dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5355
share rss forum feed

Rastan

join:2007-04-25
Canada
Reviews:
·TekSavvy DSL
·voip.ms

[Tomato] Linksys e4200 router firmware questions

I recently purchased a Linksys e4200 router which has version 1. I'd like to use a third party firmware because this router has the WPS vulnerability that can't be fixed with stock firmware.

I think tomato firmware fixes this vulnerability because it doesn't support WPS. I don't know which tomato firmware to use. This link lists a variety of different tomato mods. »linksysinfo.org/index.php?thread···s.26037/

Has anyone tried any of these? I also have a question about clearing NVRAM. I read a post from someone about clearing NVRAM after updating firmware to tomato. How would I do this? If for some reason the firmware upgrade goes wrong, will my router be bricked? Would I be able to fix this?

Thanks.

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1
The latest firmware from Linksys does fix the WPS problem and it can be disabled. I use Tomato for my E4200. My choice is Victek builds. »victek.is-a-geek.com/downloads.html He just released a new version today and I will be upgrading to it shortly here. In a few more minutes actually. If you are coming from stock to Tomato. Before flashing. Set defaults back. Then flash to Tomato. After clear NVRAM (thorough) from with in the gui. It is EXTREMELY important to do that. After that. You can configure. From there on out. If you continue with Tomato and upgrade to new versions as they are released. Clear NVRAM (thorough) before and after the flash. Right before you flash. You will see a little box that says clear NVRAM after flash. Check that and do the upgrade to the newer version. Pretty hard to brick. Tomato is the easiest to install with Linksys routers.


seginus

join:2008-01-30
Worcester, MA

1 recommendation

Is it suddenly A LOT easier to change firmwares now? Haven't needed to do one in a while but after looking at Victek's site, it sure does seem simpler.

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1

1 edit
Linksys and Tomato has always been simple. Coming from stock. You just update the file and clear NVRAM after. Done and configure. DD-WRT is a little more work. You need to flash mini build. Then final build.

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1

1 recommendation

reply to Rastan
Click for full size
Stock Fimrware Upgrade
Click for full size
Tomato Version Upgrade
Posting a couple pictures for you to further help. First picture is coming from Linksys stock firmware. That is what you would want to select and do after the flash when logging into the router. Next picture shows going from one version to another. With you wanting to make sure you check that little box to clear NVRAM after flash. Then you configure.

Rastan

join:2007-04-25
Canada
Reviews:
·TekSavvy DSL
·voip.ms

1 recommendation

Thanks for the info, KoRnGtL15. The pictures are also very helpful. I assume that once I log into the router I'll automatically be taken to this page that lets me clear the NVRAM? If not, where would I find this?

Are you sure that the latest firmware from Linksys fixes the WPS problem? According to this thread, it doesn't. »community.linksys.com/t5/Wireles···p/405327

Although it's an old thread, someone explains that it's a flaw with the way WPS is designed and as long as the firmware supports WPS, there's no way to fix the vulnerability. This is explained a few pages into the thread.

I don't think Tomato supports WPS so the router shouldn't be vulnerable.

I think I'll choose Victek as you suggested.

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1

3 edits

1 recommendation

It does not take you there automatically. Just follow where on the first picture. Go under Admin. then Configuration as shown in the picture. That thread is old news. The flaw was actually fixed in the second to last latest firmware release from Linksys. I remember because I was able to disable WPS per firmware change release notes.

Release Date: Feb 21, 2012
Firmware version: 1.0.04 (build 11)

- Added Enabled/Disabled feature for Wi-Fi Protected Setup in the web configuration
- Added WPS lockdown feature
- Fixed Linux kernel IPv6 fragment identification remote Denial-of-Service vulnerability
- Fixed Router cannot get a WAN IP address form some ISP
- Fixed Internet Access Policy issue when disabling Parental Control
- Fixed some minor bugs

And you are correct. Tomato does not support WPS. Good choice with Victek. I have been using his builds exclusively since the Linksys WRT54GL days. Also. Make sure to download the latest build 9014-v1.3c. as it was released yesterday. It includes the updated Heartbleed fix. The other builds do not have that fix. He is going to be deleting them all soon any ways because of that. Other Tomato vendors have included the fix as well. Shibby and Toastman. Feel free to post here as well. »www.linksysinfo.org/index.php?fo···ware.33/ We don't bite. Unless we have to! "sarcasm"

Rastan

join:2007-04-25
Canada
Reviews:
·TekSavvy DSL
·voip.ms
It's an old thread but some of those posts were made after the firmware you referred to was released. On page 10 of that thread someone posted this:

[blockquote]
As it stands right now, from what I have read, the firmware now locks down WPS (until the router is rebooted) after 5 unsuccessful attempts, but if you delay 300 seconds after every 4th unsuccessful attempt the lock down feature can be bypassed. At this point I am not sure how long the lock down feature can be bypassed because I haven't tested it with reaver myself. Therefore I am going to assume Cisco dropped the ball again, and they introduced another vulnerability.
[/blockquote]

What do you make of this?

