upgrade your router firmware to ‘FreshTomato’

The Netgear Nighthawk r7000 is a router, switch and powerful Wi-fi access point in one unit and even in 2021, years on from when it was made it still offers your network a boost today. Changing the firmware, as explained below, adds versatility to the power. I would only sell the R7000 if a mesh system or Wifi 6 would help me but neither of these are useful to me right now.

why change your free ISP router for a bought one?

Every Internet-connected home has a router that supplies connections to the devices we have. The router supplied with the broadband service is often a modem, a router, a Wi-fi access point and switch in one compact unit. When things go awry, and they do, people like me go find something better.

So I bought a Netgear Nighthawk R7000 which is a router, switch and Wi-fi access point. I gained features and control that the ISP router didn’t offer.

The R7000 is an advanced device but isn’t an all-in-one modem plus router – there’s no phone or cable service socket so I still need to connect it to the internet provider’s one-piece ‘router’. I have yet to find everything in a box.

A downside is that I now need to configure a few things inside two boxes. I might switch off the old router’s wifi; turn off its DHCP setting and then configure my more powerful router to take on these roles. But while there is more to do there’s more that you can do with an R7000. Adding FreshTomato software adds yet more features such as a proper VPN client. I’ve listed those extra below under ‘what can I do now with FreshTomato‘.

get your fancy R7000 router working with your ISP modem

I will want the R7000 to gain the benefit of its powerful WiFi access point or use it as a switch to gain extra ethernet sockets or make use of its software features. For this you use an ethernet cable to connect a R7000 LAN port (not WAN) to a LAN (not WAN) port on your Internet service provider’s modem. In this case neither Internet port on the modem or R7000 router is used. Trust me.

Now with another ethernet cable connect your laptop to the R7000 router and browse to routerlogin.net and use the Setup wizard. Alternatively connect to the router’s wifi. If you use a phone/tablet, run the Netgear app instead.

However you do that, you want to set either the R7000 or the ISP modem-router to offer a DHCP service and not both. As the two devices are close to each other you might not need two wifi transmitters so you can turn off the WiFi on one of them. My choice would be to keep the R7000 wifi.

pause before changing the firmware on the NETGEAR R7000

I am happy to assume that Netgear knows enough about networking to make really good software. If you want to change the built-in Netgear software for something more flexible I recommend that you get your network working. So please pause, fix your network, and get the R7000 working as above, then upgrade the router.

how to change the Netgear router FIRMWARE to FreshTomato or Tomato USB FIRMWARE

As of 2021, FreshTomato is an actively supported alternative firmware for the Netgear R7000. You could instead install Advanced Tomato or Tomato USB following my notes, but as I look now, these have less active updating.

You’ll find many other routers in the list of supported hardware at FreshTomato so do go there hoping to find yours.

You’ll need three firmware images for the Netgear R7000. You must first flash the Netgear R7000 back to a Netgear factory image, then install an initial Tomato firmware image and then finally install the latest version of the FreshTomato firmware. Before and after each of these steps you will login to the router and reset it. During this half-hour process you may lose the connection or need to look up the correct password. But worry not as the process will work fine if the power is not interrupted. I take no shortcuts so my procedure is a bit longer.

Go to Downloads at FreshTomato and find the arm (not mips) section. In the folder Netgear R-series back to OFW download the original firmware file for the R7000 or your model. This will be the first file to flash, the second firmware is found in Netgear R-series initial files.

The third or final firmware can be identified by the number of your router, a version number and AIO (all-in-one) for example, freshtomato-R7000-ARM_NG-2021.5-AIO-64K. The AIO firmware is larger, has more features than the other firmware which provides just a VPN. So use the AIO as the R7000 has plenty of memory to handle this larger firmware. You’ll need to unzip all the downloaded files.

