Fresh Tomato - Web Admin - Wireless Access

[Miti]

I've been using an older version of Tomato on my oldie Linksys WRT54GL and everything was OK until last year when it started dropping the WiFi. The connection was there but I wouldn't get any data. The solution was to reboot the router.
Thinking that it may be a SW issue, I don't know why I think that, I decided to upgrade and I installed "FreshTomato Firmware 2020.1 MIPSR1 K26 Mini". All good, the Wifi seems OK now, surprisingly, but I can't disable the wireless admin access, I want to allow only wired access.
There is a check-box in the Administration>Admin Access>Web Admin > Allow Wireless Access but if I uncheck that box, I still get access from a wireless connected laptop.
Do you have any experience with Tomato and what can I do to disable that?

Thanks,
Miti

[retiredcaps]

There is a check-box in the Administration>Admin Access>Web Admin > Allow Wireless Access but if I uncheck that box, I still get access from a wireless connected laptop.

I have only tried Fresh Tomato a couple of times so I'm not an expert, but did you try rebooting the router after making the change?  Try clearing your browser cache?

Currently, I run dd-wrt on my Cisco/Linksys router, but my first choice would be openwrt.  Unfortunately, all the free Cisco/Linksys routers that I get don't have open source broadcom 802.11n support so I have to use dd-wrt.  Nothing wrong with dd-wrt, but I prefer openwrt.

[Miti]

I have only tried Fresh Tomato a couple of times so I'm not an expert, but did you try rebooting the router after making the change?  Try clearing your browser cache?

I did soft and hard reboot multiple times, cleared cache, nope...still there.

[retiredcaps]

I installed "FreshTomato Firmware 2020.1 MIPSR1 K26 Mini".

Try the latest and greatest code

https://freshtomato.org/downloads/freshtomato-mips/2020/2020.3/K26/freshtomato-K26_RT-MIPSR1-2020.3-Mini.zip

It's version 3 instead of 1.

I suggest you erase your current config, start fresh, test the wireless access first and if that works, continue configuring your router.

[retiredcaps]

Changelog for version 2 says

https://tweakers.net/downloads/51156/freshtomato-20202.html

"GUI: Fix Issue #15 to allow configuring remote access in router mode"

---

Maybe this is related to your wireless access?

[Miti]

What if I save the configuration and I reload it into the new install? Would that work. I worked half day today to configure it. I have lots of cr..  stuff.

[james_s]

I've used Tomato for many years and more recently moved to FreshTomato. I haven't noticed this particular bug but I've never felt need to disable wireless access either, I figure once someone has gotten onto my wireless then they're already inside my network.

I did set it up so the VLAN that my guest network is on can't access the router config but now I don't remember how I did it, I think it was some custom routing.

[Miti]

I've used Tomato for many years and more recently moved to FreshTomato. I haven't noticed this particular bug but I've never felt need to disable wireless access either, I figure once someone has gotten onto my wireless then they're already inside my network.

Yes, you are right but it would give me an extra (fake) sense of security. I enabled WPA2, disabled SSID broadcasting, created a MAC filter, disabled remote access, etc., but I understand none of these are stopping a determined hacker. Not that I would be a worthy target.

I did set it up so the VLAN that my guest network is on can't access the router config but now I don't remember how I did it, I think it was some custom routing.

That’s a line in the Admin>Scripts>Firewall, I did that as well.

[james_s]

Seems like you might be better off just disabling WiFi entirely and using a wire if you are that paranoid.

[retiredcaps]

What if I save the configuration and I reload it into the new install? Would that work.

Well, you can do the above and retest.

When troubleshooting, I like to simplify as much as possible.  With a fresh config, I know there isn't likely a corrupt stored/saved setting.

[retiredcaps]

Yes, you are right but it would give me an extra (fake) sense of security. I enabled WPA2, disabled SSID broadcasting, created a MAC filter, disabled remote access, etc., but I understand none of these are stopping a determined hacker.

The best you can do is to slow down or put up enough layers to deter someone.

When I do banking, I only use wired connection on my main computer.

For other things like eevblog posting, I use other computers with wifi.

PS. I recently added dnscrypt to my lubuntu setup so my dns requests are encrypted.

[cdev]

Did they update the WRT54GL firmware so it wasnt suceptible to the Krack (wifi) attack? Around a year or two ago, I stopped using mine because all the versions of firmware (openwrt, the original Tomato, Lede, dd-wrt etc) I could find at that time were all vulnerable.  Of course its been a while since then so maybe I am wrong now.

At the time I got the impression that it was being represented that it needed more memory but that was obviously bullshit because there are very compact versions of WRT54GL FW, and I wasnt using one so it would likely have been easy to make a stripped down version -but there wasnt one at that time that I could find. .

[james_s]

Did they update the WRT54GL firmware so it wasnt suceptible to the Krack (wifi) attack? Around a year or two ago, I stopped using mine because all the versions of firmware (openwrt, the original Tomato, Lede, dd-wrt etc) I could find at that time were all vulnerable.  Of course its been a while since then so maybe I am wrong now.

At the time I got the impression that it was being represented that it needed more memory but that was obviously bullshit because there are very compact versions of WRT54GL FW, and I wasnt using one so it would likely have been easy to make a stripped down version -but there wasnt one at that time that I could find. .

I doubt there has been much focus on the WRT54GL in a while, it's a very old router by now and not really powerful enough for modern broadband. I used a WRT54G running DD-WRT and later Tomato for a long time but at some point I realized I'd had 30Mb broadband for a while and the router was limiting me to around 20Mb throughput.

Now I'm in the process of upgrading to gigabit since it's only $30 more than I pay for 30Mb and there are not many consumer routers even now that can handle that kind of throughput. Not that I need that much but if it's available it's going to bother me if I can't utilize it.

[james_s]

The best you can do is to slow down or put up enough layers to deter someone.

When I do banking, I only use wired connection on my main computer.

For other things like eevblog posting, I use other computers with wifi.

PS. I recently added dnscrypt to my lubuntu setup so my dns requests are encrypted.

I have a subscription to PIA VPN, if I'm doing something where I really care about privacy I just fire up the client for that, then I don't really have to care too much about the security of the connection itself. I keep my WiFi network mundane looking and try not to give anyone a reason to single it out and try to get in. I can typically see 10-15 other networks from my house and figure I just have to not be any less secure than they are.

[Miti]

I doubt there has been much focus on the WRT54GL in a while, it's a very old router by now and not really powerful enough for modern broadband. I used a WRT54G running DD-WRT and later Tomato for a long time but at some point I realized I'd had 30Mb broadband for a while and the router was limiting me to around 20Mb throughput.

Now I'm in the process of upgrading to gigabit since it's only $30 more than I pay for 30Mb and there are not many consumer routers even now that can handle that kind of throughput. Not that I need that much but if it's available it's going to bother me if I can't utilize it.

Since there’s a new recent Tomato version for this router, or processor, I assume they fixed these high risk bugs but I can’t know for sure. I don’t know how this works but I don’t expect them to maintain a separate package for each router but rather have a master package and then a different compilation for each router. A new package, new compilation and is done. So what I’m saying is, if they fixed it in the master package, it should propagate to all the routers. I may be wrong though, there may be some drivers that are included in the compilation but not maintained at the master level. I’m a HW guy.

Anyway, it is indeed an old router but looking to buy a new one, my eyes rolled multiple times in the sockets. 300 + $? Wow, are they gold plated?  Since I have two WRTs I couldn’t find the motivation to pay that much for another one. I realize however that my bandwidth is severely limited.

So if I decide to buy a new router, what model that can run open SW and doesn’t break the bank would you recommend?

[james_s]

It depends on the throughput you need. There's nothing wrong with an old router if it's fast enough to handle the connection you have, but just make sure the router isn't the bottleneck.

I've never paid more than $40 for a router and most that I've had were much less. I've always bought them used, either at thrift stores or more recently I bought a R7000 in preparation for an upgrade to gigabit, got a EA6900 for $32 also as a backup. After accidentally bricking my main router twice in one week while updating the wrong one I decided it was prudent to have a preconfigured spare on the shelf.

[Zucca]

So if I decide to buy a new router, what model that can run open SW and doesn’t break the bank would you recommend?

If you want the cream of the cream, go with a pfSense firewall and a Mesh wifi. Do not do Firewall and Wifi on the same box.

