1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I configure Tomato for Remote Administration?

Discussion in 'Tomato Firmware' started by glen4cindy, Mar 30, 2010.

  1. glen4cindy

    glen4cindy Addicted to LI Member

    I am getting my son a WRT54G v 2.3 to load Tomato on, and to help him administer Tomato, I will have to be ablt to configure it from my house which is about 4 miles from his house which will require me to be able to do it over the internet.

    I have no idea how to configure Tomato how to do this. I know there is a check box and a port number that I can pick, but, I know nothing about SSH or any of those other things, nor do I know what I will need to put in my browser bar when it comes time to actually administer the router for him.

    He is not computer literate enough that I would be able to walk him through it, and I don't like the Linksys firmware enough to just leave it on the router.

    Thanks in advance.
  2. cariyawa

    cariyawa Addicted to LI Member

    After you install tomato:
    Go to Administration menu. Then should be able to see "Remote Access" has been disabled by default. Enable it, since that is what you want.

    Assuming you and your son do not in the same network, only way to remotely access the router is to register with a free dynamic dns service such as dyndns. Go to http://www.dyndns.com/ and get register for a free account.

    Now in your tomato firmware, go to Basic->DDNS. Select service(Eg: Dyndns) that you have already registered. Enter required information there(typically you need: username, password and host name selected when you create that free account).

    Typically in tomato, remote access port is set to 8080. So now you should be able to access your son's router from: http://<your host name>:8080. Make sure you put a strong password, because after you do that, router can be accessed from any where in the world :)

    Following is a link to get and configure tomato with dyndns.
  3. anik

    anik Addicted to LI Member

    Another way would be to set up and use a VPN

    Remember that if you set up an OpenVPN tunnel between your network and his, then if you configure both ends properly you'll be able to access his router just by going to the IP address, and there will be no way anyone from the outside can access it (provided you DON'T enable "Remote Access"). You could enable the remote access temporarily until you get the VPN tunnel working, but once you do, I'd turn it off.

    There is a four part series on setting up a Tomato-based router for OpenVPN that starts here. It may be a configuration that doesn't match yours exactly but there are several helpful tips here:


    The only thing wrong with that setup for your purposes is that it forces all traffic on the router LAN ports to go through the VPN tunnel, which is probably the opposite of what you want (since you probably don't want all his Internet traffic going through your Internet connection). So, your "route add" and "route del" statements, etc. would be quite different - basically you might only want to route traffic through the tunnel between your local networks (which implies that his router will be assigning local IP addresses in a different range than yours). I don't know how familiar you are with this sort of routing, but the ideal would probably be that all his traffic to the wide open Internet is NOT tunneled, but that traffic between your local subnets (INCLUDING your access to the LAN side of his router, allowing you to make configuration changes by going to the LAN side IP address) would be unrestricted.

    Just a thought if you want a totally secure system, not to mention the fact that if you have network shares at a specific IP address, he'd be able to access them by going to that IP address (possibly adding the port :139 at the end of the IP address if trying to use Samba networking) and you'd similarly be able to access his shares, though again perhaps only if you know the IP address of the host machine.
  4. zforum69

    zforum69 Addicted to LI Member

    Depending on your ISP you may actually get a static IP address. If that is the case you won't need a service like dyndns.

    I am personally uncomforatable allowing remote administration from anywhere on the Internet. If you have a static IP address you could allow remote administration from only your IP address, which is much more acceptable. If you have a dynamic IP address then I would use the VPN tunneling but it is more complicated to setup.


Share This Page