How to Flash AdvancedTomato Firmware on an Asus RT-AC68U Router

The following article is a detailed how-to on flashing an Asus RT-AC68U router with the AdvancedTomato web interface using the Tomato by Shibby firmware.

When my venerable Linksys WRT54GL Wi-Fi Wireless-G Broadband Router finally died, after many years of faithful service, I began searching for a new router. I finally settled on an ASUS (RT-AC68U) Wireless-AC1900 Dual-Band Gigabit Router. After having used this router for a year now, I am happy to report that I am very pleased with its performance and usability. One of the reasons that I initially chose this router was Asus’s custom ASUSWRT firmware and web user interface.

ASUSWRT was originally based on the open source Tomato router firmware project, which I also ran on my WRT54GL. Since ASUSWRT utilizes GPL source code, then under the GPL, Asus is required to release the source code for ASUSWRT. You can find the ASUSWRT source code on their support site. While I really liked all the features and the web interface that the ASUSWRT firmware provided I soon became disgruntled with how buggy the firmware was.

Being a hacker I downloaded the source code and began perusing it. One of the bugs I had run into was with the OpenVPN client functionality. It didn’t take me very long to find a typo in the code. Trying to report the bug to the Asus developers took a lot longer. Asus frontline support was reasonable, but trying to communicate with anyone above the tier one level proved virtually impossible. Being a software engineer, I can appreciate protecting your backline developers from the onslaught of silly questions that support gets everyday. However, when it is a legitimate issue that needs to be escalated, then the engineers should hear about it. This compounded with various versions of the Asus firmware crashing at least once a month, gave me the motivation to find another firmware for my router.

I considered the ASUSWRT-MERLIN firmware which is also released under the GPL. But when discussing this with a security consultant colleague, he suggested that I give the AdvancedTomato firmware a shot. And now six months later I am really glad that he did. So, what is AdvancedTomato? As the project describes on their website;

A router’s graphical user interface is the most important part of the system because most users are unable or unwilling to configure a router by any other means. Tomato comes with a dated web interface with the option to change the color scheme but for some of us that is not enough. The interface simply feels out of date, out of style and in need of an update. AdvancedTomato enables you to keep all of the features of Tomato by Shibby and also upgrade your router’s GUI to a clean and contemporary flat design. Users who demand a modern feature-filled firmware like Tomato deserve to explore those features using modern intuitive GUI like AdvancedTomato.

But what is Tomato by Shibby? Turns out  that Tomato by Shibby is a project that is based upon the TomatoUSB project, which is a project based on the original Tomato project that I was running on my WRT54GL that I loved so much. You can still purchase a WRT54GL by the way and if you don’t need the newer wireless standards this is a great router. With AdvancedTomato I can have a modern web interface, with all the great features and more of Tomato and it is all free and open source. And I can have it all on a modern dual core ARMv7 processor! This is a great example of how open source projects evolve and fork!

When I originally flashed my new router with the AdvancedTomato firmware I followed this how-to but it didn’t quite work for me. Just today I tried to flash a brand new Asus RT-AC68U router for a client and once again it didn’t work out quite right for me. So, I thought I would write an up to date how-to on what I did to get AdvancedTomato flashed onto my new RT-AC68U. I haven’t tried this on other ASUSWRT routers but the process is probably very similar.

How-to Flash an Asus RT-AC68U with AdvancedTomato Firmware

Disclaimer: Flashing third party firmware on your router will void your warranty. It is possible to brick your router. You have been warned.

All of the how-tos that I have read instruct you to download the Asus Firmware Restoration Utility and install the AdvancedTomato firmware using it. As a Linux user this perturbs me as there is no Asus utility for Linux. But as a technical consultant I have many versions of Windows, Android, and OS X installed on different computers. So, I decided since all the how-tos used the Asus utility, I would try it as well, to lessen the odds of bricking my router.

It didn’t work. I was using a Windows 7 laptop with what was the latest Asus Firmware Restoration Utility at the time. I gave up and used the restoration utility to restore the latest ASUSWRT firmware and decided I would try again later. Interestingly, after I re-flashed my router with the ASUSWRT firmware all my settings were intact. Which was a clue to what went wrong in the first place.

A week later I made another attempt to flash the router with AdvancedTomato. Following the suggestion of a commenter on the how-to, after flashing the router with the Asus utility, I then telneted into the router and performed an NVRAM reset using the command;

mtd-erase2 nvram

Then I rebooted (power cycled) the router and everything worked as expected. Since then I have upgrade the AdvancedTomato firmware a few times via the AdvancedTomato web interface and I have been thrilled with the performance and stability of my router. It has never crashed once!

A client of mine has been having a lot of network and wireless issues. They have an older D-LINK router that is just plain flaky, so I purchased a RT-AC68U with the intentions of flashing it with AdvancedTomato.

I unboxed the client’s router, hooked it up to a Windows 10 box directly to LAN port 1, and installed the Asus Firmware Restoration Utility from the included factory support CD, and once again it didn’t work. I got the same issues I had before. The firmware upload would stall out during the upload and the router would reboot and put itself back into its’ new setup mode. I tried this 5 times and it failed at 13%, 74%, 72%, 79%, and 50% of the way through the upload respectively. I decided that was enough of that. The following is what I did instead, step by step, with explanations.

1. Download ASUSWRT firmware and Restoration Utility

The first thing you want to do is download a copy of the ASUSWRT firmware and restoration utility in case anything goes wrong so you can reinstall the factory firmware. The Asus Support CD that came with your router has a copy of the Firmware Restoration Utility or you can download one from the Asus support website.

