Installing FreshTomato

Basic Concepts

What is Firmware and what do all those Terms Mean?

What's “flashing firmware” Anyway?

In short, flashing is installing new firmware. On a device like a router, firmware is most of the basic programming code which runs most of the major functions on the device. This is similar to the installed operating system and programs on a PC. Similar to a PC, firmware updates are released to fix bugs, add new features, and increase security. The device can usually run without updates in a fairly stable way. However, you should understand the risks this may involve for your network.

Firmware is “firm” because we don't apply changes or updates nearly so often. It's a bigger event to flash firmware than it is to to update software. This is because the Flash RAM memory which stores router firmware isn't designed to be written to frequently. As well, more things can go wrong during firmware flashing.

Why Flash Firmware?

Flashing firmware is usually done to fix bugs, improve stability or add new features to the device. In the case of FreshTomato, the firmware often adds all of the above when compared with the vendor's “stock” (original) firmware.

What's Non-volatile Memory?

On routers, firmware is stored in a type of non-volatile memory called Flash RAM. The contents of non-volatile memory such as Flash RAM remain after reboots or when the device is turned off. If they were erased, the device would not function. On routers, firmware is replaced or updated by uploading the entire image of the operating system installation and its programs to an EEPROM (electrically erasable and writable) chip.

Again, this is vaguely similar to reformatting and reinstalling the entire operating system on a PC. However, during the firmware flashing process, files are not copied one at a time onto a filesystem. Instead, one single image file of the entire installation is copied to Flash RAM, a small portion at a time. This is similar to using a drive imaging program such as Acronis TrueImage for Windows, or Time Machine for the Macintosh.

What's an Image?

We refer to the files used to flash FreshTomato as “image” files, because they are mirror images of the entire installation of the operating system programs. The flashing simply copies the entire image file to the router's Flash RAM.

What's a Build?

A build is one compilation of firmware.

Each build is:

Based on a certain FreshTomato release (e.g. 2021.7)
Intended for a certain hardware (e.g. Asus RT-AC68P)
Includes a certain set of features (e.g. “AIO” or “All-In-One” build or a MiniIPV6 build)

The features included depend on the router's hardware and on which build/version is flashed. See the Feature matrix page for details on which features are included in each build).

How do I Choose which Firmware Build to Use?

Make sure to carefully choose a FreshTomato build appropriate for your hardware model. Choosing the wrong build/version could brick your router if it's not appropriate for your hardware. (See bricking section below).

For help choosing an appropriate build for your hardware, see the Hardware compatibility wiki page. For more guidance on how to choose a build, see the How Do I Choose a Build? section on the page. If you're still unsure after you've read both those pages, we recommend you ask for advice on the Tomato forum.

When choosing a build, you need to note:

The router/AP model
The hardware's revision/version number
The amount of Flash RAM in your hardware
The feature set you want, that will fit in that amount of Flash RAM.

Some router models have two or more hardware versions. Some of these may contain different chipsets than others. Flashing the firmware to the “same” model hardware, but wrong hardware version could brick your hardware.

For some models, Flash RAM is limited, so it’s also important you choose a build that takes up less storage space than is available. Otherwise, you could run out of Flash RAM and your hardware could be bricked.

What's "Bricking" the Router? Why is that a Bad Thing?

“Bricking” mean making your router completely non-functional after a failed flash. It's called bricking because the hardware would then only be useful as a brick, but not as a router. In this condition, It sometimes can't be fixed without electronics or soldering knowledge.

Here are some rules for successful firmware flashing:

Never interrupt a firmware flash until it's completely finished. Be patient.
Never turn off the router/device while the update is being flashed.
Never reboot your PC until a flash has completed.
Never disconnect the network connection with the router until
the flash is completed.
Never cancel/pause/stop the software on the PC you're using
to do the firmware update.

Doing any of the these can result in a partial update. This may leave the firmware corrupted, which can damage how the device works or even “brick it”, making it useless. See the “Can I Recover from a Bad Flash?” section below to learn more about unbricking your router.

