe, zoals een realtime-bandbreedtemonitor en uitgebreide instelmogelijkheden. De ontwikkelaars hebben FreshTomato 2020.8 uitgebracht en deze is beschikbaar voor routers met een arm- of mips-cpu.

FreshTomato-MIPS Changelog
  • kernel: net_sched: fix datalen for ematch
  • openvpn: update to 2.5.0
  • openvpn-2.4: update to 2.4.10
  • nano: update to 5.4
  • nginx: update to 1.19.5
  • dropbear: update to 2020.81
  • xl2tpd: update to 1.3.16
  • busybox: update to 1.31.1
  • tor: update to 0.4.4.6
  • SNMP: update to 5.9; clean sources, add patches instead
  • igmpproxy: update to 78eda58 (2020-09-05) snapshot; reduce size for the smallest targets
  • udpxy: update to 1.0-25.1
  • miniupnpd: update to 2.2.0
  • adminer: update to 4.7.8
  • gmp: update to 6.2.1
  • openssl-1.1: update to 1.1.1i
  • sqlite: update to 3.34.0
  • uqmi: update to 2020.11.22 (0a19b5b) snapshot
  • wsdd2: update to 2020.11.19 (e0cf50d) snapshot
  • libcurl: update CA certificate bundle as of 2020-10-14
  • build: add D-Link DIR-865L support
  • build: harmonize BW Limiter filenames, service name, variables names, etc., also in NVRAM; it was a real mess...; Note: those using BW Limiter must either manually rename the variables in NVRAM or enter the values from scratch
  • build: don't include USB pages and other stuff on routers with wl_high module but without USB support
  • build: fix rp-pppoe recipe - patches were not applied
  • build: kernel: add comment and statistic netfilter for iptables (Mega-VPN and AIO targets)
  • build: reduce size for pppd/dnsmasq only for smallest targets
  • build: changes in patch_files macro
  • build: librt is required on every target with USB support (for e2fsprogs)
  • IPv6: extend GUI status page (status-overview.asp) - show IPv6 WAN DNS addresses
  • IPv6: send ICMPv6 RSes only when RAs are accepted; see here.
  • IPv6: unify logic evaluating inet6_dev's accept_ra property; see here.
  • IPv6: make 'addrconf_rs_timer' send Router Solicitations (and re-arm itself) if Router Advertisements are accepted; see here.
  • IPv6: split IPv6 / IPv4 up and down logic (they work independent of each other now)
  • GUI: openvpn: remove option to enable/disable NCP (deprecated)
  • GUI: openvpn: make Data Ciphers (ncp-ciphers) editable
  • GUI: openvpn: only use the old --cipher setting in static key mode
  • GUI: openvpn: add stub/stub-v2 compression support to OpenVPN client
  • GUI: openvpn: implement tls-crypt-v2 support
  • GUI: openvpn server: fix bug with generating client configuration in 'secret' mode
  • GUI: openvpn server: implement 'Serial number' for generated client configuration in 'tls' mode
  • GUI: openvpn server: implement CRL file
  • GUI: openvpn client: distinguish between remote-cert-tls and verify-x509-name options
  • GUI: advanced-wlanvifs.asp - add AP Isolation setting also for VIFs
  • GUI: Admin: Debugging: add Clear Cache link (removes all Storage Object item for domain/IP address)
  • GUI: also add localStorage.clear() on admin-upgrade and admin-access pages
  • GUI: basic-network.asp - repair scan button function and provide control channel at wireless survey
  • GUI: improvement to shutdown() - added 2nd pop-up with confirmation
  • GUI: Advanced: DHCP/DNS: extend allowed dnsmasq custom configuration text area to 4096 characters
  • GUI: MultiWAN Routing: extend Domain field to 70 characters
  • GUI: QoS Graphs: fix displaying correct number of connections for the lowest priority class in BW Distribution
  • GUI: tinc: properly format the display of information on the Status page
  • GUI: Admin: Debugging: add possibility to enable segfault logging to syslog
  • GUI: Advanced: Firewall: simplify the part with WAN behavior for ping and traceroute
  • GUI: advanced-wireless - restrict tx power range (for very low values); Via GUI we allow a tx power range in mW from 5 to 1000 or default value 0 (-1 will be used for the wl driver) --> AVOID 1-4 mW area; see latest findings here.
  • adblock: update blacklist URLs
  • busybox: add (conditionally, only for AIO and Mega-VPN targets) time and getopt applets
  • dropbear: use common random source for ltm
  • dropbear: libtommath: enable fixed cutoffs as size-optimization
  • ebtables: reduce size (except for Mega-VPN and AIO targets)
  • ffmpeg/minidlna: do not reduce size for Mega-VPN and AIO targets
