Upgrade your router firmware to ‘FreshTomato’
The Netgear Nighthawk r7000 is a router, switch and powerful Wi-fi access point in one unit and even in 2021, years on from when it was made it still offers your network a boost today.
For an introduction to modems and acquiring your own router see the footnote
With everything powered off, the R7000 router’s yellow WAN or Internet socket is connected with an ethernet cable to the yellow WAN or Internet port of your Internet service provider’s modem. The router-modem connection is different if you’re intending to use the R7000 for extra ethernet sockets (a switch role) and to gain the benefit of this powerful WiFi access point. In this different case you use neither Internet port on the modem or R7000 router – you use the same cable to connect regular, not WAN ethernet ports on each device.
Now connect your laptop to the R7000 router with another ethernet cable and browse to routerlogin.net and use the Setup wizard. Alternatively connect to the router’s wifi. If you prefer to use a phone/tablet, run the Netgear app to get set up. Ultimately you want to check that either the R7000 or the modem-router provide a DHCP service and not both. If the two devices are close to each other you might also turn off the WiFi on the Internet service provider modem-router.
THE FIRMWARE ON THE NETGEAR R7000
I am happy to assume that Netgear knows enough about networking to provide a really good result with the software that it builds in. So my starting point in changing Netgear’s software for something more flexible and powerful is to have created a working network. So for prudence sake fix this, then read on. As of 2021, FreshTomato is the actively supported alternative firmware whereas older software projects, such as Advanced Tomato or Tomato USB have been less actively updating.
HOW TO UPGRADE Netgear router FIRMWARE to FreshTomato / Tomato USB
You’ll find many routers in the list of supported hardware at FreshTomato so go there hoping to find yours. In the case of the Netgear R7000 you’ll need three firmware images. The safe advice is to flash the router back to a Netgear factory image, then to install an initial Tomato firmware image and then finally to install the latest version of the FreshTomato firmware on the Netgear R7000. In between these steps you must login to the router and reset it. During this half-hour process you may lose the connection or not have the correct password. It’ll work fine if the power is not interrupted. But I took no shortcuts so my procedure is a few steps longer.
Go to Downloads at FreshTomato and find the arm (not mips) section. In the folder Netgear R-series back to OFW download the original firmware file for the R7000 or your model. This will be the first file to flash, the second firmware is found in Netgear R-series initial files. The final firmware also carries the number of your router, a version number and AIO (all-in-one) freshtomato-R7000-ARM_NG-2021.5-AIO-64K. The larger AIO firmware has more features than the firmware labelled VPN. The R7000 has plenty memory to handle this. BTW the downloaded files need unzipping.
- Connect the router to your laptop (turn off WiFi) with an ethernet cable. If you’re having trouble connecting to the router, restart the laptop. The laptop’s ethernet connection settings should be bog-standard / default.
- If you’ve the factory-supplied Netgear firmware, power up and then reset the router using a paperclip in the reset hole for seven seconds. Login to your router (192.168.1.1.) via an Internet browser. Use the default login of user ‘admin’ and ‘password’. I followed a guide suggesting to use the admin panel to Reset to factory settings – no harm in doing that. Reboot and reconnect and login as before.
- If you’re already using custom firmware such as TomatoUSB login with your own credentials and go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect/refresh. Login with the default login (on Tomato the username is “admin” or “root” and the password is “admin”).
- Go to the router Administration section and look for Upgrade. Upgrade using the first downloaded Netgear R7000 file named R-series back to OFW. Reboot and reconnect/refresh. Use the default login of user ‘admin’ and ‘password’. If that fails, reset the router using a paperclip in the reset hole for seven seconds, let it reboot and then reconnect/refresh.
- Go to the router Administration section and look for Upgrade. Upgrade using the second downloaded Netgear R-series initial file named e.g. freshtomato-R7000-2021.5-initial-64K. Reboot and reconnect. Login with the default username “admin” or “root” and the password “admin”.
- Extra safe step if you’re not confident: go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect/refresh.
- Go to the Administration section of the FreshTomato panel and look for Upgrade. Use the third and last downloaded Netgear R7000 file named freshtomato-R7000-ARM_NG-2021.5-AIO-64K Reboot and reconnect.
- Go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect and login.
- For the sake of completeness these are two, quite old videos that may guide How to return to Netgear Genie and How to install FreshTomato
HOW TO START USING FreshTomato – what not to miss setting:
- name of the router – Basic > Identification. Also set the Time menu
- login name and password – Administration > Admin access.
- if you’re using the netgear router as an access point and switch you must disable DHCP and disable WAN port under Basic > Network. And as below, you can set a fixed IP address for the R7000; set the DNS to gooogle’s 22.214.171.124 or your router/gateway
- Set the wireless bands, channels and password. Use WPA2 Personal AES as the security in Basic > Network
- If you’re not using the WAN port (I’m not using the router to manage the WAN) you can recycle the WAN port as an extra Ethernet socket. Go to Advanced > VLAN. First uncheck the WAN socket entry in the WAN0 bridge. Then click OK, save and reboot. When the router comes back up check the WAN box, thus adding this ‘device’ to the LAN0 line. Then click OK, save and reboot again.
- The two step process seems to work and it avoids the error: Cannot proceed: one VID must be assigned to WAN. Early versions of Tomato had a simple check box to reuse the WAN socket.
The above settings make the R7000 work well. For hardcore configuration and features digest the wiki at FreshTomato wiki. The things you can do include:
- run the nginx webserver and store some webpages on the router
- control access to files stored on a USB stick plugged in the the router
- take over the PPOE login to the Internet normally handled by your modem
- spoof or change the Mac addresses on the router
- run a VPN so that all your Internet traffic is tunnelled and encrypted and kept private from your ISP. Change your home’s apparent location using the VPN.
- use DDNS to allow you to access your home network even if your IP address changes
- a developer might want to set a computer up as a DMZ where it’s totally exposed to the Internet.
- set up UPnP so that devices such as network cameras, speakers and TV are more easily found by apps.
- set up a VLAN, a LAN within your network which you want to keep separate or private or limit in some way.
- set up Virtual wireless channels where you have different SSIDs with different names and passwords
- set up a captive portal where guests connect and read a web page or agree to terms and conditions
- change the network lease time for some users preventing them from using resources at times
- block adverts from all traffic coming in
- allocate fixed IP addresses to devices so that they are more easily found on your network
- get logs of Internet bandwidth usage either as a whole or by individual device
- use WOL to wake up shutdown computers
- use various tools – ping and trace for testing connections.
- use a Linux command line with system commands such as SSH
- use wireless survey to test channel and wifi performance
Background – changing your router from the standard-issue device
Every Internet-connected home has a router that supplies a connection to the computers and devices we have. The router usually supplied with the broadband service is actually a modem, a router, a Wi-fi access point and switch in one compact unit. When things go awry, and they do, people like me go find something better. In my case, I bought a Netgear Nighthawk r7000 which is a router, switch and Wi-fi access point. It isn’t a modem (there’s no phone service or cable service socket) so I need to keep and connect it to the provider’s ‘Internet router’ and configure a few things inside. I might switch off the old router’s wifi; change its DHCP setting and configure my more powerful router to take on these roles. So in short, there’s more to do if you don’t have an all-in-one modem plus router. The Netgear app takes some of the load of setting it all up.The R7000 is still useful in 2021. I will sell the R7000 if I change to a mesh system or use WiFi 6 but neither of these are useful to me right now.