Can I Recover from a Bad Firmware Flash?

Yes, quite often, but not always. This depends on factors, including:

What went wrong
At what stage in the flashing process it went wrong, and sometimes even;
Which brand of hardware you tried to flash.

Once you're sure the router won't boot/work properly, follow these steps, in order:

At least twice, follow the steps to hardware reset your router to factory defaults.
This usually involves a physical reset button on the case.
Sometimes, incorrect settings can be “sticky” in NVRAM
from previous firmware and need resetting for the router to work properly.
On Netgear hardware, try using the third-party nmrpflash utility program.
This unbrick program has saved many Netgear routers from the garbage.
https://github.com/jclehner/nmrpflash
Use the Tomato forum's Search box to get advice on unbricking your model.
Often, other users know other tricks to get your model working.
If all else fails, you may want to try opening your router and checking for a
serial interface. This is usually a small group of 3-8 pins or pads on the
main circuit board to which you connect a USB–>serial interface converter.
If your router has one, check in the forum or Google for instructions.

What's NVRAM and Why Should I Erase it Before and After Flashing?

NVRAM is the part of non-volatile memory where settings and parameters are stored.

FreshTomato can sometimes retain some NVRAM variables (settings) even after you flash a new firmware image. Therefore, it's very important to erase NVRAM before flashing. Doing so ensures all variables from existing firmware are erased before flashing begins. Erasing NVRAM before flashing is an important step that should NEVER be skipped.

What's a "Dirty Flash"? Why Should I Avoid Doing One?

A “dirty flash” is one performed without thoroughly wiping NVRAM before/after flashing. It often leads to strange, unexplained symptoms, like web interface pages that don't display properly, “missing” menu items, and just generally buggy or unstable operation. No matter how tempted you are to “save time”, please don't do a dirty flash. You'll likely waste time with strange symptoms and regret it.

How Do I Flash FreshTomato to My Router? Which Method Should I Use?

There are several methods used to flash firmware on modern routers.

The method you use depends on several things:

The brand/model/revision of your hardware.
The age of your hardware.
Whether the vendor allows that hardware to be flashed
from the firmware it came with.
Which firmware you're trying to flash: stock (vendor), or FreshTomato.

Flashing Asus Hardware

For Asus hardware, several methods/tools are available for firmware flashing.

Flashing from Tomato Firmware

In general, if your (FreshTomato-supported) Asus hardware has FreshTomato or another Tomato fork installed, such as Shibby or Toastman, you can upgrade straight to FreshTomato using the Upgrade menu.

AsusWRT Web Interface Method

This flashing method is only possible for builds of release 2022.3 and later. In this example, we will flash an RT-AC68U model.

Here are the steps to follow:

Login to the router's Web interface
Under Advanced Settings, go to LAN.
Click on the “DHCP Server” tab.
Disable DHCP. Beside “Enable the DHCP Server” select No, and click Apply.

Performing this step may make your client device disconnect from the router interface

and require you to set a manual address to reconnect. Disabling DHCP server may be unnecessary.
Under Advanced Settings, go to Administration.
Click on the Firmware Upgrade tab.
Click Browse… and go select the appropriate FreshTomato image file for your router.
After selecting the appropriate image file to flash, click Upload.
You should now see a white progress indicator, with text: “Firmware is upgrading…”

Wait until the upgrade process is 100% complete. Do NOT interrupt the process.
When the upgrade completes, reboot the router by turning it off and on again.
Reset the router to defaults by pressing the Reset button on the rear for at least 3 seconds.
The router erases NVRAM and reboots again. It should now be ready configuration/use.

Notes about Flashing via AsusWRT

SDK6 MIPS & ARM Models (like the Asus RT-N18U or RT-AC68U):
Since release 2022.3, you can upgrade from AsusWRT to FreshTomato
or vice versa via the web interface.
SDK7 routers (like RT-AC3200) and SDK714 routers such as
the Asus RT-AC5300, RT-AC3100: Since release 2022.6, these models
support upgrades via the web interface.
Asus RT-AC1900U upgrades may require FreshTomato firmware for
the Asus RT-AC68U.

Asus Firmware Restoration utility Method

Asus provides a Windows program called Firmware Restoration. This tool is used to flash firmware or recover from a failed firmware flash. After you put the router in Rescue Mode, the Restoration tool finds the router's IP address and lets you flash firmware to it. Rescue Mode is a mode in which the router won't do anything except receive a firmware update.

For Asus models built in 2014 and earlier, the Firmware Restoration tool works fine. However, on most Asus models after 2014, Firmware Restoration won't let you flash third-party firmware like FreshTomato. If you try this on newer hardware, the program will simply throw an error saying it's not possible. The reasons indirectly relate to a 2015 decision made by the US FCC (Federal Communications Commission) about changes to wireless features in third-party firmware.

For details, see the section below titled: FCC Regulation Change Affecting Wireless Routers.

To flash using the Firmware Restoration utility:

Ensure you have only an Ethernet connection between your PC and router.
Disconnect all other Ethernet cables from the router-they can cause problems.
Some people have flashed via WiFi, but for maximum stability, flash only via Ethernet.
Never attempt to flash via a WAN connection. It's risky.
Download and install Asus Firmware Restoration from the website:
1. In the Support section of Asus' website, find your router/hardware model.
2. Click “Software and Utility” and specify your Windows version.
  (Windows 11 users may have to choose Windows 10 for the program).
3. Find/download the latest version of the utility.
4. Install the Firmware Restoration program.
Download the appropriate FreshTomato image file:
1. Download an appropriate FreshTomato image file for your router.
  If you've read the Basic Concepts above, see the FAQ for the file name
  convention for builds.
  See the Hardware Compatibility wiki page for help choosing
  an appropriate image file for your hardware.
  If you're still not sure after reading those, ask for help on
  the Tomato forum: Tomato Forum
2. Download the latest Asus firmware for your router so that if the
  FreshTomato flash fails, you can flash back to Asus firmware.
  
  Remember, with no working router, you might be unable to download
  firmware on your network until it's working again.
Clear the NVRAM:
1. Clear NVRAM by restoring factory defaults in the Asus interface.
  This resets settings to defaults and ensures
  there's enough memory to perform a flash. The process of clearing NVRAM
  varies, depending on your model.
  To wipe NVRAM settings within stock Asus firmware:
  1. Click on the “Administration” menu.
  2. Click on the “Restore/Save/Upload” Setting tab.
  3. Beside “Factory Default”, click the Restore button.
    
    This method may not work perfectly. If it fails, try the hardware button method below.
2. Wipe NVRAM on most current Asus models using the hardware button method:
  1. Unplug the AC adapter from the back of the router.
  2. Hold down the WPS button and reinsert the power connector.
    Continue to hold the WPS button for 30 seconds.
  3. Release the WPS button. All front LEDs should blink once
    to signal NVRAM was cleared.
    If you have trouble, check the
    user manual or the manufacturer's FAQ for your model.
Configure your PC with a static address and disable all WiFi
interfaces on your PC.
In Rescue Mode, the DHCP server is not available, so your client
will need a static IP address.
In some cases, DHCP might prevent Firmware Restoration from
completing the flash.
In some cases, DHCP prevents connection to the router after flashing,
when the DHCP server isn't yet available.
Enable Rescue Mode on the router. Typically, for Asus routers,
this is done as follows:
1. Remove the AC adapter plug from the back of the router.
2. Hold down the Reset button while plugging in the power cable
  again so the power turns on.
3. Continue to hold Reset until the Power LED starts to slowly flash
  on and off.
4. Release the Reset button.
5. Move quickly to step 7. Firmware Restoration has a timeout period.
  If flashing doesn't occur,
  you'll have to enable Rescue mode again.
Flash FreshTomato
1. Run Firmware Restoration. Click “Browse…”
2. Select the correct .trx firmware file for your router. Click “Open”.
3. Click “Upload”. Ignore any warnings that the firmware is incompatible.
  Click “OK” at the prompt.
4. The utility should begin scanning for your router device, then slowly
  uploading the firmware.
Wait until flashing is complete. The completion progress bar isn't accurate.
Flashing is complete only when the power LED comes back on.
Be patient. This portion can take up to 45 minutes.
DO NOT PANIC if the program says the upload isn't complete, or if it hangs.
Wait another 10 to 15 minutes.
When the process is complete, the router should automatically turn on and off.
1. The router should now let clients connect. Open a web browser to:
  “192.168.1.1” and net mask: “255.255.255.0”.
  You should see a login screen. Enter username: “root”, and password:
  “admin” to log on.
From within FreshTomato, clear NVRAM contents again:
1. Under Administration, click Configuration.
2. In Restore Default Configuration, choose Erase all data in NVRAM memory. Click “OK”.