  • firewall: RT and RT-N branches (MIPS) do not load ipt_REDIRECT automagically
  • firewall: adjust limit connection attempts (ssh/telnet) for IPv6 (and align to IPv4 --> remove incoming device, apply to all)
  • dnsmasq: suppress more unwanted errors/warning about ipset
  • dnsmasq: add default edns_pktsz
  • firewall: allow incoming IPv6 from br0 to br3 (and align also to IPv4)
  • getdns: listeners reply returned wireformat (fix from upstream, issue #430)
  • ipset: reduce size
  • ipset: do not reduce size for Mega-VPN and AIO targets
  • iptables: update reduce size patch
  • MOTD: only display Wireless info if that radio is enabled
  • MOTD: fix motd and remove ethstate leftovers
  • multiwan: in case of multiwan, don't set default gateway route. mwanroute script will handle this
  • multiwan: mwan_load_balance: if connection is down, clear old mwan state
  • multiwan: make watchdog less destructive to the routing table (only modify route of test hosts); change default checker to curl
  • watchdog: new method of checking without breaking existing connections to the check hosts
  • watchdog: fix incorrect ISPPPD check and condition
  • ntp: implement ntp server properly
  • openvpn: switch to the subnet topology, instead of the deprecated net30 topology; Ref.
  • openvpn: ensure DHCP doesn't override our default route (fixes TAP+DHCP)
  • openvpn: hide build date
  • openvpn: add 'mode p2p' option to generated client config if auth mode is static
  • openvpn: fix some OpenVPN issues in the smallest image (MiniVPN - j)
  • openvpn-2.4: reduce size (disable des)
  • openssl: conf: add extendedKeyUsage also to usr_cert section
  • patches: dropbear: add forgotten LOCAL_IDENT to override orig ident
  • pppd: fix/correction for commit IPv6: split IPv6 / IPv4 up and down logic (see here); fix for: PPTP Server and Client not working anymore
  • pppd: add two patches from openwrt: retain foreign default routes on Linux, remove runtime kernel checks
  • vpnrouting: do not add local routes if in PBR strict mode; also use 'via $route_vpn_gateway' if available
  • vsftpd: add native support for basic ftp_tls using router httpd cert/key
  • httpd: openvpn.c: fix generation of client configuration file for user&pass/user&pass only Auth
  • httpd: fix problems with server.pem key when using HTTPS
  • httpd: use UTF-8 decoding for SSIDs
  • www: fix escapeCGI to properly encode unicode
  • defaults.c : disable IP Traffic (cstats) Monitoring feature by default and save cpu workload; In additon disabling cstats avoids the waring/note at basic-network.asp that netmask should have at least 22 bits (255.255.252.0); fix issue #72
  • rc: firewall.c: use REDIRECT target instead of DNAT to intercept dns traffic, as it's more efficient
  • rc: firewall.c: raise a little allowed hit count in BF protection for remote GUI access (part 2 for IPv6)
  • rc: firewall.c: only intercept udp requests to port 123, ntpd does not listen to tcp
  • rc: firewall.c: be more restrictive, only allow ICMP messages we need
  • rc: openvpn.c: add keepalive to client config
  • rc: openvpn.c: client: fix ineffective "route" directives when PBR active; discussion.
  • rc: ppp.c: - set nvram "wan_iface" also in case IPv6 link up (function ip6up_main()); fix for: ipup_main() not yet (or later) called --> nvram variable "wan_iface" needed for function start_dhcp6c()
  • rc: vsftpd: disable (broken) process isolation under MIPS
  • rc: services: adjust function start_dnsmasq() and check wireless bridge after stop_dnsmasq(); fix for: in wireless ethernet bridge mode, router time not working anymore
  • rc: wan.c - adjust function config_pppd() and start/add IPv6 only for "wan" (no IPv6 multiwan support)
  • shared: defaults: change wifi rxchain powersave mode; turn it off by default now; Note: this can/could help some netgear router user
FreshTomato-ARM Changelog
  • kernel SDK6: small update for bridge (sync with asus src)
  • kernel SDK6: netfilter: nf_conntrack_core.c - small update and add one more check; Note: align/sync with asus src
  • kernel sdk7: QoS: fix definitely ingress system; two modules needed for operation were not built; mirred sched needed patch
  • kernel: netfilter: ebtables: convert BUG_ONs to WARN_ONs
  • kernel: netfilter: ebtables: fix a memory leak bug in compat