  1. connect the router to your laptop (turn off its WiFi) with an ethernet cable. If you’re having trouble connecting to the router, restart the laptop with the wifi off. The laptop’s ethernet connection settings should be bog-standard / default.
  2. if your R7000 router uses the factory-supplied Netgear firmware, power it up and then use a paperclip in the reset hole for seven seconds to reset the router’s NVRAM. Login to your router (192.168.1.1.) via an Internet browser. Use the default login of user ‘admin’ and ‘password’. One guide suggested to use the admin panel to ‘Reset to factory settings’ – there’s no harm in doing that too. Reboot and reconnect and login as before.
  3. if you’re already using some custom firmware such as TomatoUSB login with your own credentials and go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect/refresh. Login with the default login (on Tomato the username is “admin” or “root” and the password is “admin”).
  4. go to the router Administration section and look for Upgrade. Upgrade using the first downloaded Netgear R7000 file named R-series back to OFW. Reboot and reconnect/refresh. Use the default login of user ‘admin’ and ‘password’. If that fails, reset the router using a paperclip in the reset hole for seven seconds, let it reboot and then reconnect/refresh.
  5. go to the router Administration section and look for Upgrade. Upgrade using the second downloaded Netgear R-series initial file named e.g. freshtomato-R7000-2021.5-initial-64K. Reboot and reconnect. Login with the default username “admin” or “root” and the password “admin”.
  6. safe extra step if you’re not confident: go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect/refresh.
  7. go to the Administration section of the FreshTomato panel and look for Upgrade. Use the third and last downloaded Netgear R7000 file named freshtomato-R7000-ARM_NG-2021.5-AIO-64K Reboot and reconnect.
  8. go to Administration > Configuration > Restore Default Configuration > Erase all data in NVRAM. Reboot and reconnect and login.
  9. for the sake of completeness I’ll link to two, quite old, videos that visualises this process How to return to Netgear Genie and How to install FreshTomato

Did you know your Gigabit ethernet is shared? If one Gigabit ethernet cable runs to a 4-port switch you get 1/4 Gigabit per socket – so do try to avoid daisy-chaining your switches.


after installing FreshTomato change only these settings:

  • set the name of the router – Basic > Identification. Also set the Time menu
  • set login name and password – Administration > Admin access.
  • if you’re using the netgear router as an access point and switch you must disable DHCP and disable WAN port under Basic > Network. And as below, you can set a fixed IP address for the R7000; set the DNS to google’s 8.8.8.8 or your router/gateway (eg 192.168.1.1)
  • Set the wireless bands, channels and password. Use WPA2 Personal AES as the security in Basic > Network
  • if like me you’re not using the WAN port (I’m not using the router to manage the WAN) you can recycle the WAN port as an extra Ethernet socket. Go to Advanced > VLAN. First uncheck the WAN socket entry in the WAN0 bridge. Then click OK, save and reboot. When the router comes back up check the WAN box, thus adding this ‘device’ to the LAN0 line. Then click OK, save and reboot again.
  • the above two step process work for me and avoid the error: Cannot proceed: one VID must be assigned to WAN. Early versions of Tomato had a simple check box to reuse the WAN socket but this has gone.

The above settings make the R7000 work well.

what can I do now that I’ve installed FreshTomato

For hardcore configuration and features digest the wiki at FreshTomato wiki. The things you can now do include:

  • run the nginx webserver and store some webpages on the router
  • control access to files stored on a USB stick plugged in to the router
  • take over the PPOE login to the Internet normally handled by your modem
  • spoof or change the Mac addresses on the R7000 router (if your ISP or cable service is fussy)
  • run a VPN so that all your Internet traffic is tunnelled and encrypted and kept private from your ISP. Change your home’s apparent location using the VPN.
  • use DDNS to allow you to remotely access your home network even if your IP address changes
  • fault find by setting a computer up as a DMZ where it’s totally exposed to the Internet.
  • set up UPnP so that devices such as network cameras, speakers and TV are more easily found by apps.
  • set up a VLAN – this is a LAN within your network which you want to keep separate or private or limit access to guests in some way.
  • set up Virtual wireless channels where you have different SSIDs with different names and passwords even though they use the same radio channels
  • set up a captive portal where house or hotel guests connect and read a web page or agree to terms and conditions
  • change the network lease time for some users preventing them from using resources at certain times
  • block adverts from all traffic coming in
  • allocate fixed IP addresses to devices so that they are more easily found on your network
  • get logs of Internet bandwidth usage either as a whole or by individual device
  • use WOL to wake up shutdown computers
  • use various tools – ping and trace for testing connections.
  • use a Linux command line with system commands such as SSH
  • use wireless survey to test channel and wifi performance

Leave a Reply

Your email address will not be published.