I was wondering why my project had a sudden spike of stars on github. Looks like this was it. Hi, I'm the creator of Tomato64. Feel free to ask me anything and I'll watch this space. Discussion and collaboration for the project takes place at https://www.linksysinfo.org/index.php?forums/tomato-firmware...
I'll also mention I'm currently working on a port of Tomato64 to the gl.inet flint2 (gl-mt6000). Something I haven't announced anywhere yet, though if you've checked out my repo you'll see it there.
This makes sense. Years ago I used OpenWRT as a lightweight "network utility" VM in a number of Customer sites. The UI was comprehensible to the in-house IT staff (i.e. it didn't "look like Linux") and there's a ton of functionality. I could definitely see it being useful on bare metal devices.
I did the same for a virtual lab for experimenting. OpenWRT ran as the router VM with two network interfaces and the rest of the instances connected to a VirtualBox internal network that was configured as its LAN side.
I really like Tomato's UI, it's very intuitive. Especially how easy it is to create virtual SSIDs and isolate them on their own VLAN. It's two clicks. It will create the bridge and the VLAN and the DNS for you. Comparatively, in LuCI you have to do all those steps separately in different pages and somehow know how to make it all work.
I use Tomato on my AP (my old router). I eventually picked up a used Sophos device and installed Opnsense mainly to play around with it. Opnsense/pfsense definitely have a learning curve whereas Tomato was super easy to setup.
My one gripe with Tomato is, unless I missed something, upgrading your firmware is kind of a pain. You have to go out to the website, find the image for the latest version for your specific model of router, download it and then go into the UI and flash it. They even suggest wiping NVRAM which clears all your settings (I never bothered with that and it worked fine for me). It would be nice if they just had a "click here to update" button, especially since keeping your firewall/router up to date is pretty important for security.
Having used Tomato, DD-WRT and currently OpenWRT/LuCI I rank Tomato with having the best UI. DD-WRT a distant second and OpenWRT/LuCI much further down the list.
Is WiFi security open by default in Tomato still? Several years ago I had Tomato in one of my routers with WiFi disabled, it reset itself one day and since WiFi security was open by default anyone could have got into my network; Thankfully I had the antennas removed that time so I assume no one did.
Could be a bug in Tomato or nvram issue within router although I didn't have this issue with other firmware.
I've been enjoying FreshTomato on my home router for a number of years now.
Sometimes, though, there are network environments I'd like to implement which are difficult to configure through the webUI, but which would be relatively trivial from a Linux CLI. For example, I'd like to create an ESSID which is bridged to a tagged VLAN, but on which the router has no layer3 presence. Or, maybe I'd like to setup a wireguard link, but only send selective traffic down it using firewall marks and policy routing.
What I'd really like is a way to use the webUI to setup my initial base configuration, and then flip a switch to turn off the webUI, and implement further changes myself by editing configuration files on the device and calling out to shell scripts when needed to run "ip" and "brctl" commands.
Does anyone know if such a thing is possible with FreshTomato, OpenWRT, or something similar? Am I just thinking about this wrong?
It has been many years since I've run any version of Tomato on anything, so I won't guess about the present state of that.
But I think I can answer your question.
These days, at least at home, I run OpenWRT on a Pi 4 (because it was cheap at the time).
I use its web interface for the usual mundane poking and prodding.
And when I want something special, I just add a simple startup script like I would have done on any other Linux box back when init systems were plain and dumb.
This same thing should also work on any other OpenWRT installation that has a writeable filesystem (instead of, eg, SquashFS).
And no, I don't think you are thinking of this wrong as a concept. It's a home network and not enterprise, and at the end of the day these things are all just Linux machines with a nice GUI. I think it is totally cromulent to mold them to your will.
Having used both at home, Tomato is much easier for doing standard home WiFi things. You can change wireless power levels, setup guest networks, etc easily within the UI.
Pfsense/opensense is easier when you have complicated routing needs, like multiple vlans with various split tunnels, etc.
It’s not 100% accurate, but imo if you want a short-hand you could say tomato is WiFi focused with routing support, and opensense is routing focused with WiFi support.
It’s first and foremost a WiFi router OS and it’s aimed at home users. PfSense is very much a “big guns” solution and is typically not installed directly on WiFi routers, rather it is the gateway that everything runs through.
It's pretty great for home router/wifi usage or SOHO... not as advanced/flexible as pfsense/opnsense though. I miss Tomato a lot myself, but switched to separate router/ap a few years ago, and haven't had a device that could run tomato in close to a decade now.
what is the rationale behind this effort? are wifi-ap's moving towards x86?
ime a usb wifi stick in a desktop computer will work as wifi-ap, but is somewhat janky because of the metal case (which is needed because em-interference from bus-clocks) and the wifi hardware having suboptimal provisions for ap-mode.
UPDATE:
"because we can" (was a stupid question)
no hard feelings; last used tomato ~20y ago on a wrt54gl
Tomato is just a Linux-ey system that routes packets and which features an approachable GUI, and an access point is just a system that bridges wireless networks to wired networks.
These functions are normally wrapped up in one box in the consumer space, but they're still very different functions.
And maybe I'm not doing it right, but I myself haven't used a combined router+wireless box in a fair number of years at home or at the shop.
I keep the wired networking+routing back end in one spot where it makes sense, and I keep the wireless access points where they make sense to provide good coverage where I need it.
My router just routes, and my wireless access points just provide wireless access.
---
So to answer your first question directly: This system lets people use the friendly Tomato system on any old (or new, or whatever) x86 hardware they have. It brings it out of the world of hacks[0] on cheap low-performance embedded Wal-Mart routers and lets a person use it for routing on a much more performant machine.
[0]: Not that those things aren't fun. I still have the first standalone router I ever bought -- a Linksys WRT54GS, with Tomato installed, and with an SD card hacked in using a card-edge connector from an old floppy drive cable for expanded storage.
I've been using DD-WRT x86 for a few years, so it's very similar to what Tomato x86 is doing. When I upgraded to 1gbit internet, my old high-end Netgear router that I paid hundreds of dollars for couldn't keep up. And I knew 2Gbit internet was coming, and now they're offering up to 7gbit fiber speeds.
New routers with faster CPUs to keep up with the increasing bandwidths are costing about $700. No way am I spending that kind of cash for a router, even if it has the latest Wifi.
Instead I bought a cheap $50 Dell from ebay with a quad-core i5 CPU, I installed DD-WRT x86 on it, I put in a cheap 4 x 1gbit ethernet card, and I bought a cheap refurb Wifi 6e router and use that only for the wireless functions. All-in it's about $200. Now I can keep the same main x86 router hardware and I can keep upgrading my internet speeds as well as upgrade the wifi externally whenever I find it necessary (and I can find a cheap wifi radio).
The DD-WRT maintainers were also very helpful (and in a timely way) when I requested they add a 2.5gbit NIC to the DD-WRT drivers, so now I have upgraded to a 2.5gbit network. And if I want to put in a 10gbit NIC someday, maybe they'll help out again. I know, I should move to something "more modern" than DD-WRT, but it suits my needs well for now, and someday I'll probably be moving to a different x86 based router software should DD-WRT not be able to keep up with my needs.
Use case would normally be a small form factor x86_64 machine which can be price competitive with high end AP hardware and you don't have to play the game of finding compatible hardware (squatting in the aisle in a walmart looking at the hardware revisions of all of the APs they have in stock finding out that they have the AP you were looking for but the hardware revision was incompatible)
Being able to buy a "normal" computer and install tomato on it is a more attractive prospect for a lot of reasons.
It's quite expensive to get a 10GBe-capable home router and switch, but this now allows you to use any old x86 PC and a 10GBe networking card to create one of your own. That's what I'm going to try.
it's a nice exercise but the power and space requirements in relation to the performance will generally not be favorable unless you are severely constrained in up-front budget
Those were hard times when flashing these firmwares (Tomato/DD-WRT) on hardware like Buffalo routers with the extremely limited hardware resources they had, around 2010.
I love my Mikrotik devices so much that I'll never look back.
Currently running OpnSense on an N100 MiniPC... while this wouldn't meet my needs, I know a lot of people it would work for in a SOHO / Forbidden Router configuration on a MiniPC.
I was wondering why my project had a sudden spike of stars on github. Looks like this was it. Hi, I'm the creator of Tomato64. Feel free to ask me anything and I'll watch this space. Discussion and collaboration for the project takes place at https://www.linksysinfo.org/index.php?forums/tomato-firmware...
I'll also mention I'm currently working on a port of Tomato64 to the gl.inet flint2 (gl-mt6000). Something I haven't announced anywhere yet, though if you've checked out my repo you'll see it there.
This makes sense. Years ago I used OpenWRT as a lightweight "network utility" VM in a number of Customer sites. The UI was comprehensible to the in-house IT staff (i.e. it didn't "look like Linux") and there's a ton of functionality. I could definitely see it being useful on bare metal devices.