At this point, the router should function properly.

Sometimes on the first boot after a flash, FreshTomato may seem buggy or weird things might happen.

In such cases:

Reboot the router once or twice more.
Clear your browser cache before putting the router in operation.
Web browsers may cache data that shouldn't be cached.
Refresh the page. Any problems caused by cached browser data
should disappear.

If problems persist, try the following:

Clear your web browser cache again.
Erase NVRAM once more.
Reboot the router at least twice more.

If the router still acts strangely at that point, you should request help on the Tomato Web forum.

TFTP Method

“Trivial File Transfer Protocol” is a small utility that transfers files between hosts on a TCP/IP network. It lets you upload firmware images to a router. There are command-line and graphical tftp client programs available. Windows includes a tftp program for the command line.

The TFTP method may work when the vendor's firmware blocks other upgrade methods from the original firmware.

To prepare to flash via tftp:

Reset the router NVRAM to defaults, as described above.
Put the router into Rescue Mode, as described above.
Put the FreshTomato firmware file in the same folder as your
tftp program.
Open a command prompt, and change directories to the folder
containing the firmware. Then type:
“tftp –I PUT filename.trx <IP address of router>“
but DO NOT press Enter.
(Replace “filename.trx” with an appropriate image file name for
your model)
Unplug the AC adapter from the router. Hold down the Reset button
while reconnecting the AC adapter.
When the power light starts slowly blinking, let go of the Reset button.
Press enter at the above command line to start the tftp upload process.
Wait at least 10 minutes for the upload to complete.
If successful, you'll be taken to the FreshTomato logon screen.
Log on to FreshTomato and reset NVRAM, as in the above screenshot.

Rescue Mode has a timeout period that limits how long you have to start firmware upload. If the timeout expires, you may need to put the hardware into Rescue Mode again and restart the flashing process.

Broadcom CFE miniWebserver Method

Modern routers use CFE (Common Firmware Environment) for bootstrapping.

For some Broadcom devices, CFE is preset to run the convenient miniWeb server interface (shown above). CFE lets you install any compatible firmware on your device, making the router largely “unbrickable”.

When CFE loads, it sets the router's address to: 192.168.1.1. You can connect to it by setting your client Ethernet interface with an address in the same subnet (192.168.1.2) and entering the above address in a browser. CFE has a timeout period, so you need to reset the router and access it before it decides to load any custom/stock firmware on the device.

If Freshtomato is already installed, you can change the CFE timeout by changing the Boot Wait Time parameter in the Miscellaneous menu.

CFE can also be accessed by using a console/command prompt and connecting via a USB-to-serial interface. However, that is appropriate only for advanced users with special (but cheap) equipment.

Flashing Linksys Hardware

Flashing when Tomato is already installed.

If your router has a Tomato fork already installed, you can use the Administration/Upgrade menu in the web interface to upgrade to FreshTomato.