You should also download the latest ASUSWRT firmware from the Asus support website. This is not included on the CD so you will have to download it.

If something goes terribly wrong, hopefully you can put the router into rescue mode and use the utility to restore a copy of the Asus firmware. Which is what I did the first time my AdvancedTomato installation failed. Please refer to the Asus router manual under the section Firmware Restoration for instructions on how to do this. If the Asus utility does not work for you, you can try following the method I describe further down for flashing the AdvancedTomato firmware.

2. Download and Verify AdvancedTomato Firmware

The next step is to download the AdvancedTomato firmware. You are probably going to want the latest version. You can download the firmware from the AdvancedTomato website, at the time of this writing you can find this for the RT-AC68U at this URL

Transmission errors due sometimes occur, and you can’t have a single bit corrupted in your firmware installation. AdvancedTomato supplies MD5 checksums for their downloads, use them to verify your download. If you are using Linux simply run the command;


Compare the checksum result with that of the one listed on the AdvancedTomato website. If they do not match, download again and verify until they do. On Windows you can download the Microsoft Checksum Integrity Verifier tool and on OS X you can use the “openssl md5” command.

3. Prepare the Router for Flashing

  1. Make sure the router is switched off and then connect the router’s power supply.
  2. Disconnect all Ethernet cables, except for one, which should connect your computer to LAN port 1 on the router. If you have anything connected to the USB ports, it would be a good idea to disconnect those as well.
  3. Assign a static IP of with a netmask of to your computer.

4. Use the Broadcom CFE Web Server  to Upload AdvancedTomato Firmware

Given the issues with Asus firmware utility, and as a Linux user I wanted an OS agnostic method of uploading the firmware, I used the Broadcom CFE to flash my router. To access the CFE we put the router into rescue mode. You will need something to press the recessed reset switch. I like to use the eraser on a regular old pencil.

  1. With the router powered off, depress and hold the reset switch on the back of the router with your pencil eraser.
  2. While continuing to depress the reset switch, power on the router.
  3. Continue to hold the reset switch until the power LED begins to blink slowly.
  4. Release reset switch, the router is now in rescue mode.
  5. Open a browser and go to

At this point you should see something like this in your browser;


Note: If you changed your router’s default IP, you will need to go to that address as opposed to the default IP of

Click the Browse… button and select your AdvancedTomato firmware .trx file then click the Upload button to begin transferring the firmware. This could take a while, just be patient. Wait at least 10 minutes before giving up.

Once the transfer is complete, you should see a screen like this;

Click the Continue link and the router will reboot. Go ahead and wait until the router completes its reboot. This might take a while, maybe as long as 5 minutes. When the wireless LEDs light up steadily the router should be booted up.

4. Clear the NVRAM

Clearing the NVRAM on the router appears to be a crucial step. As I noted before, the first time I installed the AdvancedTomato firmware I telneted to the router with the new AdvancedTomato firmware and issued the “mtd-erase2 nvram” command to clear the NVRAM. For some reason the HTTP interface did not work, but telnet did. I logged in with the default IP of and the default credentials (user: root, password: admin). But as some OSes (Windows 10) does not have a built-in telnet client there is another way to do this on the router itself.

Although, the Asus manual states that reset button restores the system to its factory default settings, this has never worked for me. However, searching the Internet I have found a method that does work.

  1. Make sure the router has finished booting up, the wireless LEDs should be on and steady.
  2. Locate the WPS button the side of the router.
  3. Power off the router.
  4. Depress the WPS button. While continuing to hold the WPS button power up the router.
  5. Keep holding the WPS button until the power LED begins to blink rapidly. This could take as long as 30 seconds.
  6. Release the WPS button. The router should reboot when you do this.

This should clear the NVRAM and when the router boots up it should be ready to roll.

5. Configure and Enjoy your New AdvancedTomato Router

Wait for the router to finish booting up and then point your browser to and you should see something like this;

AdvancedTomato first screen

Woo hoo! You now have an Asus router running AdvancedTomato firmware!!! Take a look around, I think you will be really happy with all the cool features and the performance and stability of your ASUS (RT-AC68U) Wireless-AC1900 Dual-Band Gigabit Router running AdvancedTomato.

I realize that some users may want to refer to some documentation. Myself, I had never bothered to look for any as the UI seems mostly explanatory to me. There are notes and various tips embedded in the AdvancedTomato interface. However, you might want to check out the TomatoUSB documentation and the TomatoUSB tutorials. There is also the Tomato Firmware Wikibook. Who knows, if there is enough interest, perhaps I can be convinced to write up some comprehensive documentation. 🙂

I hope you enjoyed this installation how-to.

March 22nd, 2016 update:

So, my router informed me that there is a new update for AdvancedTomato and I thought this would be a good opportunity to test out some comments that readers have been submitting. Thanks for the feedback!

A couple of people noted that they couldn’t access the CFE via the URL. I have verified that if  you changed your router’s IP from the default you will need to go the new address to access the CFE. e.g. if you changed the router’s IP to then go to to access the CFE.

I also found that the CFE startup is behaving differently now. I assume this is because when I initially wrote this howto I started with Asus firmware and now I have AdvancedTomato firmware. Although, I am not sure why this would cause a change, as I thought the CFE was hardcoded into ROM.

So, as per step 4 in this howto, I held down the reset button and powered on the router. After 20-30 seconds the power light went off. I then released the reset button and the router continued blinking the LAN and WAN leds and after a minute or so the power LED came back on. A few seconds later I was able to access the CFE from my custom router IP.