I did the same for a virtual lab for experimenting. OpenWRT ran as the router VM with two network interfaces and the rest of the instances connected to a VirtualBox internal network that was configured as its LAN side.
I really like Tomato's UI, it's very intuitive. Especially how easy it is to create virtual SSIDs and isolate them on their own VLAN. It's two clicks. It will create the bridge and the VLAN and the DNS for you. Comparatively, in LuCI you have to do all those steps separately in different pages and somehow know how to make it all work.
I use Tomato on my AP (my old router). I eventually picked up a used Sophos device and installed Opnsense mainly to play around with it. Opnsense/pfsense definitely have a learning curve whereas Tomato was super easy to setup.
My one gripe with Tomato is, unless I missed something, upgrading your firmware is kind of a pain. You have to go out to the website, find the image for the latest version for your specific model of router, download it and then go into the UI and flash it. They even suggest wiping NVRAM which clears all your settings (I never bothered with that and it worked fine for me). It would be nice if they just had a "click here to update" button, especially since keeping your firewall/router up to date is pretty important for security.
Having used Tomato, DD-WRT and currently OpenWRT/LuCI I rank Tomato with having the best UI. DD-WRT a distant second and OpenWRT/LuCI much further down the list.
Is WiFi security open by default in Tomato still? Several years ago I had Tomato in one of my routers with WiFi disabled, it reset itself one day and since WiFi security was open by default anyone could have got into my network; Thankfully I had the antennas removed that time so I assume no one did.
Could be a bug in Tomato or nvram issue within router although I didn't have this issue with other firmware.
I've been enjoying FreshTomato on my home router for a number of years now.
Sometimes, though, there are network environments I'd like to implement which are difficult to configure through the webUI, but which would be relatively trivial from a Linux CLI. For example, I'd like to create an ESSID which is bridged to a tagged VLAN, but on which the router has no layer3 presence. Or, maybe I'd like to setup a wireguard link, but only send selective traffic down it using firewall marks and policy routing.
What I'd really like is a way to use the webUI to setup my initial base configuration, and then flip a switch to turn off the webUI, and implement further changes myself by editing configuration files on the device and calling out to shell scripts when needed to run "ip" and "brctl" commands.
Does anyone know if such a thing is possible with FreshTomato, OpenWRT, or something similar? Am I just thinking about this wrong?
OpenWRT exposes a bunch of system / scripting functions through the web UI as well.
You can access crontab, /etc/rc.local, init scripts, and add custom paths to be included in openwrt managed backups and restores.
It's reasonably flexible in enabling power users, rather than working against you.
I think in OpenWRT you can disable uhttpd in the Startup tab to prevent the Web UI from running.
Better do it from elsewhere than the web ui.
It ensures you don't get locked out.
It has been many years since I've run any version of Tomato on anything, so I won't guess about the present state of that.
But I think I can answer your question.
These days, at least at home, I run OpenWRT on a Pi 4 (because it was cheap at the time).
I use its web interface for the usual mundane poking and prodding.
And when I want something special, I just add a simple startup script like I would have done on any other Linux box back when init systems were plain and dumb.
This same thing should also work on any other OpenWRT installation that has a writeable filesystem (instead of, eg, SquashFS).
And no, I don't think you are thinking of this wrong as a concept. It's a home network and not enterprise, and at the end of the day these things are all just Linux machines with a nice GUI. I think it is totally cromulent to mold them to your will.
How is Tomato compared to the typical x86 choices PfSense or Opnsense?
Having used both at home, Tomato is much easier for doing standard home WiFi things. You can change wireless power levels, setup guest networks, etc easily within the UI.
Pfsense/opensense is easier when you have complicated routing needs, like multiple vlans with various split tunnels, etc.
It’s not 100% accurate, but imo if you want a short-hand you could say tomato is WiFi focused with routing support, and opensense is routing focused with WiFi support.
It’s first and foremost a WiFi router OS and it’s aimed at home users. PfSense is very much a “big guns” solution and is typically not installed directly on WiFi routers, rather it is the gateway that everything runs through.
It's pretty great for home router/wifi usage or SOHO... not as advanced/flexible as pfsense/opnsense though. I miss Tomato a lot myself, but switched to separate router/ap a few years ago, and haven't had a device that could run tomato in close to a decade now.
I failed to find on the website (or understand from the docs) which devices this would be compatible with.
