Friday, 6 September 2013

Configuring Tomato....

I thought I'd add some notes on the setup I'm using for Tomato on the router, just in case anyone wishes to follow and finds them useful. Please note that these are simply the ways I've found of doing the things I find useful, they are not necessarily the best ways nor the only ways - so I'm open to suggestions...

Persistent Storage

The only persistent storage on most routers is NVRAM, this is limited both in size and life, ie. each write action diminishes the life of the module (much more so than with, say, a hard drive). The Tomato implementation makes the firmware read only, any files that need to be read/write are created under /tmp directories during boot and are lost in a power down or reboot.

This can be a nuisance if you use logging to create a long term record of bandwidth usage, useful with a capped mobile account. It also means there is no way to store your own programs or other files that are not part of the firmware.

It is possible to create a persistent file system within the router using JFFS. Tomato provides menu support to format JFFS so, providing the router has sufficient RAM available, this is one way provide persistence. I've created a jffs filesystem and my bandwidth log, system log, kplex and VPN certificates are kept on it. The jffs filesystem is enabled fairly early in the boot sequence so putting the system log on it, whilst it doesnt show a complete record, is perhaps a good compromise.

It is also possible, with TomatoUSB, to use USB storage devices. I have a micro SD card as part of the mobile dongle. That has been formatted as an ext2 filesystem, because this hardware also suffers from write limitations and ext2 has no journalling, to use with the router firmware. It is on this device that files not needed for day to day router operation are kept. These include kplex source, tomatoware, entware and couple of large utilities. When tomatoware or entware programs are required, that directory can be mounted on /opt or wherever else it is required. The firmware takes care of mounting the filesystem as a whole.

Bandwidth Monitoring

As said above, its useful to keep track of data usage if only to verify the information recieved from your ISP. Enabling bandwidth logging and putting the log file into the jffs filesystem means that usage data survives reboots. By excluding the wireless device traffic from the logging I can ensure that the kplex NMEA traffic is not added to the internet data traffic. I have verified this by comparison with ISP records.

VPN

I currently use the Astrill VPN service. Astrill provide an install script for Tomato and DD-WRT which adds an explicit menu item to Tomatos user interface. However, what this actually does, given the firmware filesystem is read only, is place a script into NVRAM which is executed at boot to download and install the Astrill menus and operating files. This only works if the router has a working internet connection at boot time, not guaranteed on board. It also uses some 2.5k of valuable NVRAM space with all the variables it sets up.

It is also possible to obtain the VPN access certificates from Astrill, then configure the VPN access 'manually' storing the certificates, which are user unique, on the jffs filesystem. The downside is that its slightly more difficult to change end points but the advantages are that the VPN service is always there ready to use, start up of the service is far quicker than the cumbersome Astrill provided scripts and there is very little NVRAM used - the advantages far outweigh the disadvantage.

Utilities

WinSCP and putty, both invaluable. WinSCP to transfer files from Windows and make editing much easier on the router (I dont have to struggle with vi :)).

All that said, I'm planning to try implementing OpenWRT instead of Tomato fairly soon. I think that might resolve, or provide the tools to resolve, the problems I'm seeing with conflicting serial devices.

2 comments:

  1. Thanks for posting these write-ups, they've got me interested in doing something similar. I will be using OpenWRT, so I was wondering if you ever made the switch to that firmware and how well it worked?
    Were you able to build kplex directly on the router, and what dependencies did you have to install?
    Thanks! Caesar on yacht Mollymawk

    ReplyDelete
    Replies
    1. I havent (yet) migrated my router to OpenWRT. Mostly because the imperative to do so is no longer so urgent, the conflicting serial device problem I've worked around simply by not plugging the mobile dongle direct into the hub router. There is also the concern that devices with the Broadcom wireless chipset that mine has are not really on the main development branch of OpenWRT and are not supported by older, stable versions.

      I used 'tomatoware', a compile environment for Tomato, to build kPlex direcitly on the router having failed to create a cross compile environment that would work. 'tomatoware' was installed on a mountable USB stick on the router and utilised from there.

      I found, with the help of tomatoware's creator, that I needed a couple of compile options to get a clean build of kPlex that would run when the compile environment was unmounted. Those options are -zmuldefs and -static; the first seems to deal with multiple definitions of the same variable in the source, the second builds all externally called functions into the kPlex module making it independent. A side effect of using -static was to create a much larger module, c. 600k against about 70 iirc. I used another utility 'upx' to compress the compiled module, which got it down to a more reasonable 200k.

      One of the things that made this route feasible is that Tomato has drivers for the FTDI Serial-USB converter built in, you do have to load them with each reboot however as they are not part of the core function. I havent looked at OpenWRT for a while now so cant remember if the same drivers are present. I also found it was possible to use a USB hub to enable multiple USB inputs to a router with limited USB ports, kPlex didnt seem to mind so long as you address each one correctly.

      Delete