Firmware for TomatoUSB for ASUS RT-N16 router. Part 1

We remind you that attempts to repeat the actions of the author can lead to a loss of the guarantee for the equipment and even to its failure. The material is provided for informational purposes only. If you are going to reproduce the actions described below, we strongly advise you to carefully read the article to the end at least once. The editors of 3DNews are not responsible for any possible consequences.

Last time we were in general terms introduced to alternative firmware for routers. Now it's time to move on to practical actions and do something useful. For example, turn a router into a home NAS and torrent client with the ability to remotely add downloads, make a local printer network, configure remote access to your own file storage and so on. We will review the firmware of TomatoUSB for the ASUS RT-N16 router. On this page there is a list of supported devices with the types of firmware. Setting TomatoUSB for other router models in general terms is the same as the one below, but due to different hardware options, some things will be different.

⇡ # Preparation

The archive you need with the trx image can be downloaded here, in the Kernel 2.6 (experimental) section for MIPSR2 Routers, you must select the VPN link. To begin with, it is highly desirable to reset the router settings. This can be done either through a standard web interface, or hold down the WPS button (near the power socket) and wait for the power indicator to flash rapidly. After that, you can start flashing. TomatoUSB is installed through the firmware recovery utility, which can be downloaded from the official ASUS website. There you will need to go to the "Download" tab, select the appropriate version of Windows in the OS list and load the latest stable version (at the time of writing ASUS RT-N16 utilities in the utility section. The rest of the procedure for uploading an alternative firmware is the same as the one described previously (see the section "Preparations"). After TomatoUSB is poured, you should wait about five minutes, and then turn off and on again the power of the router. Oh yes, do not forget to return the automatic retrieval of IP addresses and DNS servers in the settings of the network card.

⇡ # Basic setting

Open the browser, drive into the address line, enter the login-password (by default, in both cases it's admin) and find ourselves in the web interface of Tomato. In the Basic → Network section, the basic network settings are configured – Internet connection, LAN addressing, DHCP and Wi-Fi. There is no point in dwelling on this in detail – everything is configured by analogy with any modern router (however, as elsewhere in Tomato). Do not forget to just enable encryption for Wi-Fi (Security – WPA2 Personal, Encryption – TKIP / AES, Shared key – password). Here, by the way, there is a very useful function. If you select a specific Wi-Fi (Channel) channel and press the Scan button on the right, the router will scan the air and determine if there is an access point nearby on the same channel and with a strong signal. If so, it is better to choose another channel to avoid degradation of the reception, or even switch to the auto-selection mode (Auto). At the same time in Basic → Time we configure synchronization with the NTP server by selecting the time zone and region.

Now go to the Port Forwarding → UPnP / NAT-PMP section and tick the Enable UPnP and Enable NAT-PMP checkboxes. The remaining settings for port forwarding in this section are standard. Proceed to the Advanced section. In the Firewall, enable the multicast, and in Routing, tick the box opposite Efficient Multicast Forwarding. This will allow us to normally watch IPTV. Also in this section you can register static routes, if those are required for your provider. In Wireless, the advanced parameters of the wireless module are configured. Here you can experiment with the parameters yourself, and you can limit yourself to the default settings only by selecting the desired region in the Country / Region list. In Miscellaneous, tick the Enable Jumbo Frames checkbox. In Conntrack / Netfilter, check all the checkboxes in the Tracking / NAT Helpers (FTP, SIP, RTCP and others). In MAC Address, you can set the MAC address of the WAN port (leave the current one, generate a random one, or copy the one from the current connected software) in case the provider makes it validate.

Finally, go to Administration → Admin Access and at the very bottom change the password to access the router (Password). This completes the basic configuration of TomatoUSB. Do not forget, after changing each parameter, to press the Save button at the bottom of the page to save and apply the settings. It is better to immediately decide whether you need remote access to the router from the outside. For example, for file sharing, Wake-on-LAN functions, adding uploads to the torrent client, viewing statistics, and so on. If the response is positive, then in the same section in Local Access select HTTP & HTTPS, put the check-box Save In NVRAM, and in Remote Access select HTTPS.

If torrent-client and other functions are not needed, you can immediately go to the NAS configuration. Otherwise, you need to configure access through SSH. In SSH Daemon, enable Enable at Startup, Remote Forwarding, Allow Password Login and click the Start now button. In Telnet Daemon, uncheck Enable at Startup and click Stop now. Finally, in the Limit Connection Attempts, enable SSH.

