Firmware-update: FreshTomato 2025.4

FreshTomato logo (79 pix)FreshTomato versie 2025.4 is uitgekomen. FreshTomato is van Tomato afgeleide firmware voor verschillende op Arm of MIPS gebaseerde routers van Asus, D-Link, Huawei, Linksys, Netgear, Tenda en Xiaomi. Het kan gezien worden als de voortzetting van 'Tomato by Shibby' sinds deze ontwikkelaar, Michał Rupental, zijn tijd aan andere projecten wil besteden. De FreshTomato-firmware voegt ten opzichte van de originele firmware van de fabrikant diverse extra opties toe, zoals een realtime-bandbreedtemonitor en uitgebreide instelmogelijkheden. De firmware is beschikbaar voor routers met een Arm- of MIPS-cpu.

Changes in version 2025.4
  • Warning: due to changes in the naming of some nvram variables, users of BW Limiter and tftp in dnsmasq should review their settings.
  • SDK6/SDK7/SDK714: help wireless vif mac addr issues
  • SDK6/SDK7/SDK714: fix Serial Flash Memory Init (Part 2)
  • libcurl: update to 8.16.0
  • sqlite: update to 3.50.4
  • dnsmasq: update to v2.92test21
  • iperf: update to 3.19.1
  • php: update to 8.3.26
  • nginx: update to 1.29.1
  • meson: update to 1.9.1
  • libsodium: update to latest 1.0.20-stable
  • libffi: update to 3.5.2
  • nano: update to 8.6
  • pcre2: update to 10.46
  • adminer: update to adminneo 5.1.1
  • libjpeg-turbo: update to 3.1.2
  • libxml2: update to 2.15.0
  • expat: update to 2.7.3
  • tor: update to 0.4.8.18
  • GUI: Advanced: DHCP/DNS/TFTP: add a field to enter custom configuration for stubby (close #28)
  • GUI: Correction to menu references
  • GUI: Administration: CIFS Client: fix refreshing 'Total / Free Size' (close #122)
  • GUI: Advanced: VLAN: fix link in Notes (close #81)
  • GUI: VPN: Wireguard: delete notes - point to a link to dedicated page on our wiki as help
  • GUI: VPN: Wireguard: make it more intuitive that import depends on VPN type
  • GUI: VPN: Wireguard: make Peers Parameters (used only for config generation) as a separate tab
  • build: add DLINK DIR868L with wireguard image
  • build: remove no more needed (and icomplete implemented) TCONFIG_SSH
  • build: Makefile: convert expat recipe to cmake
  • build: Makefile: tune avahi recipe
  • avahi: backport CVE fixes from upstream and use clean sources
  • bwlimit: change the names of variables to make them more similar to existing ones and easier to manage
  • dnsmasq: change the name of dnsmasq tftp variable to make it more similar to existing ones and easier to manage
  • dnsmasq: restore use of check_services() to check if dnsmasq is up (disabled in commit bb82460)
  • httpd: ddns.c: code shrink
  • httpd: httpd.c: define MAX_CONN_ACCEPT and MAX_CONN_TIMEOUT and tune them
  • httpd: httpd.c: use global int_1 variable; use proper socklen_t data type
  • httpd: httpd.c: use SO_KEEPALIVE instead of TCP_NODELAY for setsockopt()
  • httpd: httpd.c: rewrite match() function to be fully non-recursive
  • httpd: httpd.c: add syslog logout succesful message and tune failed message
  • httpd: misc.c: iterate over BRIDGE_COUNT for ether-wake
  • httpd: tomato.c: get rid of TCONFIG_MULTIWAN, use MWAN_MAX instead. Also use BRIDGE_COUNT to enumerate lan variables
  • httpd: nvram.c: use static buffer for asp_jsdefaults()
  • httpd: iperf.c: sanitize hostname more precisely (see commit bc96c20)
  • httpd: nvram.c: iterate over MWAN_MAX and BRIDGE_COUNT to get values from other wans/lans
  • httpd: misc.c: iterate over MWAN_MAX in asp_dns()
  • httpd: misc.c: iterate over MWAN_MAX in asp_wanup()
  • httpd: misc.c: iterate over MWAN_MAX in asp_link_uptime()
  • httpd: dhcp.c: iterate over MWAN_MAX in asp_dhcpc_time()
  • httpd: misc.c: iterate over MWAN_MAX in asp_wanstatus(); some code cleaning
  • httpd: comment out asp_jiffies()
  • miniupnpd: win10 & 11 workaround (help version IGD v1 in IGD v2 mode) - show forwarded ports at Windows GUI (again)
  • ntpd: use ulimit to run ntpd with high nice and limited memory to eliminate denial of service attack (close #37)
  • OpenVPN Client: add Routing Policy Prioritization
  • OpenVPN: handle dnsmasq ipset file correctly
  • openssl: backport fix for OpenSSL 3.0.17 regression
  • rc: wireguard.c: fix script execution after using replace_in_file()
  • rc: get rid of TCONFIG_MULTIWAN, iterate over MWAN_MAX instead; part 3
  • rc: use only one anon enum policy definition for both OpenVPN and Wireguard
  • rc: openvpn.c: update CTF bypass
  • rc: firewall.c: use buffer for wanX name - reduce code size
  • rc: dhcp.c: code shrink
  • rc: network.c: fix two typos (close #121)
  • rc: move dnsmasq stuff to outer file
  • rc/shared: introduce and use gen_urandom() function
  • rc: firewall.c: iterate over BRIDGE_COUNT in filter6_input(void)
  • rc: firewall.c: move run_pptpd_firewall_script() to the front
  • rc: introduce and use restart_firewall() function. Move restart_firewall() to the end in exec_service()
  • rc: openvpn.c: iterate over BRIDGE_COUNT for br_ipaddr/br_netmask
  • rc: network.c: iterate over BRIDGE_COUNT for /etc/hosts
  • rc: network.c: iterate over BRIDGE_COUNT and MWAN_MAX in do_static_routes()
  • rc: dhcp.c: iterate over BRIDGE_COUNT in start_dhcp6c()
  • rc: dhcp.c: update start_dhcp6c() for BRIDGE_COUNT values > 4 (up to 32)
  • rc: roamast.c: add check for upper threshold (new --> 25000 Kbps) idle rate roaming assistent
  • rc: dnsmasq.c: use SIGHUP instead of mistakenly used SIGINT in reload_dnsmasq()
  • rc: openvpn.c: simplify write_ovpn_resolv() function
  • rc: pptp_client.c: simplify write_pptpc_resolv() function
  • rc: protect firewall scripts with simple_lock()/simple_unlock(), do the same for vpnrouting.sh
  • rom: update CA bundle to 2025-08-12
  • shared: strings.c: update trimstr() function
  • shared: defaults.c: get rid of TCONFIG_MULTIWAN, use MWAN_MAX instead. Also use BRIDGE_COUNT to enumerate lan variables
  • tomato.css - improved to print and printscreen in dark-mode
  • Wireguard: handle dnsmasq ipset file correctly
  • Wireguard: add Routing Policy Prioritization in PBR mode
  • wireguard/OpenVPN: do not delete PBR table when using the client in non-PRB mode - just hide it and don't add Kill Switch rules to iptables
  • wireguard: fix crash with CTF enabled
  • www: use global C variable definitions required by javascript, instead of locally defined ones
  • www: admin-tomatoanon.asp: add a note
  • Revert "www: vpn-client.asp: only add routing value in Routing Policy mode, otherwise remove all data from the routing table"
  • Revert "www: vpn-wireguard.asp: only add routing value in 'External' and Routing Policy mode, otherwise remove all data from the routing table"
  • Revert "www: vpn-wireguard.asp: clean routing policy if not in 'External' mode"
  • www: vpn-wireguard.asp: do not restart service if only the 'Enable On Start' option was changed
  • www: vpn-client.asp: do not restart client if only the 'Enable On Start' option was changed
  • www: vpn-server.asp: do not restart server if only the 'Enable On Start' option was changed
  • www: fix compilation (navi) without PPTPD
  • www: vpn-client.asp: check if we need to restart firewall in special cases even if client is down; clean-up
  • www: vpn-wireguard.asp: check if we need to restart firewall in special cases even if 'client' is down
  • www: advanced-dhcpdns.asp: Adjust String.trim() usage
  • www: ipt-[daily|monthly].asp: iterate over MAX_BRIDGE_ID in redraw()
  • www: qos-graphs.asp: iterate over MAXWAN_NUM to get irates/orates; also small changes in httpd/ctnf.c (asp_qrate) to get an array
  • www: rename isup.jsz to isup.jsx to protect its content by http_id
  • switch4g: fix kernel module load order (and don't change it in the future...)
  • switch4g: slightly improve the conditions when checking the interface/IP
  • Buffalo WZR-1750DHP: improve support (add SPI suppport, fix VLAN support, fix wl hardware order, adjust linux MTD, remove hardcoded limits for board_ns (working correct))
  • Buffalo WZR-1750DHP: bring router back to life :-) (reduce NVRAM space to 32 KByte for now!)
  • Tenda AC15: adjust command (use 0x9F only) for reading manufacturer/ memory / density for SPI flash

