Upgrade your router firmware to ‘FreshTomato’
The Netgear Nighthawk r7000 is a router, switch and powerful Wi-fi access point in one unit and even in 2021, years on from when it was made it still offers your network a boost today. I would sell the R7000 if a mesh system or Wifi 6 would help me but neither of these are useful to me right now.
The reason to change your free ISP router for a bought one
Every Internet-connected home has a router that supplies connections to the devices we have. The router supplied with the broadband service is often a modem, a router, a Wi-fi access point and switch in one compact unit. When things go awry, and they do, people like me go find something better. So I bought a Netgear Nighthawk r7000 which is a router, switch and Wi-fi access point. It isn’t a modem (there’s no phone or cable service socket) so I still need to keep and connect it to the internet provider’s ‘Internet router’ and configure a few things inside. I might switch off the old router’s wifi; turn off its DHCP setting and then configure my more powerful router to take on these roles. So there’s more to do if you don’t have an all-in-one modem plus router. The Netgear app takes some of the load of setting it all up.
Connecting up your new fancy router
With everything powered off, the connect the fancy R7000 router’s WAN or Internet socket with an ethernet cable to the WAN or Internet port of your Internet service provider’s modem.
Don’t do this if you intend to use the R7000 to gain the benefit of this powerful WiFi access point or use it as a switch to gain extra ethernet sockets or make use of its software features. In this different case neither Internet port on the modem or R7000 router is used. You use the ethernet cable to connect together the regular, not WAN, ethernet ports on each device.
Now with another ethernet cable connect your laptop to the R7000 router and browse to routerlogin.net and use the Setup wizard. Alternatively connect to the router’s wifi. If you prefer to use a phone/tablet, run the Netgear app instead. Ultimately you want to set things so that either the R7000 or the modem-router offers a DHCP service and not both. If the two devices are close to each other you might also turn off the WiFi on one of them. Do you need two transmitters in the same spot?
THINKING ABOUT CHANGING THE FIRMWARE ON THE NETGEAR R7000
I am happy to assume that Netgear knows enough about networking to build in really good software. If you want to change Netgear’s software for something more flexible I suggest that you get your network working well. For prudence sake fix your network, then upgrade the router.
As of 2021, FreshTomato is the actively supported alternative firmware for the Netgear R7000. Other alternatives such as Advanced Tomato or Tomato USB have less active updating.
HOW TO UPGRADE Netgear router FIRMWARE to FreshTomato / Tomato USB
You’ll find many routers in the list of supported hardware at FreshTomato so go there hoping to find yours. In the case of the Netgear R7000 you’ll need three firmware images. The advice is to flash the router back to a Netgear factory image, then to install an initial Tomato firmware image on the Netgear R7000 and then finally to install the latest version of the FreshTomato firmware. In between these steps you must login to the router and reset it. During this half-hour process you may lose the connection or not have the correct password. It’ll work fine if the power is not interrupted. I took no shortcuts so my procedure is a few steps longer.
Go to Downloads at FreshTomato and find the arm (not mips) section. In the folder Netgear R-series back to OFW download the original firmware file for the R7000 or your model. This will be the first file to flash, the second firmware is found in Netgear R-series initial files. The final firmware also carries the number of your router, a version number and AIO (all-in-one) freshtomato-R7000-ARM_NG-2021.5-AIO-64K. The AIO firmware is larger, has more features than the firmware providing just a VPN. The R7000 has plenty memory to handle the larger firmware. The downloaded files will need unzipping.
- Connect the router to your laptop (turn off WiFi) with an ethernet cable. If you’re having trouble connecting to the router, restart the laptop. The laptop’s ethernet connection settings should be bog-standard / default.
- If your router uses the factory-supplied Netgear firmware, power up and then use a paperclip in the reset hole for seven seconds to reset the router’s NVRAM. Login to your router (192.168.1.1.) via an Internet browser. Use the default login of user ‘admin’ and ‘password’. One guide suggested to use the admin panel to ‘Reset to factory settings’ – there’s no harm in doing that too. Reboot and reconnect and login as before.
- If you’re already using custom firmware such as TomatoUSB login with your own credentials and go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect/refresh. Login with the default login (on Tomato the username is “admin” or “root” and the password is “admin”).
- Go to the router Administration section and look for Upgrade. Upgrade using the first downloaded Netgear R7000 file named R-series back to OFW. Reboot and reconnect/refresh. Use the default login of user ‘admin’ and ‘password’. If that fails, reset the router using a paperclip in the reset hole for seven seconds, let it reboot and then reconnect/refresh.
- Go to the router Administration section and look for Upgrade. Upgrade using the second downloaded Netgear R-series initial file named e.g. freshtomato-R7000-2021.5-initial-64K. Reboot and reconnect. Login with the default username “admin” or “root” and the password “admin”.
- Extra safe step if you’re not confident: go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect/refresh.
- Go to the Administration section of the FreshTomato panel and look for Upgrade. Use the third and last downloaded Netgear R7000 file named freshtomato-R7000-ARM_NG-2021.5-AIO-64K Reboot and reconnect.
- Go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect and login.
- For the sake of completeness these are two, quite old videos that may guide you How to return to Netgear Genie and How to install FreshTomato
HOW TO START – what not to miss setting on FreshTomato:
- name of the router – Basic > Identification. Also set the Time menu
- login name and password – Administration > Admin access.
- if you’re using the netgear router as an access point and switch you must disable DHCP and disable WAN port under Basic > Network. And as below, you can set a fixed IP address for the R7000; set the DNS to google’s 22.214.171.124 or your router/gateway (eg 192.168.1.1)
- Set the wireless bands, channels and password. Use WPA2 Personal AES as the security in Basic > Network
- If like me you’re not using the WAN port (I’m not using the router to manage the WAN) you can recycle the WAN port as an extra Ethernet socket. Go to Advanced > VLAN. First uncheck the WAN socket entry in the WAN0 bridge. Then click OK, save and reboot. When the router comes back up check the WAN box, thus adding this ‘device’ to the LAN0 line. Then click OK, save and reboot again.
- The above two step process seems to work and it avoids the error: Cannot proceed: one VID must be assigned to WAN. Early versions of Tomato had a simple check box to reuse the WAN socket.
The above settings make the R7000 work well. For hardcore configuration and features digest the wiki at FreshTomato wiki. The things you can do include:
- run the nginx webserver and store some webpages on the router
- control access to files stored on a USB stick plugged in the the router
- take over the PPOE login to the Internet normally handled by your modem
- spoof or change the Mac addresses on the router
- run a VPN so that all your Internet traffic is tunnelled and encrypted and kept private from your ISP. Change your home’s apparent location using the VPN.
- use DDNS to allow you to remotely access your home network even if your IP address changes
- fault find by setting a computer up as a DMZ where it’s totally exposed to the Internet.
- set up UPnP so that devices such as network cameras, speakers and TV are more easily found by apps.
- set up a VLAN, a LAN within your network which you want to keep separate or private or limit access to guests in some way.
- set up Virtual wireless channels where you have different SSIDs with different names and passwords even though they use the same radio channels
- set up a captive portal where guests connect and read a web page or agree to terms and conditions
- change the network lease time for some users preventing them from using resources at times
- block adverts from all traffic coming in
- allocate fixed IP addresses to devices so that they are more easily found on your network
- get logs of Internet bandwidth usage either as a whole or by individual device
- use WOL to wake up shutdown computers
- use various tools – ping and trace for testing connections.
- use a Linux command line with system commands such as SSH
- use wireless survey to test channel and wifi performance