Disclaimer: If you brick (i.e. ruin) your router by following this page, I will not be held responsible. Although much effort has been made to ensure the correctness of the information presented here, it is possible there are still incorrect or outdated information. I have personally tried flashing RT-N16 and RT-N12 B1 only. (If you happen to make the router unbootable, retry the Asus recovery procedure with Asus stock firmware.)
Last update: 2014-4-24
Is Tomato firmware affected by the OpenSSL heartbleed vulnerability?
Yes. The good news is that it has already been fixed. Tomato by Shibby fixed it in V117. Toastman Builds of Tomato starting from 2014-4-22 also include the fix.
Why install Tomato firmware?
- You need a feature that is supported by one of the variants of Tomato but not the stock Asus firmware
- You’re doing P2P and the router crashes / reboots
- You’re having an issue that you suspect it to be a bug in the stock Asus firmware
- You don’t like or don’t trust stock Asus firmware
What are the downsides of Tomato firmware?
- Tomato firmware disables Broadcom Cut-Through Forwarding (CTF) by default because it is incompatible with some Tomato features. At least for some Asus models, on Asus firmware with QoS and certain features disabled, the router activates CTF and yields a throughput that is greater than on Tomato with QoS and CTF disabled. Recent Tomato by Shibby firmwares show an option for enabling CTF, but there are reports that enabling it may not actually yield a difference for some models or firmwares. Tomato by Shibby also does not support FastNAT because it is incompatible with QoS, Bandwidth limiter, IP Traffic, Bandwidth Monitor and Web usage functions.
- In some cases, the WiFi behavior of the Asus firmware may be different from the Tomato firmware, because they usually use different versions of the Broadcom drivers. In general, Asus stock firmware may offer slightly higher WiFi performance than Tomato, because Asus usually uses newer Broadcom drivers, while Tomato usually sticks with an older but proven release that is more compatible with other client devices. As of June 2013, there are test builds of Tomato with newer and faster WiFi driver.
Why Asus router?
- You want to run Tomato firmware, and a few Asus models are supported
- Usually cheaper than Cisco / Linksys for the same level of hardware
- You don’t like internal antennas as found in recent Cisco / Linksys models
Which Asus router to purchase?
In case you need recommendations for an Asus router, here’s my opinion (I currently own a RT-N16), in descending order of router CPU performance:
- There is no doubt RT-AC68U is the best Asus router one can buy to run Tomato as of this writing. Naturally it is also the most expensive.
- Between the expensive RT-AC68U and the not too expensive RT-N15U, RT-AC56U is a better choice for price/CPU performance consideration, but RT-AC66U is better for WiFi. However, RT-AC56U has internal antennas (not preferred) rather than external (preferred), and there are various reports of 2.4GHz issues with the RT-AC56U.
- (A unique non-Asus router deserves a note here. There exists a Tenda W1800R that enjoys a dedicated Tomato build from Shibby. Its hardware specification is at the same level as RT-AC66U but with 16MB flash only, at a significantly lower price. This brand does not have a good reputation, and is well known to have crappy firmware. Some have successfully flashed it to run Tomato. However, more than a few people found that if something went wrong with the flashing it will be bricked, and cannot be recovered unless you disassemble it and solder a TTL cable to it. As of 2014 April, there is a minor issue with the 5GHz LED indication cannot be turned off in Tomato.)
- RT-N15U: This seems like a cheaper successor to the old RT-N16. In terms of specifications it looks fine, and should perform faster than RT-N53 if one does not need 5GHz WiFi. I think that people with higher than 200Mbps broadband should consider something more powerful than this.
- RT-N53 A1: 5GHz is really important, so if the budget allows, it is better to buy a model that supports 5GHz (starting with 6 or 5 in the model number). It is possibly the single most important tool to avoid WiFi interference from neighbors for now. However, its Ethernet ports are 100Mbps instead of 1000Mbps Gigabit Ethernet, so this router does not make sense if you have higher than 100Mbps broadband, or you are going to connect more than 1 PC to it via Gigabit Ethernet.