Flashing from Stock (OEM) Firmware

In some cases, flashing Linksys gear is a bit more complicated than flashing other brands. Before flashing, you're advised to read the Notes section in the Hardware compatibility list for important details. This includes important warnings about NVRAM size/limitations, CFE modifications that might be required, hardware revisions and more.

Some models might need to be flashed with a special “initial” firmware build first before you can install a regular FreshTomato build. Please read about this (above) before flashing.

There is no official HOWTO for flashing Linksys hardware. However, these unofficial HOWTOs on the forum have been worked many times:

For models:

ea6200
ea6350v1

Linksys-EA6200/EA6350v1 Freshtomato-ARM & Discussion.

For models:

ea6300v1
ea6400
ea6500v2
ea6700
ea6900v1

How to flash Linksys EA6300v1, EA6400, EA6500v2, EA6700, EA6900v1.0/1.1 with Tomato

If you're still not sure what to do, post an question on the Tomato forum to avoid problems.

You should also read the Notes section at the bottom of this page for details on general flashing basics.

Flashing Netgear Hardware

Netgear R-series

When Netgear firmware is already installed

If you have a R-series router with stock firmware installed, you must first flash with a “Netgear R-series initial” file. Once you have an initial FreshTomato build installed, you can then upgrade to new versions using normal build files. The initial .zip file contains a file with ”.chk“ file extension. You can install that initial file via the original Netgear firmware.

For example: the following steps list the process for flashing an R7000 with an initial build, and then a normal build.

First, download the 2 files you'll need to flash the R7000:

The “R-series initial file” for R7000:

/downloads/freshtomato-arm/2023/2023.2/Netgear%20initial%20files/freshtomato-R7000-2023.2-initial-64K.zip

This .zip file has MD5SUM value: e3ef483d088215e9abe4888e0dd36d37

The normal R7000 AIO build file:

/downloads/freshtomato-arm/2023/2023.2/K26ARM/freshtomato-R7000-ARM-2023.2-AIO-64K.zip

This .zip file has MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf

Run a hash check program against both files to check their integrity. On Windows, HashMyFiles works.

If the hash check program finds an MD5 matching the number above, the file is good. If it does not match, the file was corrupted during download and should be downloaded again.

Do not flash using the contents of .zip files that fail a hash check.

Now, unzip the .zip files. The contents should look like this (for this specific router/FreshTomato release):

freshtomato-R7000-2023.2-initial-64K.chk

freshtomato-R7000-ARM-2023.2-AIO-64K.trx

If you're not sure which build file to download,

Check the Hardware compatibility list for your model
Read the ”How Do I Choose a Firmware Build“ section in the FAQ
- A table there illustrates the naming scheme of FreshTomato builds.

In the case of the R7000, the data in the table describe these specifications:

CPU: The R7000 contains an ARM chipset
NVRAM: The R7000 contains 64KB
AIO = All in One build (contains all feature available).
Thus, we choose firmware with filename:
freshtomato-R7000-ARM-[version]-AIO-64K.trx (only after we've flashed an initial build).

Now, perform the flash procedure:

Connect your PC and your router via an Ethernet cable.
Do NOT use WiFi.
Disconnect all other Ethernet cables.
Power on the router. Wait 2-5 minutes until it finishes booting.
Reset the router to factory defaults by holding down Reset with a paperclip
for 30 seconds. Follow the user guide for specifics.
Wait again 2-5 minutes until the router finishes rebooting.
Open a browser and type: 192.168.1.1. Log on with your Username/Password.
Disable DHCP. Go to Advanced–> LAN Setup and uncheck “Use Router as DHCP Server”.
Click Save.
Go to the Advanced TAB > Administration > Router update.
1. Browse to the .CHK file above (freshtomato-R7000-20xx.x-initial-64K.chk) then click UPLOAD.
When prompted to continue, click OK.
At the Router Update screen, click YES. The screen shows: “The Router is updating its firmware”.
The Router Update screen then shows: “Rebooting the router now, please wait”.
Wait 2-5 minutes until you're presented with a login. Do NOT log on.
1. If the PC address changes to: “169.254.x.x”, Windows set that
  because it couldn't find a DHCP server.
2. Wait 5 minutes, then go to the next step.
Press the Reset button once briefly with a paper clip.
As the router reboots, configure your PC with a static address: “192.168.1.9”
and gateway: “192.168.1.1”.
1. This step may not be needed, as the router should be running DHCP,
  and should assign your PC an IP address.
Ping the router's IP address to verify that it finished rebooting: “ping -t 192.168.1.1” .
1. Wait until the ping results show that it rebooted (“Destination Host Unreachable”)
  and reconnected (“64 bytes from…”) twice.
2. Flashing is finished. With the router rebooted, you can connect to its Web interface.
In a web browser, enter: “192.168.1.1”. Enter Username: “root”, Password: “admin”.
If this fails:
1. In some initial firmware releases, the username is “admin” and
  the password is ”@newdig“
2. Use a private browser (incognito) window.
3. Clear the browser cache.
4. You probably didn't reset the device, or you wait long enough.
  Please repeat Step 13.
You should now be logged in. You should see “System” on the Overview menu.
Under Configuration > Restore Default Configuration > choose “Erase all data in NVRAM memory”.
Click OK.
Now, you should see: “Please wait while the defaults are restored…”
Eventually, the initial build is installed and NVRAM cleared. Now, upgrade to a normal build.
Continue in (or open) “192.168.1.1” in a browser window.
Under Administration > Firmware Upgrade, click Browse… and find the .TRX file above.
This was the .trx file at the time this was written. Select it, then click Upgrade.
Wait. You'll see a timer, and: “Please wait while the firmware is uploaded and flashed.”
Wait. You'll see “Image successfully flashed. Then you'll see: “Please wait
while the router reboots…” and a countdown.
Eventually, you'll be asked to Click “continue”. Do so, and you return to
FreshTomato's main menu.
Under Administration > Configuration > select “Erase all data in NVRAM memory”,
and click OK.
You should see: “Please wait while the defaults are restored..” and a countdown timer.
Eventually, you should be be prompted to click “Continue”. Click “Continue”.
You should now be back at the Upgrade Firmware menu. The flashing
process is complete.

When FreshTomato is already installed

If you have FreshTomato installed on your Netgear, you can upgrade to new releases using regular build files. These .zip archives contain firmware files ending with the .trx file extension.

Flashing Netgear Routers back to Original Netgear (Genie) Firmware

A Netgear router with FreshTomato installed can't be directly flashed back to original Netgear firmware from within normal builds. Some Netgear models can be flashed back to Netgear firmware using special “Netgear back to OFW” builds. Check if your Netgear model is supported in the “Netgear Back to OFW” folder in the appropriate FreshTomato downloads folder:
"Netgear back to OFW" firmware

FCC Regulation Change Affecting Wireless Routers

In 2015, The US FCC (Federal Communications Commission) passed legislation designed to block people from changing certain WiFi settings, to avoid radio interference with other devices. WiFi radio power had to be implemented in hardware so that end users couldn't modify it. For example, the FCC wanted to make sure end users didn't override country settings or power limits which might affect radio power.

Some hardware vendors reacted to the legislation in an extreme way, blocking third-party firmware from being flashed at all. (The FCC did not actually require anything like this). As a result, some companies' hardware could not be flashed with third-party firmware from within the factory firmware interface. If you tried to do so, you'd simply receive an error stating it wasn't possible. This resulted in a lot of controversy.

ArsTechnica.com: FCC: Open source router software is still legal under certain conditions:
https://arstechnica.com/information-technology/2015/09/fcc-open-source-router-software-is-still-legal-under-certain-conditions/

SLATE: FCC Support for hackable routers is a win for all of us:
https://slate.com/technology/2016/08/fcc-support-for-hackable-wireless-routers-is-a-win-for-all-of-us.html