I'll also mention I'm currently working on a port of Tomato64 to the gl.inet flint2 (gl-mt6000). Something I haven't announced anywhere yet, though if you've checked out my repo you'll see it there.
My one gripe with Tomato is, unless I missed something, upgrading your firmware is kind of a pain. You have to go out to the website, find the image for the latest version for your specific model of router, download it and then go into the UI and flash it. They even suggest wiping NVRAM which clears all your settings (I never bothered with that and it worked fine for me). It would be nice if they just had a "click here to update" button, especially since keeping your firewall/router up to date is pretty important for security.
Could be a bug in Tomato or nvram issue within router although I didn't have this issue with other firmware.
Sometimes, though, there are network environments I'd like to implement which are difficult to configure through the webUI, but which would be relatively trivial from a Linux CLI. For example, I'd like to create an ESSID which is bridged to a tagged VLAN, but on which the router has no layer3 presence. Or, maybe I'd like to setup a wireguard link, but only send selective traffic down it using firewall marks and policy routing.
What I'd really like is a way to use the webUI to setup my initial base configuration, and then flip a switch to turn off the webUI, and implement further changes myself by editing configuration files on the device and calling out to shell scripts when needed to run "ip" and "brctl" commands.
Does anyone know if such a thing is possible with FreshTomato, OpenWRT, or something similar? Am I just thinking about this wrong?
You can access crontab, /etc/rc.local, init scripts, and add custom paths to be included in openwrt managed backups and restores.
It's reasonably flexible in enabling power users, rather than working against you.
It ensures you don't get locked out.
But I think I can answer your question.
These days, at least at home, I run OpenWRT on a Pi 4 (because it was cheap at the time).
I use its web interface for the usual mundane poking and prodding.
And when I want something special, I just add a simple startup script like I would have done on any other Linux box back when init systems were plain and dumb.
This same thing should also work on any other OpenWRT installation that has a writeable filesystem (instead of, eg, SquashFS).
And no, I don't think you are thinking of this wrong as a concept. It's a home network and not enterprise, and at the end of the day these things are all just Linux machines with a nice GUI. I think it is totally cromulent to mold them to your will.
Pfsense/opensense is easier when you have complicated routing needs, like multiple vlans with various split tunnels, etc.
It’s not 100% accurate, but imo if you want a short-hand you could say tomato is WiFi focused with routing support, and opensense is routing focused with WiFi support.
Is it that common for consumer routers to run x86_64 processors nowadays? Or is this meant to be run from a normal PC?
ime a usb wifi stick in a desktop computer will work as wifi-ap, but is somewhat janky because of the metal case (which is needed because em-interference from bus-clocks) and the wifi hardware having suboptimal provisions for ap-mode.
UPDATE:
"because we can" (was a stupid question)
no hard feelings; last used tomato ~20y ago on a wrt54gl
These functions are normally wrapped up in one box in the consumer space, but they're still very different functions.
And maybe I'm not doing it right, but I myself haven't used a combined router+wireless box in a fair number of years at home or at the shop.
I keep the wired networking+routing back end in one spot where it makes sense, and I keep the wireless access points where they make sense to provide good coverage where I need it.
My router just routes, and my wireless access points just provide wireless access.
---
So to answer your first question directly: This system lets people use the friendly Tomato system on any old (or new, or whatever) x86 hardware they have. It brings it out of the world of hacks[0] on cheap low-performance embedded Wal-Mart routers and lets a person use it for routing on a much more performant machine.
[0]: Not that those things aren't fun. I still have the first standalone router I ever bought -- a Linksys WRT54GS, with Tomato installed, and with an SD card hacked in using a card-edge connector from an old floppy drive cable for expanded storage.
New routers with faster CPUs to keep up with the increasing bandwidths are costing about $700. No way am I spending that kind of cash for a router, even if it has the latest Wifi.
Instead I bought a cheap $50 Dell from ebay with a quad-core i5 CPU, I installed DD-WRT x86 on it, I put in a cheap 4 x 1gbit ethernet card, and I bought a cheap refurb Wifi 6e router and use that only for the wireless functions. All-in it's about $200. Now I can keep the same main x86 router hardware and I can keep upgrading my internet speeds as well as upgrade the wifi externally whenever I find it necessary (and I can find a cheap wifi radio).
The DD-WRT maintainers were also very helpful (and in a timely way) when I requested they add a 2.5gbit NIC to the DD-WRT drivers, so now I have upgraded to a 2.5gbit network. And if I want to put in a 10gbit NIC someday, maybe they'll help out again. I know, I should move to something "more modern" than DD-WRT, but it suits my needs well for now, and someday I'll probably be moving to a different x86 based router software should DD-WRT not be able to keep up with my needs.
Being able to buy a "normal" computer and install tomato on it is a more attractive prospect for a lot of reasons.
it's a nice exercise but the power and space requirements in relation to the performance will generally not be favorable unless you are severely constrained in up-front budget
I love my Mikrotik devices so much that I'll never look back.
I'd look at openwrt and opnsense tables of supported hardware for 2.5/5/10gbps.