Download the PuTTY utility, run it and run it into Hostname root@ . On the left in Window → Translation, select UTF-8 in the list and return to the Session section. In the Saved sessions field, enter any desired connection name (for example, a router) and click Save. We close PuTTY, since we do not need anything from him yet.

⇡ # NAS Configuration

Obviously, we are interested in the USB and NAS section here. In USB Support, arrange the checkboxes as in the screenshot below. If you do not need support for additional file systems, you can remove the corresponding checkboxes. For example, you have only one external hard disk and formatted it in NTFS. Support for USB 1.1 is useful only if one of the devices is not detected by the router. Most often, printers suffer from this.

Now you can connect the drive and printer. In routers, where there is only one USB port, you can usually use the simplest USB hub. Devices should be automatically determined. The drive itself is mounted in the folder / mnt / tom_name . Remember the mount point. The name of the partition is shown in the list of connected devices (see screenshot) – Partition 'name_name'. In our case, this will be sda1 . Here and below, this value will be used as an example. In your case, the label will most likely be different. Pay attention to another very important point – any indication of the path is case-insensitive. If we have, for example, a folder on the drive named "Primer", the path to it from the point of view of the router will be the same / mnt / sda1 / Primer .

There are two options for accessing files over the network: FTP and CIFS (NetBIOS). You can either use one of them or turn both on at once. For FTP, you can access from the outside. To do this, go to the FTP Server section and select Yes, WAN and LAN in the Enable FTP Server list. If access is allowed only from the local network, then select Yes, LAN Only. In the Public Root Directory, specify / mnt / sda1 that is, when the FTP connection is enabled, the entire contents of the drive will be available. You can create a folder system for different levels of access. For example, to enable anonymous access to the FTP server by selecting the Read and Write permissions in the Anonymous Users Access list and allocating a separate folder for such users. Let it be called pub then in Anonymous Root Directory it will be necessary to enter / mnt / sda1 / pub . With this setting, you do not have to enter your login and password, but only the contents of the pub folder will be available. It is not recommended to enable anonymous access to FTP if you allow access to the router from an external network (WAN).

Below are the settings for the maximum number of simultaneous connections to the FTP server in general and from the same IP address, as well as speed limits for anonymous and authorized users. It is recommended to check Limit Connection Attempts. In User Accounts, logins and passwords for accessing the server, as well as read and write permissions, are registered. After entering these, click the Add button.

The second option is via NetBIOS. It is configured in the File Sharing section. Select the desired option in the Enable File Sharing list. Either without a password (Yes, no Authentication), or with the login and password (Yes, Authentication required), which you have to enter in the appeared fields User Name and Password. The name of the workgroup is set in the Workgroup Name field, and in the Client Codepage list, you must select 866 (Cyrillic / Russian). The option Auto-share all USB Partitions is better to switch to the Disabled mode, and opposite the Master Browser and WINS Server to tick (depends on the configuration of your local network, such as the presence of a domain). The default root $ folder from Network Shares List is best removed by clicking on the small red X on the right. Now add the network folder. The Share Name field specifies its name, and in Directory the path to it (similar to the FTP setting). Access Level indicates the access level. After making the settings, click Add.

The last option, Media Server, provides DLNA access to media files on the drive devices that support this protocol (XBOX, PS3 and so on). Turn on the media server (check Enable), select Custom Path in the Database Location, and drive in the field to the right / mnt / sda1 / dlna . Put the checkboxes Scan Media at Startup and Rescan on the next run. The included option Strictly adhere to DLNA standards means that the media server will strictly adhere to DLNA standards – this is required for correct operation of some devices. Media Directories adds folder paths that contain media files. The Content Filter parameter allows you to specify the type of files in the folder: video, image or audio.

⇡ # Setting up the network printer

It should be noted right away that not all printer models can work normally on the network. First, make sure that the printer is connected to the USB port of the router and turned on. As an example, we will consider setting up under Windows 7, but for earlier versions of this OS (up to 2000) the process is similar. In the control panel go to the section "Devices and printers", click "Add a printer". In the window that opens, select "Install local printer" and click "Next."

Then select "Create a new port", specify "Standard TCP / IP port" in the list and click "Next" again.

Here in the first field it is suggested to drive the IP address of the printer, and in this case the router ( In the second field, enter the name of the printer (any) and click "Next."

Windows will unsuccessfully try to establish communication with the printer, which will take several minutes.

In the "Device type" section, select "Special" and click the "Settings" button.