I'll take a closer look at Victek's Website and try to find out if this tomato version supports all of the features. I think that one of Shibby's versions didn't support 5.8ghz frequency. Although I was able to find detailed info for Victek's latest beta build, I haven't found a way to view the details of his stable builds. The links point to the firmware file.

If I were to upgrade to the Linksys 1.0.04 (build 11) firmware, would I still need to clear NVRam or is this only done when upgrading to third party firmware.

I was planning on downloading the stable version - 1.28.9013 V1.2v but now I might upgrade to the newest Linksys build and wait for a new stable Victek build.

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1

1 recommendation

I don't think much of it. Its a really old thread with last response in 5-2012. The current firmware has even been updated since then to 1.0.05 which is the latest. Shibby supports 5GHz you just need to dl the right version. Victek build notes »victek.is-a-geek.com/Repositorio···SION.txt Only clear NVRAM with 3rd party firmware. Back in the day when I used stock firmware. After flashing. I still went ahead and set restore defaults after flashing. Same thing as clearing NVRAM with 3rd party firmware. As I said before. .c version is the only one with the Heartbleed vulnerability fix. Other versions don't have it. Its perfectly fine to download the latest version. Tomato always adds new features. The firmware is rock solid and so are the features. Btw. Linksys stock firmware still has the "TheMoon" vulnerability. Linksys has not fixed it yet. Victek always makes sure to do quality testing before releasing any new build. Look how long its been since. Months ago. You can see in the build notes. I could never go back to stock firmware. I actually want to replace my E4200 with the new WRT1900AC. Only because of age. Bought new in 3-2011. But, will not do so until Tomato comes out for it. Which is a ways off.

Rastan

join:2007-04-25
Canada

1 recommendation

Ok thanks again for all the info. I'm going to upgrade to Victek's firmware tomorrow. For me, the E4200 is new enough. I'm upgrading from a WRT54GL, which is still solid.

Rastan

join:2007-04-25
Canada

1 recommendation

reply to KoRnGtL15
I installed the 9014-v1.3c firmware and everything looks good.

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1

1 edit

1 recommendation

Cool. Be sure to stay on top and check the website every once in a while for a new version. Or be active on that Linksys board if you like. Now he released version D. He has a tendency to do this with a new release. One setting in Tomato you might want to disable. If you use any VOIP for phone. MagicJack, Vonage, Ooma etc. Uncheck SIP and click Save at the bottom. I have included a picture and where to find it.

P.S.

Again. Always remember to clear NVRAM (thorough) erase before and after when upgrading the firmware. And configure from scratch. Don't ever restore a backed up file version of it. Tons of trouble as many things have changed in the NVRAM when upgrading. Only use the restore option when using the same exact version. Say you have it configured and then you can back up settings. If something acts up down the line or a glitch from power outage etc. You can restore file.

**EDIT**

Actually going to a minor version update. Like C to D. You DO NOT have to erase NVRAM (thorough) Only when changing between major versions. Per release notes.

Section 1. How to install or Upgrade.

1.a) Update from previous Tomato RAF beta (1.1d or 1.1e or 1.1f-g-h-i...).

_ Do the update when your device is iddle or few Internet traffic is going throught, it may extend the Flashing time and give you some warnings (Timeout).
_ Stop (Unmount) and unplug any USB device you may have.
_ Use the Administration/Upgrade option in your router menu an then upload the file you downloaded.


Rastan

join:2007-04-25
Canada
Reviews:
·TekSavvy DSL
·voip.ms
I use voip & all my settings are configured in a Linksys PAP2NA device. I tested my voip line after the firmware upgrade and it works. I also have SIP enabled in the settings you listed. What changed if I disable it?

I'll be sure to follow those instructions when I upgrade again. I'll probably wait for another major release though.


mugurd

join:2001-05-24
Ottawa, ON
Reviews:
·callwithus
·ELECTRONICBOX
·Anveo
·Start Communicat..
·CIKTEL Telecom
reply to Rastan
Has anyone by chance tried to go from say Shibby to Victek WITHOUT clearing NVRAM? I have quite a boatload of QoS rules I don't want to recreate...I do realize there is a risk some params might not match.

I have a 4200v1 myself and I'm not too happy about the wireless ping times - from what I gathered Victek is better from that perspective (not 100% could have, as the Broadcom drivers are the same).

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1
If you don't erase NVRAM going from one to another different firmware. You will have major problems and it is never ever advised to do that.


mugurd

join:2001-05-24
Ottawa, ON
Yeah, unfortunately everything I find points to that conclusion.
Let me ask you this: if I save NVRAM to a file, can I then at least paste some config portions?
I can't imagine people start from scratch every time...it is a painful exercise.

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
kudos:1

1 recommendation

They do start from scratch when going to one major firmware version to another. Especially in the case you are in. Some folks do not listen though and post about nothing but problems after. And how Tomato might suck etc. Say you go from 1.0 to 2.0 You want to clear NVRAM. Now if you go from 1.0a, 1.0b, 1.0c etc by the same dev. You don't have to do that. Unless specified in the release notes by the dev.