Is it that common for consumer routers to run x86_64 processors nowadays? Or is this meant to be run from a normal PC?
what is the rationale behind this effort? are wifi-ap's moving towards x86?
ime a usb wifi stick in a desktop computer will work as wifi-ap, but is somewhat janky because of the metal case (which is needed because em-interference from bus-clocks) and the wifi hardware having suboptimal provisions for ap-mode.
UPDATE:
"because we can" (was a stupid question)
no hard feelings; last used tomato ~20y ago on a wrt54gl
Tomato is just a Linux-ey system that routes packets and which features an approachable GUI, and an access point is just a system that bridges wireless networks to wired networks.
These functions are normally wrapped up in one box in the consumer space, but they're still very different functions.
And maybe I'm not doing it right, but I myself haven't used a combined router+wireless box in a fair number of years at home or at the shop.
I keep the wired networking+routing back end in one spot where it makes sense, and I keep the wireless access points where they make sense to provide good coverage where I need it.
My router just routes, and my wireless access points just provide wireless access.
---
So to answer your first question directly: This system lets people use the friendly Tomato system on any old (or new, or whatever) x86 hardware they have. It brings it out of the world of hacks[0] on cheap low-performance embedded Wal-Mart routers and lets a person use it for routing on a much more performant machine.
[0]: Not that those things aren't fun. I still have the first standalone router I ever bought -- a Linksys WRT54GS, with Tomato installed, and with an SD card hacked in using a card-edge connector from an old floppy drive cable for expanded storage.
I've been using DD-WRT x86 for a few years, so it's very similar to what Tomato x86 is doing. When I upgraded to 1gbit internet, my old high-end Netgear router that I paid hundreds of dollars for couldn't keep up. And I knew 2Gbit internet was coming, and now they're offering up to 7gbit fiber speeds.
New routers with faster CPUs to keep up with the increasing bandwidths are costing about $700. No way am I spending that kind of cash for a router, even if it has the latest Wifi.
Instead I bought a cheap $50 Dell from ebay with a quad-core i5 CPU, I installed DD-WRT x86 on it, I put in a cheap 4 x 1gbit ethernet card, and I bought a cheap refurb Wifi 6e router and use that only for the wireless functions. All-in it's about $200. Now I can keep the same main x86 router hardware and I can keep upgrading my internet speeds as well as upgrade the wifi externally whenever I find it necessary (and I can find a cheap wifi radio).
The DD-WRT maintainers were also very helpful (and in a timely way) when I requested they add a 2.5gbit NIC to the DD-WRT drivers, so now I have upgraded to a 2.5gbit network. And if I want to put in a 10gbit NIC someday, maybe they'll help out again. I know, I should move to something "more modern" than DD-WRT, but it suits my needs well for now, and someday I'll probably be moving to a different x86 based router software should DD-WRT not be able to keep up with my needs.
Use case would normally be a small form factor x86_64 machine which can be price competitive with high end AP hardware and you don't have to play the game of finding compatible hardware (squatting in the aisle in a walmart looking at the hardware revisions of all of the APs they have in stock finding out that they have the AP you were looking for but the hardware revision was incompatible)
Being able to buy a "normal" computer and install tomato on it is a more attractive prospect for a lot of reasons.
It's quite expensive to get a 10GBe-capable home router and switch, but this now allows you to use any old x86 PC and a 10GBe networking card to create one of your own. That's what I'm going to try.
10gig software switch is easy, 10gig software router medium, 10gig software dpi challange
it's a nice exercise but the power and space requirements in relation to the performance will generally not be favorable unless you are severely constrained in up-front budget
Those were hard times when flashing these firmwares (Tomato/DD-WRT) on hardware like Buffalo routers with the extremely limited hardware resources they had, around 2010.
I love my Mikrotik devices so much that I'll never look back.
I haven’t used it in ages, but I still have my WHR-HP-G54. I’m pretty sure some version of Tomato is on it.
Currently running OpnSense on an N100 MiniPC... while this wouldn't meet my needs, I know a lot of people it would work for in a SOHO / Forbidden Router configuration on a MiniPC.
This is pretty nice. Sometimes I wish Tomato was as popular as OpenWRT in the SBC space.
Is it realistic to get 10gbits networking?
Not really. Broadcom is generally best avoided.
I'd look at openwrt and opnsense tables of supported hardware for 2.5/5/10gbps.
Tomato ain't got nothin on OpenWRT!
[dead]
[dead]