- For a really low budget router, RT-N12 D1 is a nice choice. I have measured that its predecessor RT-N12 B1 can deliver 90Mbps WAN-to-LAN throughput. So even on a 100Mbps broadband connection, this router is sufficient for the usual consumers who only do typical web browsing and some occasional P2P. (For serious P2P something better should be used.) Those who need a stronger signal should consider the RT-N12HP variant, but it is more expensive though. Again this budget router only has 100Mbps LAN ports, so it is unsuitable if you are going to connect more than 1 PC to it via Gigabit Ethernet.
- This is really important: only buy a router with 8MB flash or more. Avoid all 4MB flash routers.
After flashing an Asus router to Tomato firmware, can I go back to Asus stock firmware?
Yes, simply use the Asus Firmware Restoration Utility from CD or web, together with the correct Asus firmware from web.
Differentiating among various models of Asus RT-N router series:
It is critical to find out the correct model of your router, its hardware revision, and the flash size before you proceed to install any third-party firmware such as Tomato to your router. Unless otherwise stated, all Tomato-supported models in this list should use the RT-N driver instead of RT driver when choosing a correct Tomato firmware.
In addition to the following list I maintain, please also read the official supported router list of Tomato by Shibby
- RT-AC68U: ARM dual core BCM4708A @ 800MHz, 128MB Flash, 256MB RAM, AC1900. Use Shibby V118 or later.
- RT-AC66U: BCM4706@ 600MHz, 128MB Flash, 256MB RAM, AC1750. 5GHz is only supported from Shibby Builds starting from 111.
- RT-AC66W: Same hardware as RT-AC66U but in white color
- RT-AC66R: Same hardware as RT-AC66U but sold by BestBuy
- RT-AC56U: ARM dual core BCM4708A @ 800MHz, 128MB Flash, 256MB RAM, AC1200. Use Shibby V118 or later.
- RT-AC52U: This model does not use Broadcom chipset and therefore cannot run Tomato firmware
- RT-N66U: BCM4706@ 600MHz, 32MB Flash, 256MB RAM, dual band 5/2.4GHz support. Only supported by Toastman Builds starting from 2012-2-(end) and Shibby Builds starting from 085V.
- RT-N66W: Same hardware as RT-N66U but in white color
- RT-N66R: Same hardware as RT-N66U but sold by BestBuy
- EA-N66: This model does not use Broadcom chipset and therefore cannot run Tomato firmware
- RT-N65U: This model does not use Broadcom chipset and therefore cannot run Tomato firmware
- RT-N56: This model does not use Broadcom chipset and therefore cannot run Tomato firmware
- RT-N53: BCM5358U @ 300MHz, 8MB Flash, 32MB RAM, dual band 5/2.4GHz support. Supported by Shibby build starting from 104 with 5GHz support.
- RT-N53 H/W version A1: Supported by Shibby build starting from V114
- RT-N16: BCM4718 @ 480MHz, 32MB Flash, 128MB RAM, 2 USB 2.0. Officially it is recommended to use RT driver versions of Tomato, although I use RT-N driver and it works for me. It seems that many Tomato developers have this router, so this is a nice router for Tomato if your broadband is less than 150Mbps and you don’t need 5GHz WiFi. I use one too.
- RT-N15U: BCM5357 @ 500MHz, 8MB Flash, 64MB RAM, 1 USB 2.0. Supported by Shibby build starting from 093.
- RT-N15: This model is totally different from RT-N15U. It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N14UHP: Seems to use Broadcom BCM5358, but Tomato compatibility is unconfirmed. Triple 9dB antenna. It is far too expensive for a router without 1000Mbps Gigaibit Ethernet. (To be confirmed)
- RT-N14U: This model does not use Broadcom chipset and therefore cannot run Tomato firmware
- RT-N13: This model does not use Broadcom chipset and therefore cannot run Tomato firmware
- RT-N12 LX: This model is totally different from RT-N12 (without LX). It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N12E: This model is totally different from RT-N12 (without E). It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N12 H/W version 1: BCM4716 @ 300MHz, 4MB Flash (too small for recent firmware), 32MB RAM. Recommended to use RT driver versions of Tomato, although RT-N driver should also work. Beware there are reports of instability with this router.