Tomato

Versienummer 2025.4
Releasestatus Final
Website FreshTomato
Download https://freshtomato.org/downloads/
Licentietype GPL

Door Bart van Klaveren

Downloads en Best Buy Guide

08-10-2025 • 18:25

3

Submitter: Epolietje

Bron: FreshTomato

Reacties (3)

Sorteer op:

Weergave:

Allereerst heeft het Fresh Tomato project (als ik het zo mag noemen) ervoor gezorgd dat ik mijn 2 al wat oudere ASUS routers met mijn glasvezellabo's kan gaan gebruiken (VLAN ondersteuning) en het dus (voorlopig) geen e-waste wordt. Ten tweede kan ik de door de provider geleverde (en slecht te configureren) router in de kast stof laten verzamelen, en ik kan m'n eigen firewall rules instellen. Stukken prettiger dan die voorgekookte zooi van de provider-router. Mijn advies is dan ook, indien er voor je router Fresh Tomato firmware beschikbaar is, overweeg dan dat de gebruiken. Ik heb Internet-only abo's dus geen TV en IP-Telefonie.
Same. Toen ik twee jaar overstapte op gigabit glasvezelinternet, kwam ik erachter dat mijn bestaande NetGear R7000 router bleef hangen op slechts 200 Mbit/sec maximaal. De CPU in dat ding is simpelweg niet snel genoeg om een volle gigabit aan netwerkverkeer in real-time te kunnen monitoren en aansturen. Na wat onderzoek kwam ik op FreshTomato uit en dankzij de Cut-Through Forwarding feature, wat in wezen de CPU omzeilt en netwerkdata rechtstreeks door de chipset laat gaan, haal ik nu met gemak de volle gigabit snelheid. Ik verlies dan weliswaar QoS en bandwidth throttling maar daar maak ik toch geen gebruik van, en ik behoud de volledige controle over mijn thuisnetwerk met de apparatuur die ik al had, in plaats van overgeleverd te zijn aan de afgesloten meuk die je van een provider krijgt.
dankzij de Cut-Through Forwarding feature
Dank voor het noemen van deze feature, was de naam ervan kwijt.


Om te kunnen reageren moet je ingelogd zijn