In the "Protocol" section select Raw, and in the "Port Number" specify 9100 and click OK, and then click "Next."

Finally, the standard printer driver installation dialog box appears. If the model you want is in the list, then select it. Otherwise, click "Install from disk …" and specify the path to the driver. Well, as usual, click "Next" and "Finish."

Setting DDNS

Using dynamic DNS, you can access the router from the outside, that is, not only from the local network. This works only when the provider issues a dynamic external IP when connected, and does not "hide" you for all kinds of NAT and proxy. We use the capabilities of the DynDNS service. You can create two DDNS-domains for free. Register in the service if you do not have an account yet, and go to it. Click here Add Host Services.

In the Hostname field, enter any suitable domain name (for example, tomatorouter ), and in the list on the right we select any domain (for example, dyndns- ip. com ). In the Service Type, specify Host with IP Address and click the link below. The current location's IP Address is xx.xx.xx.xx. At the bottom of the page is the Add To Cart button. Click on it. In the next step, choose Proceed to checkout and Activate Services.

In the web interface of the router go to Basic → DDNS and select either Use WAN IP Address or Use External IP Address Checker (every 10 minutes) in the IP address list. The Auto refresh every field is set to 1 (instead of 28 by default). In Dynamic DNS 1 from the Service list, choose DynDNS – Dynamic. In the Username and Password fields, specify the name and password that were used when registering with DynDNS, and in Hostname we specify the name of the newly created DDNS domain (in our example it will be tomatorouter. dyndns- ip. com ). Finally, put the Save state when IP changes (nvram commit) and Force next update checkboxes, and then click on the Save button.

Now the router will always be accessible from the outside by the DDNS name. If you enabled availability via WAN for the web interface of the router, then you can go to it at https: // ddns_name: 8080 / (in our example this will be The browser is likely to swear at the incorrect certificate, but this message should be ignored. The FTP server is accessed in the same way – ftp: // ddns_name: 21 / (for example, .

⇡ # Setting up Optware

We came to the most interesting and responsible part – the installation of Optware. With it, you can easily extend the capabilities of the router (and many other devices) by installing many programs. First of all, you need to enable JFFS2 file system support. To do this, go to Administration → JFFS, put a tick in front of Enable and press Save. Then press Format / Erase … and wait for the operation to finish. After that, in the Execute When Mounted field, enter

mount -o bind / jffs / opt / opt

and click Save again. The ASUS RT-N16 has 32 MB of Flash memory. This volume should be enough for our needs. For further configuration, we need to connect via SSH to the router. Launch PuTTY, double click on the previously created connection (see above) and enter the password in the opened console, which is the same as the password for the web interface. Here we need to consistently enter the following commands (or copy each line to the clipboard, and then just right-click in the PuTTY window and press Enter):

 mkdir / jffs / opt 

mount -o bind / jffs / opt / opt

wget -O / tmp /

sh /tmp/

ipkg-opt update

ipkg-opt install nano

Here one unpleasant feature was found out – wget in this assembly of the firmware turned out to be unusually falling (right up to the Segmentation fault). What specifically he did not like these or those URLs, is not entirely clear. In particular, the problem manifested itself when downloading the script. If the URL above does not work, then Google can search for alternative links to this file. The blessing "rolls" he much where. As a "shamanism" try to remove www. in the reference.

The installation of the packages is done with the following command (just above, we installed the text editor nano)

ipkg-opt install package_name

The deletion is done with the command

ipkg-opt remove package_name

To search for a string in the name and description of the package, enter

ipkg-opt list | grep search_query

In this way, you can easily find packages of interest for us by keyword or make sure that the package you need is available for installation. Do not forget also periodically, for example, once a month, to update the installed programs.

 ipkg-opt update 

ipkg-opt upgrade

Setting up the torrent client Transmission

Transmission is a relatively lightweight client for BitTorrent networks. Its beauty is that it is quite easy to install and configure, and also has a built-in web interface for managing downloads. Let's do a simple installation procedure:

ipkg-opt install transmission

Then you need to make the first run to form a directory structure with configuration files …

/ jffs / opt / bin / transmission-daemon -g /mnt/sda1/Torrents/.config/transmission-daemon

… and immediately complete it:

killall transmission-daemon

In this case, / mnt / sda1 / Torrents is the folder where files will be uploaded in the future. In it, in the hidden directory will also lie configs. Editing them with the team

nano /mnt/sda1/Torrents/.config/transmission-daemon/settings.json

In this file we need to change the following lines:

"download-dir": "/ mnt / sda1 / Torrents",
"peer-port": 51000,
"rpc-enabled": true,
"rpc-password": " password ",
" rpc-port ": 9091,
" rpc-username ":" username ",
" rpc-whitelist ":" * ",
" rpc-whitelist-enabled " : true,

Let's examine the parameters to be changed: download- dir is the folder where the files will be uploaded peer- port to which will be attached the syds rpc- password and rpc- username is the password and login for access to the Transmission control accordingly. The password will be encrypted after the next start. Next: rpc- port is the port through which the client is managed, rpc- whitelist- enabled — включение (true) или отключение (false) списка разрешённых IP-адресов из rpc-whitelistс которых можно управлятьTransmission. Если вы планируете удалённо добавлять закачки, то можно указать в rpc-whitelist значение * или присвоить rpc-whitelist-enabled значение false вместо true. В противном случае можно задать диапазон разрешённых IP-адресов в виде «192.168.1.*» или просто перечислить их: «, 192.168.1.*,». После внесения всех изменений нажимаем F2, затем Y и Enter. Теперь снова можно запустить Transmission знакомой командой

/jffs/opt/bin/transmission-daemon -g /mnt/sda1/Torrents/.config/transmission-daemon

Откроем в браузере адрес Введём логин и пароль, которые были указаны в rpc-username и rpc-password и окажемся в веб-интерфейсе Transmission.

Однако гораздо удобнее управляться с закачками с помощью стороннего клиента для Transmission. Их очень много, в том числе и для мобильных ОС. Один из наиболее понятных называется Transmission Remote GUI. Есть версии под Windows, Mac OS X и Linux. Скачайте его, запустите установщик и поставьте галочки как на скриншоте ниже. Первая опция ассоциирует torrent-файлы с этим клиентом, а вторая перехватывает magnet-ссылки. Таким образом любые закачки из BitTorrent будут добавляться в Transmission.

При первом запуске программа попросит ввести параметры соединения. В поле «Узел» надо будет указать IP-адрес роутера, в поле «Порт» вбить 9091, а в «Пользователь» и «Пароль» ввести те же данные, которые используются при авторизации в веб-интерфейсе Transmission.

Всё, теперь можно пользоваться Transmission Remote GUI. Интерфейс программы очень похож на популярный torrent-клиент uTorrent.

Нелишним будет пробросить порт. В Port Forwarding → Basic добавим новое правило. Proto выставляем в Both, в Ext Ports и Int Ports указываем 51000 (порт, что был в peer-port), а в Int Address — (IP-адрес роутера). Поле Description заполняем на своё усмотрение и нажимаем Add, а затем Save.

Теперь нам надо сделать так, чтобы Transmission автоматически запускался при подключении накопителя к роутеру и автоматически же выключался при отключении. Только учтите, что все закачки в таком случае будут поставлены на паузу. Направляемся в USB and NAS → USB Support и в поле Run after mounting вставляем следующие строки:

killall transmission-daemon 

/jffs/opt/bin/transmission-daemon -g /mnt/sda1/Torrents/.config/transmission-daemon

А в поле Run before unmounting всего одну строку:

killall transmission-daemon

Наконец, последний штрих. Если будет надобность в удалённом добавлении закачек в Transmission (например, чтобы к приходу с работы уже скачался новый фильм), то в Administration → Scripts на вкладке WAN Up надо будет ввести нижеследующую строку и нажать Save. Доступ к веб-интерфейсу из внешней сети можно будет осуществить по адресу http://ddns_имя:9091/ (например,

iptables -I INPUT -p tcp –dport 9091 -j ACCEPT

Теперь для проверки можно перезагрузить роутер (пункт Reboot…). Если всё было настроено правильно, то через минуту-другую после перезапуска заработает веб-интерфейс Transmission или любой другой клиент.


Итак, мы рассмотрели установку прошивки TomatoUSB на роутер ASUS RT-N16, а также настроили NAS с доступом по FTP и NetBIOS и установили torrent-клиент Transmission. Если все инструкции были выполнены аккуратно, то у вас всё должно заработать. В принципе, на этом можно было бы остановиться, так как перечисленных возможностей роутера должно хватить большинству пользователей. Во второй части этого материала будет рассмотрена установка и настройка некоторых других дополнительных опций.

Продолжение следует…

Если вы заметили ошибку — выделите ее мышью и нажмите CTRL+ENTER.

Leave a Reply