Completely Lost - tomato-RT-AC68U-ARM--140-AIO-64K

Discussion in 'Tomato Firmware' started by yosithezet, Feb 3, 2018.

  1. yosithezet

    yosithezet New Member Member

    I have the AC68U and previously a friend helped set it up to use his VPN. When his VPN became unavailable I stopped using the modem.

    Today my internet provide gave me a new cable modem, D-Link DCM-3012G, but it doesn't have wifi. So I figured I would just connect the AC68U, connect the WAN port to the cable modem and be on my way.

    The problem is that the AC68U was all configured for the VPN. Now I just want to use it as a vanilla wifi router rather than with a VPN setup.

    I upgraded the modem from v132-VPN to v140-AIO and cleared the NVRAM. Other than configure the SSIDs and security, I can't seem to figure out how to have it just grab an IP from the cable modem and enable me to use Wifi to get out to the Internet. I went through the FAQ thread and can't seem to see anything for plain initial setup.

    Any pointers very much welcome.
  2. eibgrad

    eibgrad Network Guru Member

    It wasn't clear what you were using for a router (if anything) once you removed the RT-AC86U and were still using the old modem.

    A common mistake is to just yank out the old router and plop in the new one without first formally dropping the active DHCP lease. From the cable provider's perspective, they have no idea you just swapped out devices. And since they typically limit you to one dynamic IP, they won't give you a new lease until the old one expires.

    You can either formally drop the old lease by reconnecting the old router, or clone the WAN MAC of the old router to the new router, thus fooling the cable provider into believing it's still the old router.

    Sometimes just powering off the cable modem for an extended period will do the trick as well. Cable providers tend to drop leases much sooner if they see the cable modem is inactive for an extended period. In some stubborn cases, it might take several hours, or even overnight. In such cases, I've cloned the MAC for the time being, and when I had the chance, I powered off the cable modem overnight, then went back to the proper WAN MAC and it worked just fine.
  3. yosithezet

    yosithezet New Member Member

    The previous cable router had WiFi built in and was my router. By the time I got home from the shop, the old modem was decommissioned and had no Internet connectivity.

    Back when I had the VPN I had the ASUS connected to it via Ethernet and thus had one WiFi network with the ASUS and another from the cable modem.

    I don’t think the issue is DHCP between the cable provider and the new router they provided as when I plug a computer directly into the cable router via Ethernet I have no issues accessing the Internet. Thus I assume I simply don’t understand how to set the setting on the Tomato ASUS.
  4. Sortec

    Sortec Reformed Router Member

    So then your issue is setting the wifi?
    If I understand you correctly, with the new router plugged into the new modem, and your PC plugged into the new router, you have connectivity. However, when you try to access the internet via wifi, it doesnt work?

    If that is the case, you will need to set up the wifi access. Log into the new router
    Click on the basic button
    click on network
    scroll down a little bit and you should see the wifi section.
    set wireless mode to access point
    make the ssid something relevant to you (say MyWifi, etc)
    set channel to auto (for now)
    channel width to 20
    security to wpa2 personal
    encryption to AES
    create a password (shared key) that is relevant to you (ie MyPaSsWoRd)
    you can do the same on the 5ghz frequency as well.

    Most of those items are probably already set since you did use it for wifi previously.

    back to the left pane, scroll down to VPN tunneling
    click on vpn client
    uncheck start with wan

    something else to try (but try this at your own risk) is scroll down the left pane to administration
    click on configuration
    restore default configuration - ERASE ALL DATA
    This last option will reset EVERY setting back to tomato default. This will include router login id and any custom LAN IP addressing you may have established.
    Again, use this at your own risk.
  5. yosithezet

    yosithezet New Member Member

    Thanks. Note that I upgraded the firmware and selected the option to erase the NVRAM so I assume that is the same as ERASE ALL DATA. I then had Tomato SSIDs and set them up for my personal settings.

    The VPN tiunneling setting is new to me so I will check that when I get home in a week.

    While I have connected a computer directly to the Ethernet port of the cable modem, and that worked fine, I haven’t tried connecting the computer to the LAN of the ASUS while the ASUS WAN port is connected to the cable modem. I suspect that this would have the same effect as using the WIFI when the ASUS WAN port is connected to the cable modem, but I should make sure.

    Hopefully the VPN tunneling setting will be the issue and then we are good. Assuming it is turned on by default then turning it off may do the trick. Let’s see.
  6. Monk E. Boy

    Monk E. Boy Network Guru Member

    One thing that occurs to me is that it's possible both Tomato's default IP range (192.168.1.x) and your router/modem combo device's IP range could be the same range. They need to be different. Set one to 192.168.2.x or 172.16.1.x or something different.

    If that wasn't it.... when you reset your NVRAM the VPN settings should have gone away with the rest of the NVRAM settings, though I suppose if you have a USB drive connected it's possible your friend put something in its automount script that's getting in your way now. So if you have a USB drive, disconnect it and reboot the router. If it still doesn't work reset NVRAM one last time wo /USB connected and give it a shot.

    I would certainly take a look at the ASUS and see what IP its WAN port was assigned when its not working. You'll want to leave the WAN at DHCP, which should be the default.
  7. Sean B.

    Sean B. LI Guru Member

    You may very likely need to clone the MAC address of the computer you had connected to the modem, and use it for the routers WAN interface. Connect the same computer you had connected directly to the modem to a LAN port of the router. Then go to the web interface of the router under Advanced->MAC Address .. on the WAN PORT line click the " Clone PC " button and then click save at the bottom of the page. Connect the router to the modem and reboot. See if anything changes.
  8. Monk E. Boy

    Monk E. Boy Network Guru Member

    Yeah, if the new modem is running in bridge mode its a little more complicated. Usually just power cycling the modem will make it work with a new router. The modem learns the MAC address of the first system that was connected to it at startup and refuses to accept any other MAC address until its power cycled. Some ISPs go a little further and won't issue a new DHCP lease unless you release the old DHCP lease first... which is usually easiest to work with by just cloning the MAC address. At that point the router has the same MAC address and it just works.
    Last edited: Feb 7, 2018
    Sean B. likes this.
  9. Sean B.

    Sean B. LI Guru Member

    Exactly. Comcast does it that way ( holds onto the Mac/lease binding even after a modem reboot ), made me scratch my head for a minute first time I encountered it.
  10. Monk E. Boy

    Monk E. Boy Network Guru Member

    Oh no, Comcast is doing it now too?

    If you do a DHCP release before shutting down the modem it should let you use a new MAC address once the modem's powered on (assuming you swap routers/MAC addresses while its off). From my tests on WOW (only ISP I've personally encountered that's doing it) the modem is basically OK with the new MAC but the DHCP server refuses to give you an IP because a lease was already requested through that modem. If you wait for the lease to expire you can swap MAC addresses that way too but that can make for a lonnnng wait.

    As you note it's a lot less headache to just keep using the same MAC address than deal with the whole DHCP release/power off/swap hardware/power on/new IP song and dance.

    I feel sorry for anyone whose hardware has actually died and they're not technically competent enough to figure out what the old MAC address was. Guess some ISPs like paying for support calls.
  11. koitsu

    koitsu Network Guru Member

    On Comcast, the modem must be power-cycled, not rebooted. I believe many of these modems actually store/cache in RAM several negotiated details about the DOCSIS portion as well as the LAN portion (MACs, etc.), which is only lost when power is removed. I've seen this across multiple brands -- Motorola, Arris (both the Motorola subsets as well as their own), and Netgear. This is why when speaking with Comcast CSRs, they will tell you as part of the troubleshooting procedure to unplug the AC power on your modem for several minutes, then plug it back in. Several minutes (3-4 tops) is necessary because several modem types, IIRC, use supercapacitors which hold charge for longer periods of time than standard caps.

    This is why utilising the administrative interface of the modem itself -- it varies per model, but often is at -- is useful, as (depending on model) you can see details about the state of the modem (and on some, including the LAN portion; for example, some older Motorola (non-Arris) modems would show you the modem's ARP cache). This interface on most modems will not be available until some degree of the DOCSIS negotiation is completed. (In contrast, ex. early 2000s, some cable modems brought up their LAN PHY and Ethernet segment ASAP during the power-on process (before the coax and DOCSIS part), which in turn effectively permitted ARP "injection", an effect of which would be the modem fetching the DOCSIS config file via LAN not coax, allowing for a person to bypass cable modem speed provisioning/rate-limiting. That's why things are the way they are now)

    With regards to the above paragraph: however, on Tomato, despite the "Cable Modem IP" feature (which adds a static route so that addresses like, which are normally outside of the designated LAN space, are accessible from said LAN), I have seen many cases where power-cycling or rebooting equipment in certain orders (modem first, router second, and vice-versa) results in the modem's webserver at becoming completely unreachable (TCP port 80 does not respond, ping/ICMP does), while in other cases ping/ICMP doesn't work at all. All this leads me to believe the modems' network stacks and/or daemons are extremely fragile, especially when layer 1 or layer 2 changes happen. As such, any time I change equipment on the router or modem side, I power-cycle all equipment until everything "looks OK".
    Last edited: Feb 8, 2018
    Monk E. Boy and Sean B. like this.
  12. Sean B.

    Sean B. LI Guru Member

    I just run my hardware till' it burns into the ground, no reset needed ;)
  13. Sortec

    Sortec Reformed Router Member


    Hey, glad to see you are back!!!
    pomidor1 likes this.
  14. koitsu

    koitsu Network Guru Member

    Per a different thread: "P.S. I'm not really back, I'm just wasting 24-48 hours before continuing to apply for full-time work. You shouldn't expect to see me around past Wed or Thu this week at the latest."
  15. Monk E. Boy

    Monk E. Boy Network Guru Member

    If you have phone service with a cable modem ISP your modem will usually contain a battery backup that must be removed to power cycle the modem. This is because of regulations require phone service to continue working for a certain time after a power outage, so you can contact someone in the event of an emergency. Similar logic is why modern cell phones in the US are required to allow the user to dial 911 even without a SIM present (typically you'll see the banner "emergency calls only" when a phone is otherwise inaccessible).

    The last two times I had service from Comcast the neighborhood was in a see-saw arrangement. To fix my service the neighborhood would end up being run too weak for other customers, who then would call and Comcast would come out and fix their service... and break my service in the process. This went on and on and on for months until I finally got fed up and moved. Needless to say I'm not too enthused about ever having service with Comcast again.
  16. yosithezet

    yosithezet New Member Member

    Thanks to everyone for the advice. It is now working. Not quite sure what did the trick.

    I change the range of the IP in the device although the DHCP from the router wasn’t similar.

    The VPN tunneling was already off by default.

    I plugged the laptop into the ASUS LAN while the ASUS was in the WAN of the cable modem and had network. From that point the ASUS WiFi started to provide Internet as well.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice