Connect Tomato router over WiFi to public VPN WiFi and keep local WiFi & LAN behind NAT?

1

I want to use my Tomato based router as a WiFi gateway to the outside world, but also use the internal WLAN SSID.

The reason is that I have a couple of devices that I do not want to connect to the outside WiFi world directly: I want to have them behind NAT.

I know I could do this with an extra access point on the LAN0..LAN3 ports or a WiFi CLIENT device that connects to the WAN port, but I don't want to add extra hardware.

What steps should I take to make this kind of setup:

+----------------------------------------+
| WiFi access provider                   |  (for instance FON)
+----X-----------------------------------+
     ^
     |  SSID X (remote WiFi network)
     v
   Wireless Interface eth1
+----X-----------------------------------+
| Tomato 1.28 based router               X WAN port (not connected)
| Asus RT-N66U                           X LAN0 port br0 (not connected)
|                                        X LAN1 port br0 (not connected)
|                                        X LAN2 port br0 (not connected)
|   NAT                                  X LAN3 port br0 (not connected)
+----X-----------------------------------+
   Wireless Interface eth2
     ^
     |  SSID Y (local WiFi network)
     v
+----X-----------------------------------+
| Devices not having LAN connection      |
+----------------------------------------+

Jeroen Wiert Pluimers

Posted 2013-06-04T21:22:17.737

Reputation: 2 373

It might not be possible to mix "Wireless Client" with "Virtual Access Point" after a reboot of the router in the Shibby TomatoUSB build that is needed for the ASUS RT-N66U, as it fails on the RT-N16: http://tomatousb.org/forum/t-576470

– Jeroen Wiert Pluimers – 2013-06-05T07:17:20.950

It is possible to do this without NAT: http://forums.smallnetbuilder.com/showthread.php?t=8195

– Jeroen Wiert Pluimers – 2013-06-05T08:05:55.087

It looks like with TomatoUSB, I need two devices http://www.linksysinfo.org/index.php?threads/wireless-client-and-access-point.32640/#post-161039 OpenWRT should be able to do it, but is not yet available for the N66U https://forum.openwrt.org/viewtopic.php?pid=201295#p201295 as the ticket is still open https://dev.openwrt.org/ticket/10852

– Jeroen Wiert Pluimers – 2013-06-05T08:30:07.950

DD-WRT supports this for broadcomm, but only if the public WiFi is using WEP or WPA2: http://www.dd-wrt.com/wiki/index.php/Repeater_Bridge

– Jeroen Wiert Pluimers – 2013-06-05T08:38:18.697

DD-WRT requires the 1.0.3 version of the CFE bootloader to support 64k NVRAM properly http://www.perkussionswartung.com/dd-wrt-on-the-asus-rt-n66u using this guide http://forums.smallnetbuilder.com/showthread.php?t=8259

– Jeroen Wiert Pluimers – 2013-06-05T08:53:11.653

When updating the CFE, do not forget to SCP the backup of the old CFE binary and save it somewhere safe: http://charleswilkinson.co.uk/2012/12/22/dd-wrt-on-the-asus-rt-n66u-with-64k-cfe scp root@192.168.1.1:/tmp/home/root/tmp/* .

– Jeroen Wiert Pluimers – 2013-06-05T09:01:24.963

A few firmwares (Asuswrt, Asuswrt-Merlin or Tomato) do not require the CFE update: http://forums.smallnetbuilder.com/showthread.php?t=8259&page=28 Tomato does not allow writing the CFE boot loader http://forums.smallnetbuilder.com/showpost.php?p=50065&postcount=69

– Jeroen Wiert Pluimers – 2013-06-05T09:19:31.543

Should try this: http://www.linksysinfo.org/index.php?threads/connect-tomato-router-over-wifi-to-public-vpn-wifi-and-keep-local-wifi-lan-behind-nat.68637/

– Jeroen Wiert Pluimers – 2013-06-08T07:17:19.983

No answers

Asked: 2013-06-04T21:22:17.737

Viewed: 852 times

Active: 2013-06-05T10:32:27.557