  • kernel: netfilter: ebtables: compat: reject all padding in matches/watchers
  • kernel: net_sched: fix datalen for ematch
  • SDK6: update wireless driver (dual core) - 6.37 RC14.126 wl0: Aug 10 2020 17:00:56 version 6.37.14.126 (r561982)
  • SDK6: small update for et (sync with asus src); Note: ARP skip ctf
  • SDK6: update ctf (part 2) (for single and dual-core)
  • SDK6: update NAS / Network Authentication Server
  • SDK7: update NAS / Network Authentication Server; Note: only binary blob
  • SDK7: router: wlconf: use src files / compile from src
  • SDK7: GUI: keep the current wireless noise floor value(s) on device list page - now it's supported
  • SDK7: update wl util; Note: GPL 300438252287 / only blob
  • SDK7: update emf / igs; Note: GPL 300438252287 / only blob
  • openssl-1.1: update to 1.1.1i
  • openvpn: update to 2.5.0
  • nano: update to 5.4
  • nginx: udpate to 1.19.5
  • php: update to 7.2.34
  • dropbear: update to 2020.81
  • xl2tpd: update to 1.3.16
  • iptables: update to 1.8.6
  • busybox: update to 1.31.1
  • tor: update to 0.4.4.6
  • SNMP: update to 5.9; clean sources, add patches instead
  • igmpproxy: update to 78eda58 (2020-09-05) snapshot
  • udpxy: update to 1.0-25.1
  • miniupnpd: update to 2.2.0
  • adminer: update to 4.7.8
  • gmp: update to 6.2.1
  • sqlite: update to 3.34.0
  • uqmi: update to 2020.11.22 (0a19b5b) snapshot
  • wsdd2: update to 2020.11.19 (e0cf50d) snapshot
  • libcurl: update CA certificate bundle as of 2020-10-14
  • build: add wireless band steering feature (turned off by default); WARNING: if someone wants to enable this feature - should do a clean update (or adjust the values manually)
  • build: add Netgear R6700v1 support
  • build: add Asus RT-AC67U Support
  • build: add Asus RT-N66U C1 support (almost the same like RT-AC66U B1)
  • build: correct R6400, R6400v2 and R6700v3 board_data partition offset and size to fix board data from being overwritten by jffs
  • build: harmonize BW Limiter filenames, service name, variables names, etc., also in NVRAM; it was a real mess...; Note: those using BW Limiter must either manually rename the variables in NVRAM or enter the values from scratch
  • build: update R1D leds Blue for Internet as original fw, Red for diag
  • build: changes in patch_files macro
  • build: librt is required on every target with USB support (for e2fsprogs)
  • IPv6: extend GUI status page (status-overview.asp) - show IPv6 WAN DNS addresses
  • IPv6: send ICMPv6 RSes only when RAs are accepted; see here.
  • IPv6: unify logic evaluating inet6_dev's accept_ra property; see here.
  • IPv6: make 'addrconf_rs_timer' send Router Solicitations (and re-arm itself) if Router Advertisements are accepted; see here.
  • IPv6: split IPv6 / IPv4 up and down logic (they work independent of each other now)
  • GUI: openvpn: remove option to enable/disable NCP (deprecated)
  • GUI: openvpn: make Data Ciphers (ncp-ciphers) editable
  • GUI: openvpn: only use the old --cipher setting in static key mode; remove obsolete hmac digests from server options (leave them in client for compatibility)
  • GUI: openvpn: add stub/stub-v2 compression support to OpenVPN client
  • GUI: openvpn: implement tls-crypt-v2 support
  • GUI: openvpn server: fix bug with generating client configuration in 'secret' mode; also add some more checks
  • GUI: openvpn server: implement 'Serial number' for generated client configuration in 'tls' mode
  • GUI: openvpn server: implement CRL file
  • GUI: openvpn client: distinguish between remote-cert-tls and verify-x509-name options
  • GUI: openvpn: fix formatting
  • GUI: advanced-wlanvifs.asp - add AP Isolation setting also for VIFs
  • GUI: Admin: Debugging: add Clear Cache link (removes all Storage Object item for domain/IP address)
  • GUI: also add localStorage.clear() on admin-upgrade and admin-access pages
  • GUI: basic-network.asp - repair scan button function and provide control channel at wireless survey
  • GUI: improvement to shutdown() - added 2nd pop-up with confirmation
  • GUI: Advanced: DHCP/DNS: extend allowed dnsmasq custom configuration text area to 4096 characters
  • GUI: MultiWAN Routing: extend Domain field to 70 characters
  • GUI: QoS Graphs: fix displaying correct number of connections for the lowest priority class in BW Distribution
  • GUI: tinc: properly format the display of information on the Status page; fixes #71
  • GUI: Admin: Debugging: add possibility to enable segfault logging to syslog
  • GUI: Advanced: Firewall: simplify the part with WAN behavior for ping and traceroute
  • GUI: advanced-wireless - restrict tx power range (for very low values); Via GUI we allow a tx power range in mW from 5 to 1000 or default value 0 (-1 will be used for the wl driver) --> AVOID 1-4 mW area; see latest findings here.
  • adblock: update blacklist URLs
  • busybox: add time and getopt applets
  • dnsmasq: add default edns_pktsz
  • dropbear: use common random source for ltm
  • dropbear: libtommath: enable fixed cutoffs as size-optimization
  • firewall: allow incoming IPv6 from br0 to br3 (and align also to IPv4); fix issue #75
  • firewall: adjust limit connection attempts (ssh/telnet) for IPv6 (and align to IPv4 --> remove incoming device, apply to all)
  • getdns: listeners reply returned wireformat (fix from upstream, issue #430)
  • iproute2: updates from upstream
  • MOTD: only display Wireless info if that radio is enabled
  • MOTD: fix motd and remove ethstate leftovers
  • multiwan: in case of multiwan, don't set default gateway route. mwanroute script will handle this
  • multiwan: mwan_load_balance: if connection is down, clear old mwan state
  • multiwan: make watchdog less destructive to the routing table (only modify route of test hosts); change default checker to curl
  • watchdog: new method of checking without breaking existing connections to the check hosts
  • watchdog: fix incorrect ISPPPD check and condition
  • ntp: implement ntp server properly
  • openvpn: extend data-cipher length as per the ovpn documentation
  • openvpn: switch to the subnet topology, instead of the deprecated net30 topology; Ref.
  • openvpn: ensure DHCP doesn't override our default route (fixes TAP+DHCP)
  • openvpn: hide build date
  • openvpn: add 'mode p2p' option to generated client config if auth mode is static
  • openssl: conf: add extendedKeyUsage also to usr_cert section
  • pppd: fix/correction for commit IPv6: split IPv6 / IPv4 up and down logic (see here); fix for: PPTP Server and Client not working anymore
  • pppd: add two patches from openwrt: retain foreign default routes on Linux, remove runtime kernel checks
  • vpnrouting: do not add local routes if in PBR strict mode; also use 'via $route_vpn_gateway' if available
  • vsftpd: add native support for basic ftp_tls using router httpd cert/key
  • httpd: openvpn.c: fix generation of client configuration file for user&pass/user&pass only Auth
  • httpd: fix problems with server.pem key when using HTTPS
  • httpd: ctnf.c: use ifb instead of imq for ARM, as a ingress system not only for default WAN
  • httpd: use UTF-8 decoding for SSIDs
  • www: vpn-tinc.asp: fix typo (also fixes #60)
  • www: fix escapeCGI to properly encode unicode
  • defaults.c : disable IP Traffic (cstats) Monitoring feature by default and save cpu workload; In additon disabling cstats avoids the waring/note at basic-network.asp that netmask should have at least 22 bits (255.255.252.0); fix issue #72
  • rc: firewall.c: use REDIRECT target instead of DNAT to intercept dns traffic, as it's more efficient
  • rc: firewall.c: raise a little allowed hit count in BF protection for remote GUI access (part 2 for IPv6)
  • rc: firewall.c: only intercept udp requests to port 123, ntpd does not listen to tcp
  • rc: firewall.c: be more restrictive, only allow ICMP messages we need
  • rc: openvpn.c: add keepalive to client config
  • rc: openvpn.c: client: fix ineffective "route" directives when PBR active; discussion.
  • rc: ppp.c: - set nvram "wan_iface" also in case IPv6 link up (function ip6up_main()); fix for: ipup_main() not yet (or later) called --> nvram variable "wan_iface" needed for function start_dhcp6c()
  • rc: pptp.c - small fix for SDK Update
  • rc: services: adjust function start_dnsmasq() and check wireless bridge after stop_dnsmasq(); fix for: in wireless ethernet bridge mode, router time not working anymore
  • rc: qos.c: fix typo in DEV name
  • rc: qos.c: fix illegal match, no SELECTOR like ipv6
  • rc: wan.c - adjust function config_pppd() and start/add IPv6 only for "wan" (no IPv6 multiwan support)

