1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Separate wireless connection

Discussion in 'Tomato Firmware' started by The_Unknown, Nov 14, 2007.

  1. The_Unknown

    The_Unknown Network Guru Member


    i'd like to know if there's a way to create a 2nd wireless connection, keeping the 1st encrypted and the 2nd open (for random access).

    I remember reading about it or something like it some time ago, but my search hasn't returned anything usable..

  2. GhaladReam

    GhaladReam Network Guru Member

    Unfortunately Tomato doesn't support this (yet). I'm not sure if it will be implemented either. DD-WRT v24 does however have this feature.
  3. roadkill

    roadkill Super Moderator Staff Member Member

    it's called VAP (Virtual Access Point) I think and it depends on the version on the Wireless Driver.
  4. The_Unknown

    The_Unknown Network Guru Member

    Could only reply today, thanks for your answers.

    Too bad it doesn't support it, but Tomato's still the greatest anyway :)
  5. paped

    paped LI Guru Member

    Could you not just setup a second physical wireless AP up and connect it to one of the WRT switch ports then you could set the WRT up encyrpted and the other AP as open. Not sure what you want this for but obviously there is a number of security issues with leaving a wireless connection open on your LAN so to help this (probably not remove the whole risk though) you could possibly set-up the DMZ IP address up within Tomato and then put the open wireless AP on this DMZ IP address so it just has full and open access to the internet via the WRT but crutially this should isolate this open access from your LAN.... Any traffic for the LAN from the open AP would then need to loopback to your router and enter the LAN via the firewall hence you would have to configure the required port forwarding and possibly enable the NAT Loopback option.

    Hope this helps.... and PS cheap wireless AP's can be found on ebay....

    EDIT - After typing the above last night an had a play with my old wrt this afternoon and there is another option to make 2 wireless connections and still keep your LAN secure by using 2 WRT's and adding a bit of config to them what I did was connect my modem and the routers like this:

    Modem --> WRT1 (open wireless/DMZ) --> WRT2 (secure wireless and LAN)

    The configuration is to set WRT1 to a different subnet to WRT2 i.e. WRT1 192.168.1.x & WRT2 192.168.0.x, this means that the wan port of WRT2 can be set to a static 192.168.1.x IP address. I then configured WRT1 with my ISP settings so it sets up the connection to the internet for the whole network. Any port forwarding needed for the LAN (on WRT2) then has to be replicated in WRT1 but with the destination address being the 192.168.1.x address on WRT2's wan port.

    This setup then effectively gives you a functioning DMZ on the wireless and switch ports of WRT1 that can still be protected by the firewall in WRT1 however these could be lighter rules and hence less protection within this segment of the network. Beyond this DMZ however you still have the WRT2 and it's firewall that could have heavier weight rules securing your LAN and secure wireless from the internet.

    Re the wireless you also mention the term "open" not sure what you mean by this but obviously people could steal you bandwidth if it is fully open so you could leave it open regarding encryption but lock it down by MAC address to make it more secure....

Share This Page