RouterTech Firmware v2.94
Version: v2.94 (20100818)
Author: RouterTech Development Team (thechief)
Other contributor(s): mstombs
Testers: Various RT staff & forum members
Category: Router Firmware
A list of compatible routers is available in our knowledge base. Please check this before even contemplating an upgrade and remember you should always ask in our forum if unsure. Also see the section below on backing up and compatibility.
Disclaimer & Warning
1. Flashing custom firmwares onto a router is not for novices, as the process may well "brick" the router.
2. You must not flash this firmware onto your router unless you are very familiar with the PC-Tool (or similar) and are competent in using it to un-brick a router.
3. Please take this warning very seriously. If you are not adept at recovering bricked routers, and if you are not familiar with the PC-Tool, then do not install this firmware!
4. Do not even consider installing this firmware without first reading all the documentation supplied with the firmware. If you fail to observe this, then you are entirely on your own.
5. Do not even consider installing this firmware without first running the Router Upgrade Checker (RUC) and following whatever counsel it gives. If you fail to observe this, then you are entirely on your own.
6. Do not even consider installing this firmware unless you have first backed up your router's bootloader environment (i.e., /proc/ticfg/env) to your hard disk. If you fail to observe this, then you are entirely on your own.
Backing up & Compatibility
For ease we recommend you run the Router Upgrade Checker - this will backup your environment, LED config, current config, default config, generate a recovery script for the bootloader environment, and tell you if your router is suitable for this firmware.
Before upgrading you must backup your router config as detailed above and reset to factory defaults.
Please remember to run the Router Upgrade Check BEFORE you upgrade!
If you choose to upgrade via the router's web interface, then you MUST observe the following
- First reset the router to factory defaults before trying to install this firmware.
- When upgrading via the web interface, (particularly for the 1350A wireless firmware) you must wait for at least 7 minutes for the new firmware to establish itself. Do not do anything to the router for at least 7 minutes from the moment the upgrade process starts, and do not interrupt the upgrade process.
- Once your router has been upgraded and be seen to be working you must reset to factory defaults again
The Router Upgrade Checker as described in the backup and compatibility section above can backup your LED config - if you use the Router Upgrade Checker then you can double-check the output by looking in the check*.txt file for data after the "/etc /led.conf" line.
Comprehensive Documentation and Frequently Asked Questions (FAQs)
While full documentation is included with every release of our firmware we have also made it available as a separate download below so you can take time to read it before even needing to download a firmware. The router upgrade and firmware FAQs are also hosted online HERE. We recommend you do this as it will give you a chance to properly familiarise yourself with the process and get every angle covered etc.
PC-Tool and repairing / unbricking
Please see this forum topic
Assuming your router is compatible, you just need to download the release that matches your router - if you have wireless and the Adam2 bootloader then you would download "Standard Wireless (Adam2 bootloader)".
1. dnsmasq amended for DNSSEC support - to conform to EDNS specifications, changed the default "edns-packet-max" to 4096 in conformity with RFC5625 section 4.4.3
2. Enabled config_filter in the kernel
3. Enabled GRE support in the kernel (wireless firmwares only)
4. mknod restored to the wireless firmwares
5. New script "block.sh" - to block a host (or redirect it to another IP)
6. New command "mjproxyn" - a version of mjproxy that supports non-standard SIP devices
7. Enabled mangle support for iptables in the kernel
8. New script "checkmargins.sh" - to check periodically the downstream (DS) and upstream (US) margins, and reset the connection (or optionally reboot the router) if either of them goes below a certain number (e.g., "setenv checkmargins.sh 1 30" - will check for the margins every 30 minutes)
9. New environment variable "min_margins" - to provide minimum acceptable DS and US for the checkmargins feature (e.g., "setenv min_margins 7 12" - means a minimum DS margin of 7, and a minimum US margin of 12). The defaults are set very low (DS=5, and US=10)
10. New environment variable "min_uptime" - to specify the minimum period for which the router must have been running before checkmargins should take any action (default=2 hours)
11. Busybox has been upgraded to v1.17.1
12. New command "dmesg" (wireless firmwares only) - prints any messages in the kernel buffer
13. The adam2-defragenv.sh script is now deprecated and will be removed from future firmwares. It should no longer be used. To defragment the adam2 environment, just run "setenv DEFRAG DEFRAG"
14. Some very important Adam2 kernel fixes
15. OpenDNS's "Family Shield" servers added to the extra_dns environment feature ("All", "OpenDNS", "FamilyShield", "Google", "UltraDNS", "DNSResolvers", or "BT"). You can set "extra_dns" to any of these, to a combination of them, or to "All", and you can use either their full names, or the first letter of their names - e.g., setenv extra_dns "F U D" - will select DNS servers from OpenDNS Family Shield, UltraDNS, DNSResolvers; setenv extra_dns "A" or setenv extra_dns "1" will select all of them
16. New environment variable - "force_dns" - (for pppoa/pppoe connections only) to force the DNS servers to be set to the ones specified. This is processed only when a WAN connection is acheived.