If you want something basic but decent go for Asus RT-AC3200, but there are many choices:

https://wiki.freshtomato.org/doku.php/hardware_compatibility

[cdev]

You can use a Raspberry Pi with wifi as a router, that is actually one of the more flexible options, but be aware that some models, particularly the 3B (first RPI 3) have a very weak wifi signal and so if you have a very large house or noisy wifi environment you'may need to replace the antenna with something a bit better (which can simply be a short piece of insulated wire cut to the right length)  the Raspberry Pi 4 with its gigabit lan and Ac MIMO wifi is likely a very good wifi AP and router, if you know how to set it up properly)

[edavid]

So if I decide to buy a new router, what model that can run open SW and doesn’t break the bank would you recommend?

How about a used R7000?  Strong radios and a huge upgrade over the WRT54GL.

[retiredcaps]

Since there’s a new recent Tomato version for this router, or processor, I assume they fixed these high risk bugs but I can’t know for sure.

There is usually a change log with each new version and you can see what bugs are fixed.

[retiredcaps]

It depends on the throughput you need. There's nothing wrong with an old router if it's fast enough to handle the connection you have, but just make sure the router isn't the bottleneck.

+1. My Internet connection used to be 5Mbps.  Yes 5Mbps in Canada in the city (not rural).  So using an older free router with 802.11g was fine.

After some negotiation with the ISP and a lower price, I have now 100Mbps.  So I had to upgrade my older router to another free not so old router to run 802.11n.  I currently get around 35Mbps on a good day with wifi, but my area is congested with others around me.  That's good enough for general web browsing + using ublock origin.

When I need to download a big file, then I will use ethernet at 100Mbps.

So far all my routers have been free.  I pickup the ones that have 8MB flash and at least 32MB DRAM and that are supported by openwrt or dd-wrt.  If free is not an option, then check your local ads for routers $20 or less.

I give away all my old ones, with updated software, to people who only need 802.11g.  Just trying to keep working useful electronics out of the landfill.

[retiredcaps]

How about a used R7000?  Strong radios and a huge upgrade over the WRT54GL.

If you are referring to the Netgear 7000, see

https://openwrt.org/toh/netgear/r7000

Specifically

"Devices with Broadcom WiFi chipsets have limited OpenWrt supportability (due to limited FLOSS driver availability for Broadcom chips). Consider this when chosing a device to buy, or when deciding to flash OpenWrt on your device because it is listed as supported. See Broadcom WiFi for details. "

That's the same issue I have with my free Cisco/Linksys routers with Broadcom chipset NOT being able to run at 802.11n speeds and why I have to use dd-wrt.  Some of the Cisco/Linksys routers don't use the Broadcom chipset.

[Miti]

Thank you all for the info! I’ve seen some routers at Value Village but not knowing what they can do or even why they are there, and having very little time lately, I hesitated but one day I’ll have to do something to upgrade to dual band. My home internet is 30Mbps and up until recently when my family got Netflix, it was 30Mbps constant. Now I think they throttle me. It’s in the contract.

[edavid]

How about a used R7000?  Strong radios and a huge upgrade over the WRT54GL.

If you are referring to the Netgear 7000, see

https://openwrt.org/toh/netgear/r7000

Specifically

"Devices with Broadcom WiFi chipsets have limited OpenWrt supportability (due to limited FLOSS driver availability for Broadcom chips). Consider this when chosing a device to buy, or when deciding to flash OpenWrt on your device because it is listed as supported. See Broadcom WiFi for details. "

That's the same issue I have with my free Cisco/Linksys routers with Broadcom chipset NOT being able to run at 802.11n speeds and why I have to use dd-wrt.  Some of the Cisco/Linksys routers don't use the Broadcom chipset.

That doesn't seem to be an issue for Tomato.

https://www.bestvpn.co/blog/best-tomato-routers/

[Monkeh]

How about a used R7000?  Strong radios and a huge upgrade over the WRT54GL.

If you are referring to the Netgear 7000, see

https://openwrt.org/toh/netgear/r7000

Specifically

"Devices with Broadcom WiFi chipsets have limited OpenWrt supportability (due to limited FLOSS driver availability for Broadcom chips). Consider this when chosing a device to buy, or when deciding to flash OpenWrt on your device because it is listed as supported. See Broadcom WiFi for details. "

That's the same issue I have with my free Cisco/Linksys routers with Broadcom chipset NOT being able to run at 802.11n speeds and why I have to use dd-wrt.  Some of the Cisco/Linksys routers don't use the Broadcom chipset.

That doesn't seem to be an issue for Tomato.

https://www.bestvpn.co/blog/best-tomato-routers/

Because Tomato is using closed drivers with all the issues they bring. It's just rehashing dead old firmware to feel good.