The following article is a detailed how-to on flashing an Asus RT-AC68U router with the AdvancedTomato web interface using the Tomato by Shibby firmware.
When my venerable Linksys WRT54GL Wi-Fi Wireless-G Broadband Router finally died, after many years of faithful service, I began searching for a new router. I finally settled on an ASUS (RT-AC68U) Wireless-AC1900 Dual-Band Gigabit Router. After having used this router for a year now, I am happy to report that I am very pleased with its performance and usability. One of the reasons that I initially chose this router was Asus’s custom ASUSWRT firmware and web user interface.
ASUSWRT was originally based on the open source Tomato router firmware project, which I also ran on my WRT54GL. Since ASUSWRT utilizes GPL source code, then under the GPL, Asus is required to release the source code for ASUSWRT. You can find the ASUSWRT source code on their support site. While I really liked all the features and the web interface that the ASUSWRT firmware provided I soon became disgruntled with how buggy the firmware was.
Being a hacker I downloaded the source code and began perusing it. One of the bugs I had run into was with the OpenVPN client functionality. It didn’t take me very long to find a typo in the code. Trying to report the bug to the Asus developers took a lot longer. Asus frontline support was reasonable, but trying to communicate with anyone above the tier one level proved virtually impossible. Being a software engineer, I can appreciate protecting your backline developers from the onslaught of silly questions that support gets everyday. However, when it is a legitimate issue that needs to be escalated, then the engineers should hear about it. This compounded with various versions of the Asus firmware crashing at least once a month, gave me the motivation to find another firmware for my router.
I considered the ASUSWRT-MERLIN firmware which is also released under the GPL. But when discussing this with a security consultant colleague, he suggested that I give the AdvancedTomato firmware a shot. And now six months later I am really glad that he did. So, what is AdvancedTomato? As the project describes on their website;
A router’s graphical user interface is the most important part of the system because most users are unable or unwilling to configure a router by any other means. Tomato comes with a dated web interface with the option to change the color scheme but for some of us that is not enough. The interface simply feels out of date, out of style and in need of an update. AdvancedTomato enables you to keep all of the features of Tomato by Shibby and also upgrade your router’s GUI to a clean and contemporary flat design. Users who demand a modern feature-filled firmware like Tomato deserve to explore those features using modern intuitive GUI like AdvancedTomato.
But what is Tomato by Shibby? Turns out that Tomato by Shibby is a project that is based upon the TomatoUSB project, which is a project based on the original Tomato project that I was running on my WRT54GL that I loved so much. You can still purchase a WRT54GL by the way and if you don’t need the newer wireless standards this is a great router. With AdvancedTomato I can have a modern web interface, with all the great features and more of Tomato and it is all free and open source. And I can have it all on a modern dual core ARMv7 processor! This is a great example of how open source projects evolve and fork!
When I originally flashed my new router with the AdvancedTomato firmware I followed this how-to but it didn’t quite work for me. Just today I tried to flash a brand new Asus RT-AC68U router for a client and once again it didn’t work out quite right for me. So, I thought I would write an up to date how-to on what I did to get AdvancedTomato flashed onto my new RT-AC68U. I haven’t tried this on other ASUSWRT routers but the process is probably very similar.
How-to Flash an Asus RT-AC68U with AdvancedTomato Firmware
Disclaimer: Flashing third party firmware on your router will void your warranty. It is possible to brick your router. You have been warned.
All of the how-tos that I have read instruct you to download the Asus Firmware Restoration Utility and install the AdvancedTomato firmware using it. As a Linux user this perturbs me as there is no Asus utility for Linux. But as a technical consultant I have many versions of Windows, Android, and OS X installed on different computers. So, I decided since all the how-tos used the Asus utility, I would try it as well, to lessen the odds of bricking my router.
It didn’t work. I was using a Windows 7 laptop with what was the latest Asus Firmware Restoration Utility at the time. I gave up and used the restoration utility to restore the latest ASUSWRT firmware and decided I would try again later. Interestingly, after I re-flashed my router with the ASUSWRT firmware all my settings were intact. Which was a clue to what went wrong in the first place.
A week later I made another attempt to flash the router with AdvancedTomato. Following the suggestion of a commenter on the how-to, after flashing the router with the Asus utility, I then telneted into the router and performed an NVRAM reset using the command;
Then I rebooted (power cycled) the router and everything worked as expected. Since then I have upgrade the AdvancedTomato firmware a few times via the AdvancedTomato web interface and I have been thrilled with the performance and stability of my router. It has never crashed once!
A client of mine has been having a lot of network and wireless issues. They have an older D-LINK router that is just plain flaky, so I purchased a RT-AC68U with the intentions of flashing it with AdvancedTomato.
I unboxed the client’s router, hooked it up to a Windows 10 box directly to LAN port 1, and installed the Asus Firmware Restoration Utility from the included factory support CD, and once again it didn’t work. I got the same issues I had before. The firmware upload would stall out during the upload and the router would reboot and put itself back into its’ new setup mode. I tried this 5 times and it failed at 13%, 74%, 72%, 79%, and 50% of the way through the upload respectively. I decided that was enough of that. The following is what I did instead, step by step, with explanations.
1. Download ASUSWRT firmware and Restoration Utility
The first thing you want to do is download a copy of the ASUSWRT firmware and restoration utility in case anything goes wrong so you can reinstall the factory firmware. The Asus Support CD that came with your router has a copy of the Firmware Restoration Utility or you can download one from the Asus support website.
You should also download the latest ASUSWRT firmware from the Asus support website. This is not included on the CD so you will have to download it.
If something goes terribly wrong, hopefully you can put the router into rescue mode and use the utility to restore a copy of the Asus firmware. Which is what I did the first time my AdvancedTomato installation failed. Please refer to the Asus router manual under the section Firmware Restoration for instructions on how to do this. If the Asus utility does not work for you, you can try following the method I describe further down for flashing the AdvancedTomato firmware.
2. Download and Verify AdvancedTomato Firmware
The next step is to download the AdvancedTomato firmware. You are probably going to want the latest version. You can download the firmware from the AdvancedTomato website, at the time of this writing you can find this for the RT-AC68U at this URL https://advancedtomato.com/downloads/router/rt-ac68u.
Transmission errors due sometimes occur, and you can’t have a single bit corrupted in your firmware installation. AdvancedTomato supplies MD5 checksums for their downloads, use them to verify your download. If you are using Linux simply run the command;
Compare the checksum result with that of the one listed on the AdvancedTomato website. If they do not match, download again and verify until they do. On Windows you can download the Microsoft Checksum Integrity Verifier tool and on OS X you can use the “openssl md5” command.
3. Prepare the Router for Flashing
- Make sure the router is switched off and then connect the router’s power supply.
- Disconnect all Ethernet cables, except for one, which should connect your computer to LAN port 1 on the router. If you have anything connected to the USB ports, it would be a good idea to disconnect those as well.
- Assign a static IP of 192.168.1.10 with a netmask of 255.255.255.0 to your computer.
4. Use the Broadcom CFE Web Server to Upload AdvancedTomato Firmware
Given the issues with Asus firmware utility, and as a Linux user I wanted an OS agnostic method of uploading the firmware, I used the Broadcom CFE to flash my router. To access the CFE we put the router into rescue mode. You will need something to press the recessed reset switch. I like to use the eraser on a regular old pencil.
- With the router powered off, depress and hold the reset switch on the back of the router with your pencil eraser.
- While continuing to depress the reset switch, power on the router.
- Continue to hold the reset switch until the power LED begins to blink slowly.
- Release reset switch, the router is now in rescue mode.
- Open a browser and go to http://192.168.1.1.
At this point you should see something like this in your browser;
Note: If you changed your router’s default IP, you will need to go to that address as opposed to the default IP of 22.214.171.124
Click the Browse… button and select your AdvancedTomato firmware .trx file then click the Upload button to begin transferring the firmware. This could take a while, just be patient. Wait at least 10 minutes before giving up.
Once the transfer is complete, you should see a screen like this;
Click the Continue link and the router will reboot. Go ahead and wait until the router completes its reboot. This might take a while, maybe as long as 5 minutes. When the wireless LEDs light up steadily the router should be booted up.
4. Clear the NVRAM
Clearing the NVRAM on the router appears to be a crucial step. As I noted before, the first time I installed the AdvancedTomato firmware I telneted to the router with the new AdvancedTomato firmware and issued the “mtd-erase2 nvram” command to clear the NVRAM. For some reason the HTTP interface did not work, but telnet did. I logged in with the default IP of 192.168.1.1 and the default credentials (user: root, password: admin). But as some OSes (Windows 10) does not have a built-in telnet client there is another way to do this on the router itself.
Although, the Asus manual states that reset button restores the system to its factory default settings, this has never worked for me. However, searching the Internet I have found a method that does work.
- Make sure the router has finished booting up, the wireless LEDs should be on and steady.
- Locate the WPS button the side of the router.
- Power off the router.
- Depress the WPS button. While continuing to hold the WPS button power up the router.
- Keep holding the WPS button until the power LED begins to blink rapidly. This could take as long as 30 seconds.
- Release the WPS button. The router should reboot when you do this.
This should clear the NVRAM and when the router boots up it should be ready to roll.
5. Configure and Enjoy your New AdvancedTomato Router
Wait for the router to finish booting up and then point your browser to http://192.168.1.1 and you should see something like this;
Woo hoo! You now have an Asus router running AdvancedTomato firmware!!! Take a look around, I think you will be really happy with all the cool features and the performance and stability of your ASUS (RT-AC68U) Wireless-AC1900 Dual-Band Gigabit Router running AdvancedTomato.
I realize that some users may want to refer to some documentation. Myself, I had never bothered to look for any as the UI seems mostly explanatory to me. There are notes and various tips embedded in the AdvancedTomato interface. However, you might want to check out the TomatoUSB documentation and the TomatoUSB tutorials. There is also the Tomato Firmware Wikibook. Who knows, if there is enough interest, perhaps I can be convinced to write up some comprehensive documentation. 🙂
I hope you enjoyed this installation how-to.
March 22nd, 2016 update:
So, my router informed me that there is a new update for AdvancedTomato and I thought this would be a good opportunity to test out some comments that readers have been submitting. Thanks for the feedback!
A couple of people noted that they couldn’t access the CFE via the http://192.168.1.1 URL. I have verified that if you changed your router’s IP from the default you will need to go the new address to access the CFE. e.g. if you changed the router’s IP to 10.1.1.1 then go to http://10.1.1.1 to access the CFE.
I also found that the CFE startup is behaving differently now. I assume this is because when I initially wrote this howto I started with Asus firmware and now I have AdvancedTomato firmware. Although, I am not sure why this would cause a change, as I thought the CFE was hardcoded into ROM.
So, as per step 4 in this howto, I held down the reset button and powered on the router. After 20-30 seconds the power light went off. I then released the reset button and the router continued blinking the LAN and WAN leds and after a minute or so the power LED came back on. A few seconds later I was able to access the CFE from my custom router IP.
Well, what the heck, why not try and upgrade to the new AdvancedTomato firmware from the CFE? Since this version of AdvancedTomato is using a new version of Tomato by Shibby, it is highly recommended that you clear the NVRAM. So, since I was here, I used the Restore default NVRAM values from the CFE. The CFE reported that the command was successful but I still was at my custom IP address. Just to be safe, I rebooted the router via the CFE.
Sure enough, the router was reset back to the default IP of 192.168.1.1 and still running the AdvancedTomato firmware but everything was back to default, including the login credentials. So, I rebooted back into the CFE, which still behaved as I noted a couple of paragraphs above. I then browsed to my new version of AdvancedTomato, whose md5sum I had already verified, and uploaded the new firmware via the CFE.
It took a little while to upload, but then I was notified the upload was complete, the router rebooted, and everything looks great!
Now, I just need to go back to reconfiguring my somewhat complicated router settings. It can be a little annoying to have to reconfigure all your settings, but I look at it as a good opportunity to see if there was anything that I might have wanted set differently. You might find screenshots, or printing to PDF files to be helpful to remember some settings, such as your port forwarding.
I also took this opportunity to try saving and restoring my router settings before and after I cleared my NVRAM. That seem to work fine. So, once you have reconfigured your router with the new firmware, it is probably worth making a backup of your configuration. I just wanted to jot all this down while it was fresh in my mind, now back to reconfiguring my router!