e.g., setenv force_dns 220.127.116.11 18.104.22.168. The new "force_dns" script does exactly the same thing and takes exactly the same parameters, but and should only be run after getting a WAN connection. Note that no check is made for whether the supplied DNS servers are valid or correctly formatted
17. New script - "force_dns" - see above
18. New script - "block_baddies.sh" - to block a large number of "bad" web sites, using the force_dns features and OpenDNS Family Shield servers for DNS, plus the adblock features for extra blocking. It takes an optional parameter ("--temp") - this tells the script to NOT make the blocking feature persistent (by making some entries in the environment - if no such entries already exist) - otherwise, the blocking features will be permanent until the relevant entries (force_dns and adblock) in the environment are removed. If the parameter "--block_thumbs" is supplied, then thumbnails from google image searches will also be blocked
19. New script - "block_baddies_undo.sh" - to undo what was done by block_baddies.sh (the router will be rebooted afterwards). To prevent this command being executed accidentally, you will need to give it the parameters: "--confirmed --proceeed". Any other thing, and it will not run
20. New script - "block_thumbs.sh" - to block thumbnails from google image searches
21. New environment variable - "block_thumbs" - if set to 1, it will block thumbnails from google image searches (pppoa/pppoe only)
22. New script - "freememory.sh" - to free up memory by stopping some services (the http server, USB, darkstat, wireless, SNTP, IPAccount, and the upgrader file)
23. New scripts - "setconf", "getconf", "unsetconf" - to set, read, and delete a configuration variable (in the RouterTech block of config.xml). The syntax is similar to setenv, getenv/printenv, and unsetenv. Note that any value written with setconf will be wiped out whenever the firmware is reset to defaults
24. New experimental support for OpenVPN (wireless and 4mb-flash non-wireless firmwares only) - thanks to TafnaSM. This support centres around a new script (openvpn.sh) and a few other new things. You can either run openvpn.sh manually and supply it with the required parameters, or use the new openvpn environment variable. The new environment variables "openvpn_bin_dir" and "openvpn_cert_dir" can also be used to specify the locations of the OpenVPN binaries and certificates/key files respectively. You will need to create certificate and key files for OpenVPN (see the "HowTo" file for information). Note that the memory overhead for running OpenVPN on a wireless firmware will be considerable. The OpenVPN binary itself (1.1mb in size) has to reside on the router's ram-disk, thereby using at least 1.1mb extra memory, and it also needs memory to run. You may wish to ensure that you are not also running too many other services at the same time.
25. New script - "openvpn.sh" (wireless and 4mb-flash non-wireless firmwares only) - to run OpenVPN with all the required arguments (with the 1350A wireless firmwares, it will also download the OpenVPN binaries from a network sharepoint, or the RouterTech repository into the router's ram disk, and extract and them before running). Run "openvpn.sh --help" to see the syntax.
26. New environment variable - "openvpn" (wireless and 4mb-flash non-wireless firmwares only) - set it to whatever parameters you wish to pass automatically to openvpn.sh on bootup, or set it to "--config". If set to "--config", then the firmware will read the parameters to be passed automatically to openvpn.sh on bootup from the "VPN" entry in config.xml. This VPN entry should be set with the setconf command.
For example, instruct the firmware to run OpenVPN automatically, you can run the following, or something similar:
setenv "openvpn" "--config"
setconf "VPN" "--sharepoint=//192.168.1.9/ovn --user=Joe --password=@2K --bin_dir=/smbfs/bin --cert_dir=/smbfs/config --key=./n1.key --cert=./n1.crt"
Provided you have your certificate and key files and all else in place, you are set!
If you want to use only the defaults (run "openvpn.sh --help") to see the defaults, all you need to do is to ensure that all the files are in the default locations, and set the openvpn environment variable to "1".
27. New environment variables - "openvpn_bin_dir" and "openvpn_cert_dir" - to specify the locations of the OpenVPN binaries and certificates/key files respectively (wireless and 4mb-flash non-wireless firmwares only) - you can simply use "--bin_dir" and "--cert_dir" at the command line to pass these locations to openvpn.sh. For wireless firmwares, supplying "inet" as the value of the "bin_dir" argument/variable will make the firmware to fetch the binaries from the RouterTech repository instead of the network.
28. New script - "openvpn_stop.sh" (wireless and 4mb-flash non-wireless firmwares only) - to stop OpenVPN, and clear its temporary files.
29. New environment variable - "block_icmp" - set it to 1 to provide extra security by blocking most ICMP packets (no NOT use this if you want to run OpenVPN).
30. New pptp daemon ("pptpd") - for creating pptp-based VPNs (wireless and 4mb-flash non-wireless firmwares only). This version is based on Poptop.
31. Bug fix in "getenv" (it was returning partial matches).
32. The start_httpd.sh script has been enhanced to take an extra (optional) argument: "--addr". If used, it should specify the IP address to bind the http server to (e.g., 192.168.1.1, or whatever). In this case, it will only be possible to connect to the router's web interface at the specified address. Alternatively, the IP address can be specified in the new environment variable: "http_addr".
33. New script: stop_httpd.sh - to stop the http server. This can free up extra memory.
34. New script: block_rebind.sh - to block DNS rebind attacks using iptables commands.
35. Further rationalisation of the DSP drivers means that the "low end" driver has changed from dsp/tiatm v6.2 (dsp62) to v7.0 (dsp70). In all versions of the firmware, dsp62 has been replaced with dsp70. DSP/tiatm v6.x are now "retired".
The links to our firmware require you to be registered and logged into the site to see and use them. This is to make sure we can provide you with support easily (in this forum) if you need it. When logged in they appear below this post.
Now also available to download via the forum when logged in
BE SURE TO READ ALL THE DOCUMENTATION IN THE FIRMWARE DOWNLOADS BEFORE TRYING ANYTHING WITH THIS FIRMWARE. Otherwise, YOU ARE ON YOUR OWN.