Well, what the heck, why not try and upgrade to the new AdvancedTomato firmware from the CFE? Since this version of AdvancedTomato is using a new version of Tomato by Shibby, it is highly recommended that you clear the NVRAM. So, since I was here, I used the Restore default NVRAM values from the CFE. The CFE reported that the command was successful but I still was at my custom IP address. Just to be safe, I rebooted the router via the CFE.

Sure enough, the router was reset back to the default IP of and still running the AdvancedTomato firmware but everything was back to default, including the login credentials. So, I rebooted back into the CFE, which still behaved as I noted a couple of paragraphs above. I then browsed to my new version of AdvancedTomato, whose md5sum I had already verified, and uploaded the new firmware via the CFE.

It took a little while to upload, but then I was notified the upload was complete, the router rebooted, and everything looks great!

Now, I just need to go back to reconfiguring my somewhat complicated router settings. It can be a little annoying to have to reconfigure all your settings, but I look at it as a good opportunity to see if there was anything that I might have wanted set differently. You might find screenshots, or printing to PDF files to be helpful to remember some settings, such as your port forwarding.

I also took this opportunity to try saving and restoring my router settings before and after I cleared my NVRAM. That seem to work fine. So, once you have reconfigured your router with the new firmware, it is probably worth making a backup of your configuration. I just wanted to jot all this down while it was fresh in my mind, now back to reconfiguring my router!

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.

Posted in Technical.

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.


  1. How to update advancedtomato to a newer Version (shibby is the same Version)

    Now: RT-AC68U-AT-ARM-3.0-132-AIO-64K (means advancedtomato 3.0, shibby 1.32)
    Update to RT-AC68U-AT-ARM-3.1-132-AIO-64K (advancedtomato 3.1, shibby same 1.32)

    I think directly over the router (Administration->upgrade)?
    No Need for erase NVRAM?

    Thank you,

  2. Hi Patrick,

    I upgraded my router yesterday. I did not clear my NVRAM and I used the “Administration->Upgrade” choice from the Advanced Tomato GUI. According to the Advanced Tomato website if you stay with the same Shibby version you should not need to clear the NVRAM. So, you should be OK to keep your NVRAM after the upgrade from 3.0 to 3.1 as Shibby is still version 132.



    • Hi Adam,

      That depends on your operating system. I would try doing a search for “assign static ip “. It is a pretty common task and there should be plenty of info out there for whatever your operating system happens to be.



  3. Hi Ted,
    Thanks for the guide.
    Encountered in only one problematic situation.
    My routers IP was (because I set it prev.)
    And couldn’t reach CFE at first.

    I testet the wifi speed for a bit, and I measured a significant speed decreasing with AdvancedTomato. I was able download/upload from/to my NAS around 37 MB/s with the ASUS firmware, bit now with tomato it is only 29 MB/s. I’m pretty sure, that I’m the noob for the correct wifi settings. ^^
    Do you have some advice for me?


    • I’m pretty sure that when you go into the CFE mode, the router’s address will be not any custom IP that you might have set. Did you reach the CFE through the address?

      You might see some decrease in the WiFi speed from the stock Asus firmware. I can’t recall where I read it, but I believe that the Tomato by Shibby WiFi drivers lag behind those of Asus. If I get a chance I will try and do some research and post back here.

      Let us know if you find anything out.

      For me, losing a bit of throughput is well worth the stability increase. The Asus firmware crashed for me on a regular basis. Whilst the Tomato firmware rarely has an issue. As of this comment my router has been up for 32 days without an issue and it gets very heavy use.



  4. Is it possible to upgrade from ‘regular’ Tomato by Shibby to Advanced Tomato using “Administration->Upgrade”?
    In case it is, will the configuration file from TbS work for Advanced Tomato?

    • Hi Erik,

      That is a good question. It seems like it could be possible, as I understand it, Advanced Tomato is a GUI that sits on top of Tomato by Shibby. However, the Shibby release often lags a bit with Advanced Tomato. I would guess if Advanced Tomato isn’t using the same release of Shibby that you are, I would do a NVRAM reset after upgrading and reconfigure your router. If it is the same version of Shibby, give it a go and let us know how it turns out.



  5. Hi Ted,
    Thanks for the answer.
    I tried for an hour, and gave it up. Next day, It came to my mind to try the gateway address, which was, because I set it before, and used the router that way. (All IPs: And it worked CFE that way.

    Another issue: Sometimes my laptop find the wifi (5.0GHz) slower than with ASUS fw.

    I am looking forward for the WIFI speed tune-up. 🙂

    Best Regards

  6. I’ve been trying flash advanced tomato and tomato and have the same issue with both.
    I tried using the CFE method as well as the restoration utility with the same issue both times.

    They both finish transferring and say completed.
    The utility goes on to do the restoration and says it’s completed and will reboot.
    – Then it never fully comes back. The power light stays on and the ethernet I’m plugged into will continue to show activity, but I can’t get to

    I’ve done this at least 8 times, waiting up to 60minutes on some of the flashes to see if it will finally boot up correctly. It seems to just be in a boot loop – resetting itself every 15-20seconds.
    When I ping I can’t reach the destination.

    I tried clearing the NVRAM after waiting using the wps button. It blinks rapidly like mentioned then reboots.. but no change.

    I tried newer and older versions of both AdvancedTomato, as well as Tomato by Shibby – same results every time.

    Using the CFE method gives the exact same results as with the Restoration utility

    Flashing back to Asus Stock or Merlin works fine – it boots up after flashing in about 1 or 2 mins and I can access the GUI with no issues.

    I just received my RT-AC68U from . It shows Revision C1 on the back.
    Could it be it’s a newer, unsupported revision?

    I would really love to get AdvancedTomato running on here- Any help is appreciated!

    • Hi Parker,

      Chris commented that this isn’t working on newer hardware versions. If you see Chris’s comment it looks like version C1 is not working. What hardware version do you have?

    • I had the same issue with HW revision B1

      You must buy RT-AC68U WITHOUT ANY H/W REVISIONS!
      If you have ANY H/W revision noted on package, Tomato will NOT WORK.

  7. UPDATE: I downloaded and flashed the latest DD-WRT without a problem.

    Seems to only be Tomato having an issue with this AC68U..

      • Ted,

        There is NO difference in installing AIO vs VPN! The process is identical.
        There is nothing to “TRY”
        If installing AIO works, then installing VPN SHALL work.

  8. Just a heads up, there is a new revision of the RT-AC68U router shipping now (version C1) that, as of 2016-06-15, does not have supported AdvancedTomato / Shibby Tomato versions available.

    If you do attempt to flash one of these versions via the CPE, it will never finish the reboot cycle; the “wireless” light at the end of step 3 never will come on. I tried uploading various firmware revisions from AdvancedTomato/Shibby builds with no success, and resetting NVRAM via CPE does not allow the firmware to boot. The router can be flashed back to the original firmware – I was able to successfully go back to Asus firmware .

    • Hi Chris,

      Thanks for the heads up. That is a real bummer. I wonder if Asus did that on purpose? Happy to hear that you didn’t brick your router and were able to go back to the original firmware. Have you tried any other third party firmware? If you or anyone has any further information on this, I would love to hear about it.

    • This answers my question, and explains the trouble I have been having. I can’t seem to access CFE rescue mode now after two failed attempts to flash AdvancedTomato. I do not have any Asus firmware saved. I presume I shouldn’t have any trouble downloading it and there is a rescue app as well? Thanks.

      • I didnt need to ask that, it was something I easily figured out on my own.. Thank God we can unbrick with the Asus firmware restoration utility. I’m back to the default firmware now. Attempted to flash DD-wrt using the restoration utility but that failed. Probably going to try from CFE. I’m just happy it’s no longer a fancy looking expensive paper weight.

  9. Thank you very much for this guide. I think it will be very helpful, but …

    As standard with updating software / Firmware. Wouldn’t you make a back up of your config (assuming there is a backup button) before doing anything?

    • There is a backup option for your configuration. It would probably be a good idea to do so, in case something went wrong and you wanted to go back to your previous version of firmware. Great advice, thanks!

      Unfortunately, after you upgrade Shibby versions, you will need to reset your NVRAM and reprogram your settings manually. But that is standard good practice for firmware upgrades on any system.

  10. How important is it to clear NVRAM after an upgrade? What function does it serve?

    I have an update available but with so many devices on my network I’d really hate to manually add it all again.

    • Yeah, I hear you. It really is a pain to have to reprogram everything again. I have a USB printer that requires a custom script to upload firmware to it. A number of port forwarding rules, DHCP rules, QoS, SSH keys, it goes on and on. I take screenshots to help me remember what everything was set to. If you have the same Tomato by Shibby version, you shouldn’t need to clear your NVRAM. The Tomato by Shibby version is after the “-“. So, if you upgrade from 3.1-136 to 3.2-136 then just the GUI is being upgraded and you should be fine. But going from 3.2-136 to 3.2-137 will upgrade to Tomato by Shibby v137 and you would be wise reset the NVRAM. The reason is that some firmware settings may have been added or removed or just changed formats. This could cause unexpected results. You could always try but be prepared for the possibility of some flakiness. This isn’t just with Tomato but with any firmware on any device for the same reasons.

  11. Hello, this seems to be interesting piece of software, but I’d like to ask you, if all services are available in advanced tomato when compare to default firmware. I mean, NFS / SAMBA and DLNA because I use AC68U as multimedia server to watch movies from USB 3 external disk. But I am not happy about performance of wifi so I’ve started look for new firmware to fix wifi issues.

    • Hi Lukas,

      I also have a USB 3 external disk on my router that is exported as an NFS share. It works great for me. There is a DLNA server that even supports Tivo. I had some issues with earlier versions of the DLNA server but that was quite a few versions back. I mostly use NFS shares for playing media as it seems to work better for me. There is SAMBA support but I haven’t used it in a while. But it worked when I did use it.

      This is the most feature rich firmware I have used and the most stable. I would say give it a try and see what you think. If you follow the guide you will always be able to go back to the stock firmware if you don’t like it, assuming you don’t brick your router, but I haven’t heard of anyone yet that has.

      Let us know if you do and what you think.



  12. Hi Ted, I have flashed the Advancedtomato on my Asus rt-ac68u router. The flashing was successful and I was able to access the Tomato admin page on However the router could not update DHCP. Then after setting up the wifi, and admin password I clicked Shutdown the router. Now I cannot access the admin page or recover the router from the CFE or Firmware Recovery. It seems like the router can not go on recovery mode. The power light flashes every 20 second or so in recovery mode. Is there a way to fix the issues? Thanks.

  13. Hi.
    I’ve just got the AC68E and it has the hardware revision E1. Does anyone know if the Advanced Tomato works for this revision?

  14. Hi Ted!

    Thanks for this great guide! I was able to install Tomato Advanced to my Asus RT-AC68U without any trouble. I configured and connected over the LAN and WLAN successfully. However, I am not able to get the router to pull configuration for the WAN from the modem. I am just using the DHCP option for WAN. I have done all of the normal power cycling and connecting and reconnecting the modem and the router, but the issue persists. I am connected using an old Linksys WRT-54G at the moment and it pulls the WAN credentials from DHCP without an issue. I can connect my Mac directly to the modem and it pulls it without an issue. I tried manually entering the WAN credentials pulled by my Mac and it still wouldn’t connect. It’s driving me nuts! My next step is to flash to Merlin and see if that does it, but I would much rather use Tomato.

    Can anyone help? Please? You don’t want to see a grown man cry, do you? 😉

    • Hi.

      I have the same isue on the Asus rt-3200 with version 140. With stock Asus firmware or merlin everything works ok. On tomato i cant get dhcp from my modem on wan. It drives me also nuts. Anyone got any idea whats wrong?

  15. FWIW, Win 10 does have telnet.exe available. It isn’t installed by default, but you can add it by right-clicking the Start menu and going to Programs and Features. In the left window pane, click “Turn Windows features on or off”. Scroll down to “Telnet Client”, check mark it, and click OK. No reboot needed, and no 3rd party downloads needed.

  16. Hi. I want to give this a try but never tried this. I’m trying to set it up as a repeater but my ac68u won’t connect to my to my main 5ghz network. I have no problems with 2.4. Do you know why this is? Thanks.

  17. Hi Ted,
    I was excited about the router and I bought a Asus RT-AC68U today.
    Then I noticed the comment on that “Hardware Rev C1 is not supported!”. Checked back of my router, guess what it says H/W ver: C1.

    Has anyone flashed router with this H/W version? Is there a way to do it?
    You help will be appreciated.


  18. hello, i doubt anyone can help me, but my router seems to have soft bricked(possibly corrupted nvram?) i get no dhcp address and i cant connect with my old gateway address, i cant via any button combo i can wrap my mid around stick it in recovery mode, any other options you can think off?

    • Put router in restore mode: power off, hold down reset button and while holding it press power button, release reset button when power LED starts blinking slowly. connect to router via ethernet, restore official ASUS formware, and FORGET Tomato!
      (unless you want to waste 6 hrs of your day, like I did).

  19. Hi I posted a comment which was deleted I have Asus RTAC 68U Rev E1 can I flash tomato I tried 4 times the flash was successful but router won’t reboot just power light and Eth port1 on no ip on router

  20. Hello,

    I am using the following device and Firmware and was looking to do a Firmware update on it.

    Router: Asus RT-AC66U
    Current Version: 1.28.0000 MIPSR2-123 K26AC USB AIO-64K

    I’m curious why there is no mention of just using the “Administration\Upgrade” feature to perform these Firmware update tasks? On my router I have a “browse” button that when clicked allows me to pick the firmware file sitting on my computer hard drive. Then there is an “Upgrade” button next to that that I could click on. Lastly, there is a check box that talks about doing an NVRAM reset after the Flash task is finished.

    So I guess my question is this. Is there a reason why one couldn’t just do the Firmware Update entirely via the Web GUI using the options I mention above? Is there a reason why all these other steps are being used instead (ie..downloading ASUS Utility, Power Cycling, Pressing buttons and holding..etc..etc).

    I’m sure there is something I am missing here but whatever that reason is I don’t know.

    Thanks for any info you can provide

  21. I despise AsusWRT on my AC68U, especially the bloated & ugly Web GUI. Tomato is more stable and has a much nicer interface. I really hope Shibby releases a Tomato build that supports H/W Rev ‘C’.

  22. Same question as “Miki” above:
    I have an ASUS RT-AC68U with the hardware version E1.
    Will the AdvancedTomato work with this hardware version?

  23. I have an ASUS RT-AC68U with the hardware version E1.

    I tried to flash it with Advanced Tomato, both with ASUS flash utility and with Broadcom CFE Web Server, but the router won’t boot and keeps reloading.

    At the following link I found that rev. E1 and rev. C1 share the same CPU. Since rev. C1 it is not compatible with advanced tomato (see tomato shibby website) , I think that rev. E1 is not compatible too.

  24. I inadvertently upgraded my ASUS RT-AC68U router to Tomato when I didn’t want to do that. Was happy with ASUS firmware.

    However, now that I did that, I can’t figure out how to do what was easy before, make my router act as a repeater.

    Previously, I had simply selected the option “Repeater Mode” and then was provided a list of routers to connect to, I selected that router and entered credentials. Rebooted and all was well.

    Now with this daunting Tomato (where did they ever come up with that name anyway?!) I haven’t a clue.

    Seems it can’t be that hard, but intuitively I’ve tried everything, and nothing will connect. I’m using Windows 7 Pro BTW. In “Network & Sharing” it shows the ‘world’ icon meaning that internet is available, but when I click on that the browser opens and can’t find Google.

    Would you please be so kind to assist me on how to have what I did before this vegetable entered my life?


    • You could always flash your router back to the Asus firmware if you like. Google “tomato repeater” and you will get quite a few hits. Under Network->Wireless you will find what you are looking for.

  25. I flashed the latest Asus Merlin on my RT-AC68U successfully. After using it awhile I want to try advanced tomato. My question is do I need to flash back to standard ASUS firmware before I flash advanced tomato? Should I simply use the CFE method outlined in the above tutorial? Any help on this would be appreciated.

    I noticed it does not appear that the USB share function supports USB 3.0. The only options in the USB setup tab seems to be USB 2.0. Is that that case it will only run at USB 2.0 speed?

    • Hi Don,

      I believe you would be fine using the CFE method. Can’t say that I have done it, but I can’t see any reason it wouldn’t work. Be sure you clear the NVRAM. I am currently running v3.4-138 AIO-64K and I have USB 3.0 support.

  26. I recently bought A2 version of RT-AC68U. It was a new unit. I was made an offer I could not refuse 🙂 (very cheap). Before I even configured it for first use I flashed it with the newest Merlin build trough the Asuswrt GUI. Merlin started working well after some tweaking. Then I decided to give AdvancedTomato a try since I’ve used it on my old Tenda N6 router. I flashed Tomato by Shibby (an older single WAN build first after reading about possible problems with newer multi WAN builds) with Asus firmware restauration utility. Before I successfully flashed to Tomato from Asuswrt Merlin, I cleared NVRAM using the method with holding WPS button for ~15 seconds, while turning the unit on. After the first successfull flash to Tomato, I cleared NVRAM again from Tomato GUI, before flashing the newest multi WAN version of Tomato. Then I flashed the newest AdvancedTomato from Tomato GUI without clearing NVRAM. After flashing to AdvancedTomato I cleared NVRAM again, before configuring AdvancedTomato. I was not happy with the results. I liked Merlin more (it was faster, and it had most if not all the options I’ve used in Tomato on my old Tenda router) so I reverted back to Merlin (used Asus firmware restauration utility once more) after a couple of days of fiddling arround with Tomato. IMHO for this router Merlin = FTW.

  27. Incredibly well written article! I wish I’d found it earlier! I spent most of last weekend getting DD-WRT and Tomato on an Asus RT-N12 D1. After many hours of searching online and trial and error I finally got it working by doing what is layed out in this article.

    • The truth is it does not work ANYMORE!

      DD-WRT took me 2 minutes to install – it was a JOKE to install it.
      Advanced Tomato/Tomato install + retries took ~6 hours of my time – it did NOT WORK. the router was put in perpetual BOOT cycle.


  28. I’m just getting onto the whole “Unplugged Cable” train. So I don’t have a Linux computer, yet. One thing at a time. But, during my researching about going to “Unplugged Cable” route, that’s when I came across the whole Tomato Firmware for an ASUS RT-AC68U Wireless Dual-Band Router I purchased a year ago when I had a different ISP. Anyways, to make a long story short… I used a Windows 10 64-Bit computer to update the firmware on my ASUS RT-AC68U Wireless Dual-Band Router and I had to do some different steps to get it updated than what your instructions said to do. I loaded the AdvancedTomato Firmware Version 3.4-140 on my ASUS RT-AC68U Wireless Dual-Band Router. Works Great! Here are the steps that I had to perform to get it to work using a Windows 10 64-Bit computer if anyone is interested.

    1. Before You Do Anything To Your Router, Make Sure You Save A BackUp Of Your Router Config And Download The Following Files First! I recommend having another router setup while you update this router offline so you have access to the internet if you need it. If not, then head my original advice…

    2. Download ASUS RT-AC68U Firmware Version, under Firmware, the ASUS Firmware Restoration Tool Version under Utilities from the ASUS Support Website, Click on the – Symbol or the Firmware link to expand All the listed Firmware for the ASUS RT-AC68U Wireless Dual-Band Router, scroll down to version, which will be the last Firmware listed, and then click on the Global Link to download. Then download the ASUS Firmware Restoration Tool version under Utilities. As you did on the Firmware link, clink on the – Symbol or the Utilities link to expand All the listed Utilities. Scroll down to the ASUS Firmware Restoration Tool version, then click on the Global Link to download. Next go to the AdvancedTomato website and download the AdvancedTomato Firmware Version 3.4-140,, if you haven’t already done so. One last thing, you will need to Download Putty,, so you can Telnet into the Router. Remember where you downloaded these files. You will need to know where they are located in step 3. They should be in your downloads folder Once you have these files downloaded, continue to Step 3.

    3. After downloading the files in Step 2, you will need to unzip the files from the ASUS website. You won’t have to unzip the file from the AdvancedTomato website or the Putty file for the Putty Website. Look for the following file names in your Downloads folder:,, tomato-RT-AC68U-AT-ARM-3.4-140-AIO-64K.trx, and putty-64bit-0.70-installer.msi.

    Unzip the the first 2 files. The last file is already in the correct format so you don’t need to do anything to it. Then, I suggest creating a folder called ASUS RT-AC68U Firmware Update so you have all the files in one place that you need to update the ASUS RT-AC68U. Put the first 3 files in this folder. You don’t need to put the Putty file in this folder unless you want to.

    4. Now, turn on your Router if you don’t have it turned on and remote into it using the web interface. If you just purchased it, the IP Address should be, otherwise, it is whatever you set it too. Save your configuration settings because you are going to have to reset it back to factory defaults so you can load the AdvancedTomato Firmware. If your not worried about saving any configurations settings, just reset it back to factory defaults like I did since I wanted to start from scratch because it had information from my old ISP configured in my Router. Once it boots back up, it will require you to reset the password. Make it something easy. You will need this new password once you reload the Router with the ASUS Firmware to connect to the Web Interface to verify that the ASUS Firmware has been loaded.

    5. Install the ASUS Firmware Restoration Tool on your computer by running the Rescue.exe file that you Downloaded in Step 2. Also, install Putty on your computer by running the Putty MSI Installer file.

    6. Put the Router in Rescue Mode by holding the Reset Button while the power is off. Turn the power on, and when the Power LED starts to blink slowly, release the Reset Button. The ASUS Firmware Restoration Tool will not work unless the Router is in Rescue Mode. Now start up the ASUS Firmware Restoration Tool and go to Step 7.

    7. Once the ASUS Firmware Restoration Tool comes up, it is ready for you browse for the Firmware you want to load. Click Browse, navigate to the ASUS RT-AC68U Firmware Update folder that you created in Step 3.

    8. Now double-click or select the ASUS Firmware and click Open. Then click Upload. This will upload the ASUS Firmware. Once it finishes, your Router should reboot.

    9. Go to the web interface and put in the IP Address,, of the Router. It should ask you for the user name, admin, and the password, whatever you set it to in Step 4, to login and verify that the ASUS Firmware has been loaded.

    10. Repeat Step 6., put the Router in Rescue Mode, then Restart the ASUS Firmware Restoration Tool, Repeat Step 8, now selecting the AdvancedTomato Firmware. Once it finishes loading, the Router will reboot.

    11. You will need to Telnet into the Router using Putty which you should have downloaded in Step 2 and installed in Step 5. Start Putty. Use the SSH Button and put the Router’s IP Address,, in the Blank Field Above the Radio Buttons. Click Open.

    12. Use “root” as the username and “admin” as the password to Telnet into the router. Type the following, mtd-erase2 nvram, and hit Enter to clear the NVRAM. Then type “reboot” to reboot the router.

    13. Go to your web browser, type in, you should get a prompt for the user name and password. If you don’t, wait a minute or 2, then type “root” and “admin” again. The AdvancedTomato Web Interface should now come up for the router.

    I apologize for the long message, but I’m just trying to prevent anyone else from going through the frustrations I went through. Now on to doing more research on how to setup the router for Secure VPN and Live Streaming.

    • Hi Alan,

      Thanks for sharing. A couple of observations.

      You don’t need the ASUS Firmware Restoration Tool if you use the built-in Broadcom CFE which also does not require Windows. Still, it is a good idea to have it available, if needed.

      I’m not sure why you initially flashed the ASUS firmware when you were just going to replace it with Tomato? Why not just flash Tomato?

      I have used Putty for years, and it works great. However, if you don’t want to install a 3rd party application you can enable the native Windows telnet client. It is under Control Panel–>Windows Features.

      You can also look at my “Clear the NVRAM” section for a method using just the router.

      Happy you were able to get Advanced Tomato working and thanks for your comment.


    • YES YES !!!!!!
      THAT IS EXACTLY WHAT HAPPENS! Read my comemnt further below.

  29. I have merlin firmware now and I would like to upgrade to Tomato shibby. I have an asus ac1900 router. The Firmware version I downloaded is RT-AC68U-AT-ARM-3.4-140-AIO-64K.trx. I am hoping that I can flash my router with this firmware. If I can is there a way that in the GUI you can see network activity?

  30. Just installed advancedtomato on the triband Asus RT-3200 and one of the 5Ghz networks seem to not work with v1.40 of the firmware. It isnt’ broadcasting a SSID.

    Anyone else have this issue?

  31. I got a new Asus RT-AC3200, and I tried flashing AdvancedTomato on it using the methods described here. I checked the integrity of the downloaded .trx AIO version file and everything, but now when I power it on, it goes into a boot loop with the LEDs flashing every 30s or so. I cannot acsess the CFE while the router’s in recovery mode (from Linux or Windows), nor does the Asus restoration utility work. Any ideas? I tried tftp on linux, but it said “no such file or directory.” I used TFTP32 on Windows, and it said it transfered the stock firmware file. (I am trying to restore it to stock because I know it works). I let it encode, then restarted it. No change. CMD was not able to ping the router either (reply from host: destination unreachable) while it transfered the firmware file.

    I bought Asus rt-ac68u, thinking(!!!!!) that these instruction are good.
    They are not.
    You will not be able to flash the router.
    When you install AdvanceTomato or Tomato, the router will be placed in PERPETUAL BOOT MODE. It will simply start rebooting continuously. You will not be able to access ANYTHING.
    The only way to go back to Asus formware is to go into restore mode and load official Asus firmware.

    After HOURS trying to make things work I decided to install dd-wrt. Results?

    Total time installing AT and Tomato, including retries: ~6 HOURS. Results: Does NOT work.

    Total time installing dd-wrt, including retries: 2 MINUTES. Results: WORKS.


  33. I’m so glad I didn’t get the E1 version… good to hold horses and google first. looks like tomato has been abandoned reading shiby’s last comment so now am not even sure whether bother about tomato as packages with critical security patches might not get even updated on previous hardware it’s working on…

  34. I followed instructions in this article and had troubles getting to CFE mode. I tried this numerous times. Sometimes i got to the CFE page, but as soon as I started uploading I got page unavailable. I was using Chrome browser on Win 10. Then I tried Internet Explorer and CFE page was always there. Except, when I accessed via Chrome, because every time i did this, it broke CFE for IE too. I had to boot again to CFE to get it working again in IE. From IE I uploaded AdvancedTomato and “reset nvram” with telnet. I had to use “root” for user name as Alan J mentioned. Didn’t realize that telnet have different username. Took some trial and error, but finally I have got a nice GUI with lots of great features on my router. Thanks guys!

  35. I have a T Mobile AC1900 (basically an ASUS AC68u)
    I have been running ddwrt on it: DD-WRT v3.0-r36840M kongac (09/03/18)
    Can I simply upgrade using ddwrt interface?

  36. I have tried several times to install Advance Tomato on my Asus AC-RT3200 to no avail. After flashing the router gets stuck in a loop and reboots every 45 seconds or so.
    You cannot use Asus restoration utility, period. The Broadcom web based lets you flash the router but it does not take. I also read where Asus will not allow any third party based firmware to install on the newer routers, don’t know if how true this is, but I do know I cannot flash my 3200.

  37. Hi

    Since several years, I ran my router with the open source firmware of Tomato
    (Firmware 1.28.0000 -122 K26ARM USB AIO-64K). Recently, I experimented some performance issues on my LAN recently and starting to look for a new version.
    I found in Advanced Tomato website this firmware RT-AC68U-AT-ARM-3.5-140-AIO-64K.trx. Do you think, I can upgrade directly from my current version using the Web interface Administration > Upgrade ?

  38. Hi Ted,

    I have an Asus RT-AC3200 router but bricked it following this procedure EXACTLY. Now my router won’t even boot to the cfe.

    ping shows nothing.

    Any ideas?

  39. hello I am trying to flash my RT-ac68u and haven’t done it before and also want to make sure I get up to date firmware, do you know which file to download?

  40. I also have an Asus RT-AC3200 router that is now bricked after following the procedure.
    I can not get into rescue mode, let alone ping

  41. Hi Ted I successfully upload tomato-RT-AC68U-AT-ARM-3.5-140-VPN-64K.trx to my asus RT AC68U but after 3-5 min my router is just keep on rebooting and not loading the tomato firmware, did I do something wrong I just followed your instructions….
    Can you give me some advice about this…..
    Thank you very much in advance

  42. I was able to do this on my Asus RT-AC68P. But I had to hold down the WPS,WIFI on/off, & reset buttons while turning it on. And then when it started flashing really quickly. let go of all but the reset button and then when it started flashing slowly, I let go of the reset button and was able to login to the CFE web site and install tomato.

  43. Hello Ted, please help me understand what’s going on. I have a new RT-AC68U H/W E1. I can’t upload tomato via Asus GUI due to error msg: Invalid Firmware Upload.
    I can’t upload tomato via CFE miniWeb Server – it drops connection after 26%.
    I could tftp a tomato, but it does not boot after that.
    I could tftp an ASUS latest .trx and it works!
    Which means they have a secret mark in their .trx and the router checks if it is there.
    Do you know how I can flash a tomato to this router?

    • Hi Victor,

      I’m not sure about the later hardware versions, but it wouldn’t surprise me if Asus has done something to block Tomato.

      Maybe try a different browser, in case that might be causing problems?

      If someone else posts an answer, I’ll be sure and approve. it.

  44. Hi,
    It seems that I have bricked my new RT-AC3200 trying to upload AdvancedTomato firmware tomato-RT-AC3200-AT-ARM7-3.5-140-AIO-64K.trx. I initially tried using the CFE Webserver approach as suggested, but it would not come up. So then changed paths and went with the ASUS Rescue utility. I successfully upgraded the router to use the latest ASUS firmware, then tried everything a second time using the same method/tool, rolling the firmware back to an earlier version using the Rescue utility. My goal was to first validate the approach using ASUS firmware and Rescue utility. So far, so good.

    Next, I tried updating the router to AdvancedTomato. It’s a fail—AND—it seems I can’t roll the change back either. I’m pretty certain it’s bricked. The power light stays on continuously, and the 5 LAN/WAN LED’s (4-LAN & 1-WAN) flash on once every 15 seconds. When I do a IP scan, I don’t see any active IP addresses. In this case, as I understand it, there is no way to unbrick it (change the firmware) except via the serial port. Can someone confirm?

    Last question, via searches, I noted that 10 months ago there was an exchange between @Tracker1 and @AnonymousCoward on Reddit indicating that ASUS is now blocking installation of third party firmware, to insure no one changes the transmit level. Supposedly, this is being done to insure that the router’s transmit levels are less than the maximum level mandated by the FCC. Has this been confirmed?

    This exchange of comments, on blocking third party firmware, seems weird, to me, as I see new (very recent) versions of firmware, DD-WRT, Tomato, AdvancedTomato, etc, available at multiple websites. This lead me to think that there must be some way, or tools to change a RT-AC3200’s firmware… Maybe they are using an older version of the Rescue utility –or—maybe the bootloader in this unit has code to block third party firmware, or??? Any ideas, or am I stuck using the OEM firmware only, assuming I can unbrick it via a serial port download?


  45. Hi Ted,
    Thanks for the guide. It was really useful. 🙂
    I just bought an ASUS RT-AC68U router HW v. E1 and tried to program different versions of TomatoUSB (Shibby) and Advanced Tomato AIO variant following your video, but none of them worked for me. I used both Firmware Restoration tool and CFE Web Server, both from Rescue mode and I got the same result: none of the Tomato FW started properly. Meaning no response to ping on IP or direct http connection to the same mentioned IPv4. Also both Wi-Fi leds remained off.
    When I program back ASUS FW by using any of above mentioned tools, the router started working again.
    I cleared NVRAM by using WPS button at start-up, but the result was the same.

    Is there any chance that ASUS added signature verification of their FW?
    or Do you have any recommendation?

    Thank you. 🙂

    PS: FW used during my tests:

    TomatoUSB (Shibby):

    Advanced Tomato:

  46. I solved the issue by programming the following Fresh Tomato FW image: freshtomato-RT-AC68U-ARM_NG-2020.3-AIO-64K.trx

Leave a Reply

Your email address will not be published. Required fields are marked *