Connect Tomato router over WiFi to public VPN WiFi and keep local WiFi & LAN behind NAT?

Discussion in 'Tomato Firmware' started by jeroenp, Jun 5, 2013.

  1. jeroenp

    jeroenp Reformed Router Member

    I'm pretty new to Tomato, so currently I have a default setup (WAN connected to DSL, eth1/eth2 setup as WiFi 2.4/5.0 Ghz behind the NAT together with the LAN ports) on my primary ASUS RT-N66U.

    I want to take my secondary ASUS RT-N66U on the road and have it use as a WiFi gateway to the outside world, but also use the internal WLAN SSID.

    The reason is that I have a couple of devices that I do not want to connect to the outside WiFi world directly: I want to have them behind NAT.

    I know I could do this with an extra access point on the LAN0..LAN3 ports or a WiFi CLIENT device that connects to the WAN port, but I don't want to add extra hardware.

    (Preferably, I want the two routers also talk PPTP or OpenVPN to each other, but that is for a different thread).

    What steps should I take to make this kind of setup:

    | WiFi access provider                   | (for instance FON)
         | SSID X (remote WiFi network)
       Wireless Interface eth1
    | Tomato 1.28 based router               X WAN port (not connected)
    | Asus RT-N66U                           |
    |                                 +------+
    |                                 |      X LAN0 port br0
    |                                 |      X LAN1 port br0
    |                                NAT     X LAN2 port br0
    |                                 |      X LAN3 port br0
                                        Wireless Interface eth2
                                         | SSID Y (local WiFi network)
    | Devices not having LAN connection      |
  2. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Yes you can. I've done the same thing under dd-wrt, and used to under tomato.

    If I remember correctly, you don't need to disable WAN/internet, keep the settings as DHCP or w/e the public wifi uses.

    Just use eth1 (or eth2) as a wireless client, with correct ssid/password etc.

    And use eth2 (or the other) as wireless access point like normal.
  3. jeroenp

    jeroenp Reformed Router Member

    From what I understand, this will create a bridge, which does not put the eth2 behind NAT.

    Can you confirm I'm wrong on that?
  4. Malitiacurt

    Malitiacurt Networkin' Nut Member

    eth2 will be behind NAT. eth1 is in 'wireless client' mode, not 'wireless ethernet bridge'. It's the same as obtaining an IP by WAN port and having LAN/wireless clients in a network behind it.

    (DHCP server needs to be running on your wireless router and on a subnet different from the public wifi.)
  5. jeroenp

    jeroenp Reformed Router Member

    Thanks. I think I get it.

    Can this also work with the public WiFi not having a password?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice