Skip to content

Latest commit

 

History

History
251 lines (180 loc) · 9.34 KB

README.md

File metadata and controls

251 lines (180 loc) · 9.34 KB

MyTomato (ARMv7 only)

TomatoUSB environment for Shibby or FreshTomato ARM v7 firmwares VPN version (kernel v2.6.36).

PayPal donate Bitcoins doante

Features

  • Install latest Entware version (Merge of Entware-ng-3x and Entware-ng)
  • Use of standard installation version (generic for kernel v2.6.36)
  • Prepare an environment for root user
    • bash (prompt, locale, colors, readline, bash on login, ...)
    • aliases for all Entware binaries installed (dynamically)
    • admin tools
    • PATH updated to prioritize binaries in /opt
    • code review of rc.unslung
    • add locales & timezone
    • auto restore the last NVRAM config saved on /opt
  • Project auto upgrade (Entware & GitHub)
    • get patch
    • new features
    • ARM-Extras modules downloaded automatically
  • P2Partisan v6.08
    • countries blocklists
    • usual blocklists
    • known addresses of TMG
    • code review
  • DNScrypt-proxy v2 (no DoH) (disabled for AIO firmwares)
    • DNS query monitoring, with separate log files for regular and suspicious queries
    • Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
    • Time-based filtering, with a flexible weekly schedule
    • Compatible with DNSSEC
    • ...
  • NVram sets
    • init script
    • shutdown script
    • USB mount/unmount for /opt
    • ...

Test on

  • Netgear R7000 (FreshTomato)

Install

Prepare your USB disk (mine is a 60Go SSD on USB 3.0)

You must create partitions before (fdisk /dev/xxx ?) ;-)

Replace /dev/xxxx by your device (ex: /dev/sda2)

For an USB key, you can use ext2, because this filesystem limits disk access in read and write (Journaling & Directory Indexing).

Seas personally, I prefer to use ext4, as long as I disable the journaling.

This allows faster read/write access, and increases the life of your USB device ;-)

  1. Prepare your SWAP and ext4 partitions

  2. Format the SWAP partition with the label SWAP (for size, 128M is sufficient)

    mkswap -L SWAP /dev/xxxx
  3. Format /opt partition as EXT4 with the label ENTWARE (minimum of 4Go)

    mkfs.ext4 -L ENTWARE /dev/xxxx
  4. Tuning the Ext4 filesystem (disable Journal, disable Directory Indexing, disable Ext4 Metadata Checksums, reduce 5% to 2% Reserved Blocks)

    tune2fs -o ^journal_data_writeback -O ^has_journal,dir_index,^metadata_csum /dev/xxxx
    tune2fs -m 2 /dev/xxxx
    e2fsck -Df /dev/xxxx

Install MyTomato

It is best to before perform an Erase all data in NVRAM memory thorough.

  1. Plug your disk on router

  2. Login in SSH

  3. Make sure you have a working Internet connection on your router

  4. Execute the installation

    Where FILESYSTEM can be ext2, ext3 or ext4 (default)

    export FILESYSTEM="ext4"
    wget -O - https://raw.githubusercontent.com/toulousain79/MyTomato/master/Install_From_Scratch.sh | sh
  5. At the end, you will get the following message:

    Please, adapt '/opt/MyTomato/root/ConfigOverload/vars' as you want...
    
    And, reboot your router...
    The reboot can take a while, so please be patient.
    
    Maybe adapt your LAN IP address... ;-)

    NB: Default IP address is 192.168.1.1

  6. It's time to fill in your variables

    vim /opt/MyTomato/root/ConfigOverload/vars
  7. Reboot

Availables commands

All the scripts present in /opt/MyTomato/root/SCRIPTs/ are accessible directly via the PATH.

  • USB_AfterMounting.sh
    • executed after USB /opt mounting
  • Services_Start.sh
    • executed by USB_AfterMounting.sh
    • start all services using /opt/etc/init.d/rc.unslung script
  • USB_BeforeUnmounting.sh
    • executed after USB /opt UNmounting
  • Services_Stop.sh
    • executed by USB_BeforeUnmounting.sh
    • stop all services using /opt/etc/init.d/rc.unslung script
  • Upgrade.sh
    • executed periodically every day
    • upgrade /opt/MyTomato/ via GitHub
    • update & upgrade OPKG packages

Personalization

To allow the update of MyTomato, some files (ex: config), are overchargeable.

If you modify the original files, you will lose your changes during an update of MyTomato.

Editable files are:

  • System

    • /opt/MyTomato/root/ConfigOverload/vars
    • /opt/MyTomato/root/ConfigOverload/.bash_aliases
    • /opt/MyTomato/root/ConfigOverload/.bashrc
  • DNScrypt-proxy v2 (default files)

    • /opt/MyTomato/root/ConfigOverload/dnscrypt/dnscrypt-proxy.toml (DNScrypt config file)
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/blacklists.txt
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/ip_blacklist.txt
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/whitelist.txt
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/cloaking-rules.txt
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/forwarding-rules.txt
  • DNScrypt-proxy v2 (generate-domains-blacklists)

    • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-blacklist.conf
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-blacklist-local-additions.txt
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-time-restricted.txt
    • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-whitelist.txt
  • P2Partisan

    • /opt/MyTomato/root/ConfigOverload/p2partisan/blacklists
    • /opt/MyTomato/root/ConfigOverload/p2partisan/blacklists-custom
    • /opt/MyTomato/root/ConfigOverload/p2partisan/greylist
    • /opt/MyTomato/root/ConfigOverload/p2partisan/whitelist

Additional services

P2Partisan (mass IP blocking like peerblock/peerguardian for tomato)

All ports of system services are dynamicly added to whitelist. (nvram show 2>/dev/null | grep 'port=')

And you can add more into /opt/MyTomato/root/ConfigOverload/vars.

P2Partisan - Config file

vim /opt/MyTomato/P2Partisan/p2partisan.sh

NB: Default values are acceptable

Blocklists

  • /opt/MyTomato/root/ConfigOverload/p2partisan/whitelist
  • /opt/MyTomato/root/ConfigOverload/p2partisan/greylist
  • /opt/MyTomato/root/ConfigOverload/p2partisan/blacklists
  • /opt/MyTomato/root/ConfigOverload/p2partisan/blacklist-custom

NB: Default values are acceptable

DNScrypt-proxy v2

DNScrypt-proxy - Config file

vim /opt/MyTomato/root/ConfigOverload/dnscrypt/dnscrypt-proxy.toml

You can generate your own blacklist.txt with in /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/.

Please, check Public Blacklists

Edit following files like you want to generate your final blocklist.txt:

  • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-blacklist.conf
  • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-whitelist.txt
  • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-time-restricted.txt
  • /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-blacklist-local-additions.txt

And, simply execute this:

Upgrade.sh
. /opt/MyTomato/root/SCRIPTs/inc/vars
cp -f "${gsDirOverLoad}/dnscrypt/generate-domains-blacklists/blacklists.txt" "${gsDirOverLoad}/dnscrypt/blacklists.txt"
/opt/etc/init.d/S09dnscrypt-proxy2 restart

NB: Default values are acceptable

Links