- RT-N12 H/W version B1: BCM5357B0@ 300MHz, 8MB Flash, 32MB RAM. Only supported by Toastman Builds starting from 2012-2-6 and Shibby Builds starting from 083V. (Note: There are many web pages listing this model having 4MB flash only, but the unit I tried really has 8MB flash, and many experts in relevant forums agree this model has 8MB flash too.) (Newer shipments may have changed the chipset to BCM53572.)
- RT-N12 H/W version C1: Same as RT-N12 B1 but with a “Black Diamond” appearance
- RT-N12 H/W version D1: (To be confirmed) BCM53572. This is functionally the same as C1 but equipped with a built-in signal amplifier.
- RT-N12HP: This is functionally the same as D1 but equipped with two 9dbi antenna. A review reported that its WiFi signal is good enough even after passing through two concrete walls.
- RT-N12 VP: I suspect this to be a cost-down version of RT-N12 D1, losing the signal amplifier and the antennas may become non-detachable. Tomato compatibility is unknown. (To be confirmed)
- RT-N11: This model does not use Broadcom chipset and therefore cannot run Tomato firmware
- RT-N10P: RT-N53572 @ 300MHz, 8MB Flash. With a 5dbi antenna, it seems to be a nice 150Mbps WiFi budget variant of the excellent RT-N12 series. Supported by Shibby build starting from V114.
- RT-N10P V2: Unknown (To be confirmed)
- RT-N10+: This model is totally different from RT-N10U. It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N10+ B1 , C1: This model is totally different from RT-N10U. It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N10+ D1: (To be confirmed) BCM5356 @ 300MHz, 4MB Flash (too small for recent firmware), 16MB RAM. There is a forum reporting stating success with flashing tomato, but with the following limitations: 1. Power LED does not behave correctly; 2. WAN/LAN ports are shifted, such that LAN Port 4 needs be used for WAN, and the original WAN port becomes LAN Port 1; 3. GUI nvram clear must not be used otherwise it goes back into firmware restoration mode
- RT-N10 LX: This model is totally different from RT-N10U. It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N10E: This model is totally different from RT-N10U. It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N10E B1: (To be confirmed) I suspect this is very similar to RT-N10+ D1. I have NOT found any report of success of running Tomato on this.
- RT-N10 H/W version 1: BCM5356 @ 300MHz, 4MB Flash (too small for recent firmware), 16MB RAM. Some versions of tomato support this model (Build 52 or earlier). Some do not and WILL BRICK your router. Exercise extreme caution.
- RT-N10 H/W version B1 / C1 / D1: This model is totally different from H/W version 1. It does not use Broadcom chipset and therefore cannot run Tomato firmware. You’re screwed.
- RT-N10U: BCM5357 (or BCM5356U?) @ 300MHz, 8MB Flash, 32MB RAM, 1 USB 2.0. It is functionally a 150Mbps N-Lite (instead of 300Mbps N) version of RT-N12 B1 with a USB port added. Only supported by Toastman Builds starting from 2012-2-6 and Shibby Builds starting from 079V (with a USB LED fix in 093)
- RT-N10U B: Same as the original RT-N10U, but with a “Black Diamond” appearance
Choosing the right version of Tomato
There are several forks of Tomato by different developers, and some of which are no longer maintained. For corporate environment, Toastman Builds are usually more suitable because it has DHCP disabled by default, such that a router that has lost its settings and rebooted will not run DHCP server accidentally. For home users, many people prefer Shibby Builds – some variants come with Transmission BitTorrent client.
How to choose:
- For Shibby Builds, look into the K26ARM folder if your router uses an ARM CPU (i.e. RT-AC68U, RT-AC56U). Otherwise, if you have an RT-AC router instead of a RT-N router, look into the K26RT-AC folder. For RT-N routers, look into the K26RT-N folder. Special cases: For RT-N66U, you have a choice between using the K26RT-AC version or the K26RT-N version. For RT-N16 or RT-N12 H/W version 1, you have a choice of RT-N driver or the old RT driver.
- Find the latest release by version number with the appropriate language suffix (-EN or none for English). To avoid the OpenSSL heartbleed bug, use only V117 or later.
- Choose a “K26USB” or “K26″ (without USB) firmware depending on whether the router hardware has USB ports or not
- For specific models such as RT-AC66U, RT-N66U or RT-N53, there may be special builds for them, different from other models. For RT-N53 the file is named in the format of tomato-K26USB-1.28.RT-N5x-MIPSR2-XXX-RT-N53.trx
- If both MIPSR2 and MIPSR1 firmware are listed, use only MIPSR2 firmware for the Asus RT-N models described on this page
- If your router has more than 8MB Flash, you may use the AIO (All-in-one) firmware with all features
- If your router has a USB port and you need to run a BitTorrent client on the router, choose BT-VPN, otherwise I suggest Big-VPN. (See the builds.png below)
- Verify that its file size is less than the flash size of your router. Be very careful if you have a 4MB Flash router – you may need to use Mini variants in order to fit the 4MB Flash requirement. However, recent releases may not have any variant that will fit into 4MB.
- Stay away from NVRAM60K versions or those with other model names (Ex000, F7Dxxxx, etc.)
- There may special test builds with a newer and faster WiFi driver.
Here’s the builds.png that illustrates the different configurations of Tomato by Shibby. This is not necessarily the latest version, if necessary please search each folder for the latest version.
Toastman Builds are available from http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html (Start from early 2012 It seems to require creating a free account for downloading.)
For latest build types, find “Toastman Releases” from linksysinfo.org
- Mini – no USB, no CIFS, no Zebra
- MiniIPV6 – no USB, no CIFS, no Zebra + IPv6
- Std – normal build
- Ext – normal + Extra utilities + NTFS
- VPN – normal + Extras + NTFS + VPN
- VPN-NOCAT – normal + Extras + NTFS + VPN + NOCAT portal
How to choose:
- For Toastman Builds, go to the RT or RT-N folder according to your Asus model requirement discussed above.
- Read the changelog and see which version you want to try out, or just go to the latest version. To avoid the OpenSSL heartbleed bug, use firmware 2014-4-22 or newer.
- If your router has USB port(s), find those firmwares with “USB” in the filename, otherwise find those firmwares without “USB” in the filename.
- Unless you have to use the VLAN feature, do not choose a VLAN firmware.
- Unless you have to use the Captive Portal feature, do not choose a NOCAT firmware.
- Get a firmware with VPN in the filename, and verify that its file size is less than the flash size of your router. Be very careful if you have a 4MB Flash router – you may need to use Std or Mini variants (instead of VPN) in order to fit the 4MB Flash requirement.
- Stay away from NVRAM60K versions or those with other model names (Ex000, F7Dxxxx, etc.)
Installation Procedure (adapted from patricksheedy.net)
Note: some people say you need to install DD-WRT first. I do NOT recommend anyone to install DD-WRT first before installing Tomato on Asus routers.
- Download a suitable tomato firmware as described above
- Install the Asus router utility from the CD that came with the router. Run \Utility\setup.exe from the CD to install it. If you no longer have the CD you can also download it from the Asus website.
- Disable Firewall on your computer.
- Disable anti-virus on your computer.
- Connect your computer to one of the LAN ports of the router with an ethernet cable.
- Assign a static IP of 192.168.1.10 and subnet mask 255.255.255.0 to your computer LAN port.
- Disconnect the router WAN port if you already have a cable plugged into that port.
- From Windows Start menu, run ASUS Utility -> RT-N Wireless Router -> Firmware Restoration. (If you experience problems uploading, try running it as Administrator.)
- Click the Browse button and select the file that you downloaded in step #1. Don’t click the upload button yet.
- Put the router in recovery mode: Unplug the power cord of the router. Hold down the black Restore button using a pen (not the red button). Plug the power cord back in. Once the power light starts flashing slowing, release the Restore button. The power light should continue to flash. The flashing light means the router is ready to accept the new firmware in recovery mode.
- Click the upload button in the Restoration utility. If it warns about incorrect Asus firmware, ignore it. The firmware should now start uploading into the router. Don’t touch anything while the firmware is being uploaded. (Note: these steps worked when I flashed my RT-N16. However, the utility could not find my RT-N12 B1 when I tried to flash the router, although it did work for other people. After failing for more than a dozen times, I tried to perform the upload first before putting the router in recovery mode, then it finally worked. Later I tried a different unit of RT-N12 B1 strangely it could be flashed the first time using the normal procedure. If neither of these procedures work, please see the Addendum in The Wiert Corner, and the tftp method described by Simeon W in the comments section.)
- No matter whether the utility says the upload is completed, or it hangs at a certain percent, DO NOT PANIC, and WAIT FOR FIVE MINUTES before you do anything else.
- After five minutes, open a browser and go to http://192.168.1.1. Login with user “admin” (or “root”) and password “admin”. You should be logged into Tomato.
- Administration -> Configuration -> Restore Default Configuration -> Erase all data in NVRAM memory(thorough) -> OK (Note: there is a forum report saying this reset function does not work properly on RT-N53 – in this case, try the hardware reset button.)
- After it is completed, login again, enable DHCP (for Toastman Builds), change admin password, enable WiFi security if you use WiFi, plug in your WAN connection and configure it. Also take a look at the CPU frequency, you may need to manually change it if it is not correct. (Note: overclocking your router is usually not a good idea from my experience.)
- Change your computer LAN port back to use DHCP (dynamic address) and dynamic DNS.
- If you happen to make the router unbootable, retry the Asus recovery procedure with Asus stock firmware. (This occurred to me once when I tried to upgrade a RT-N12 B1 from a 2012 Toastman Build to a 2014 Tomato by Shibby. After some struggle with the timing precision required by the Asus Firmware Restoration utility, I recovered it successfully using Shibby V117 tomato-K26-1.28.RT-N5x-MIPSR2-117-Max.trx )
- If you upgraded from DD-WRT to tomato but cannot login, it’s because you did not get the password before the upgrade, so you need to reset it – google for it
- If something does not work as expected, try “Erase all data in NVRAM memory(thorough)”, and/or use the reset button. You may also try the WPS button in addition to the reset button. If you run Toastman build, remember that after this you’ll have to use static IP instead of DHCP to connect to the router before you can re-enable DHCP again.
- If you experience WiFi issues, try a different WiFi channel, turn off Interference Mitigation and APSD Mode, use 20MHz instead of 40MHz channel bandwidth. Turn off power saving at the WiFi client side (or set it to CAM if there is no off setting). Auto channel in some configurations may yield channel 12 or channel 13, and many client devices do not support these channels without changes to an advanced setting (could be a driver property in case of Windows client). If you’re using a test build with a newer WiFi driver, try falling back to the normal build, and vice versa. If you’re using RT-N16 or the original RT-N12 H/W Version 1, you have an additional choice between RT driver or RT-N driver – try each of them to see which one works better. If you’re using RT-N66U, you have an additional choice between the RT-N version and the RT-AC version.
- If 5GHz does not work, check that you are using the correct build (especially for RT-N53 firmware, which may be different from others). Set Country to EU. Also try clearing the NVRAM data, and clearing it using the hardware reset button.
- If AC mode does not work, set mode to Auto and Channel bandwidth to 80MHz. Make sure you are on the latest Tomato compiled for RT-AC.
- With very new router models that are not completely supported, sometimes the Ethernet port order may be reversed. Look for a newer firmware, or try “Invert Ports Order” option.
- If your router reboots while doing BitTorrent, etc., reduce the number of connections in the router and/or BitTorrent client.
- If you use Shibby BT-VPN and found the built-in Transmission BitTorrent client to be unstable even after reducing the number of connections, you may try Big-VPN or BTgui instead, then install Transmission as optware. This should be more stable. Google for it.
- If you have a 150Mbps+ broadband internet but found that Tomato is not delivering a reasonable WAN-to-LAN performance, try to make use of the bcm_nat module for Fast NAT. Google for it.
- Royee (see the comments section) found that the Windows driver for the network adapter needs to be updated in order to connect to the Tomato router.