Tomato

Versienummer 2020.8
Releasestatus Final
Website FreshTomato
Download https://freshtomato.org/downloads
Licentietype GPL

Door Bart van Klaveren

Downloads en Best Buy Guide

Feedback • 20-12-2020 19:19
12 • submitter: Indir

20-12-2020 • 19:19

12 Linkedin

Submitter: Indir

Bron: FreshTomato

Update-historie

Meer historie

Lees meer

Tomato

geen prijs bekend

Score: 5

System en netwerk utilities

Reacties (12)

-Moderatie-faq
-112012+15+20+30Ongemodereerd7
Wijzig sortering
+1bartje
20 december 2020 19:29
Ik gebruik sinds en paar maanden openWRT. Maar ik ben er nog niet uit of deze wel het meest geschikt is voor mijn doel. Zijn er tips over wanneer fresh tomato. Of ddwrt of openWrt te gebruiken?
Reageer
+1BAJansen
@bartje20 december 2020 19:39
Zeer afhankelijk van het apparaat. OpenWRT is als besturingssysteem het meest compleet en heeft veruit mijn voorkeur. Sommige wifichipsets worden echter niet goed ondersteund door OpenWRT, waardoor ik voor sommige apparaten toch voor Freshtomato kies.
Reageer
+1EverLast2002
@bartje20 december 2020 21:43
- Wat is je doel precies?
- Op welke hardware draai je dit?
Reageer
+1Snake
21 december 2020 01:53
Is de DUID bug opgelost? Dat veranderde bij iedere reboot, dus dan kreeg ik een nieuw IPv6 prefix.
Reageer
+1savale
24 december 2020 12:20
Draait hier vlekkeloos op een r7000. Hier staat trouwens openwrt ook op 1, maar openwrt met wifi wordt niet ondersteund voor de r7000. Freshtomato draait ook nog op echt oude beestjes. Heb hier zelfs nog een e2000 in gebruik die ik puur gebruik als 5 poorts gigabit switch. Werkt perfect!
Reageer
0beantherio
29 december 2020 19:48
Na de update op mijn R7000 was de device list ineens blanco. Iemand die dit ook heeft (gehad) en weet hoe je dat oplost?

Voorlopig maar weer even 2020.8 teruggezet.
Reageer
0EverLast2002
@beantherio30 december 2020 12:48
"Voorlopig maar weer even 2020.8 teruggezet."
- ??
Bedoel je 2020.7 ?
Reageer
0beantherio
@EverLast200230 december 2020 13:10
Foutje inderdaad. Ik bedoelde 2020.6 (2020.7 bestaat niet voor de R7000).
Reageer
0Indir

@beantherio12 januari 2021 15:19
Flash 2020.8 nogmaals en kijk daarna of er enige verandering is, misschien was de download corrupt?

[Reactie gewijzigd door Indir op 12 januari 2021 15:20]

Reageer
0beantherio
@Indir19 januari 2021 20:12
Ik heb een poging gewaagd (compleet opnieuw gedownload op een andere locatie) maar helaas: hetzelfde resultaat. Ik denk dat het een bug is want ik merk verder niets van ander raar gedrag.

EDIT: ik ben ineens wat wijzer geworden. Normaal gesproken benader ik de admin van mijn router via Firefox (waar ik dus een lege devicelist heb) maar bij het openen ervan in Chrome krijg ik wel netjes mijn devices te zien. Het lijkt een interfacedingetje te zijn dat niet helemaal compatible is met Firefox.

[Reactie gewijzigd door beantherio op 19 januari 2021 20:27]

Reageer
0Indir

@beantherio19 januari 2021 20:54
Even voor alle duidelijkheid, we hebben het over "Status > Device List"? Hier heb ik met Firefox 83.0 geen enkele probleem namelijk.

[Reactie gewijzigd door Indir op 19 januari 2021 20:55]

Reageer
0beantherio
@Indir19 januari 2021 22:10
"Status > Device List" inderdaad maar dan met Firefox 84.0.2 (64 bits). En het gaat dus om de R7000.

Met 2020.6 werkte het wel dus ik denk dat het toch wel aan deze release van FreshTomato ligt. Evengoed zie ik in de release notes niet direct iets staan waar dit mee in relatie te brengen is.
Reageer


Om te kunnen reageren moet je ingelogd zijn

Apple iPhone 12 Microsoft Xbox Series X LG CX Google Pixel 5 Sony XH90 / XH92 Samsung Galaxy S21 5G Sony PlayStation 5 Nintendo Switch Lite

Tweakers vormt samen met Hardware Info, AutoTrack, Gaspedaal.nl, Nationale Vacaturebank, Intermediair en Independer DPG Online Services B.V.
Alle rechten voorbehouden © 1998 - 2021 Hosting door True