Do any Tomato builds support WPS (Wi-Fi Protected Setup)?

Discussion in 'Tomato Firmware' started by Morac, Apr 8, 2011.

  1. Morac

    Morac Network Guru Member

    I tried searching and got nothing. I know the original Tomato didn't support this, but do any of the newer forked builds support it?
  2. TexasFlood

    TexasFlood Network Guru Member

    Not to my knowledge.
  3. Morac

    Morac Network Guru Member

    Any particular reason why not? Since WPS is a standard virtually every WiFi product out there supports it and it makes setting things up infinitely easier.

    The feature was actually in the firmware that came with my E3000, but Tomato removed it and replaced it with a wireless of/on toggle which I think is less useful.
  4. TexasFlood

    TexasFlood Network Guru Member

    Well, I'm not a developer so can't really address why they haven't included it but can answer from the perspective of a fan of the firmware who has been using Tomato for years and HyperWRT before that.

    But Tomato itself first came out the year before the WPS standard existed, not to mention that the precursor of Tomato, HyperWRT dates back over 2 years earlier.

    And neither of these firmwares were ever about automated setup but rather adding powerful features like QOS, raising the maximum connection limit, static DHCP, an improved simpler AJAX based GUI interface, telnet/ssh shell access to the router, ability to run cron scripts, wake on lan, WDS and wireless ethernet bridge modes, dynamic DNS, Init/Shutdown/Firewall/WAN Up scripts, ability to mount CIFS shares to the router, among others.

    I'm not sure what WPS would do for me. I can set all of the essential configuration of a freshly reset Tomato router on a single screen (basic -> network) in under 5 minutes with the exact settings I want. There are a few other items I typically like to customize that take a few more minutes. Stuff like static DHCP and QOS will take more time, at least the first time you do it, but can be saved off and pasted back in more quickly after the initial setup.

    WPS might be a bit easier but not a lot faster and would leave me with some randomly chosen values for stuff like SSID and WPA key so I wouldn't use it if I had the option. Connecting a client is typically as simple as typing in a passkey. Of course if you set up your router with WPS you'll want to use WPS on the clients if you don't want to type in some ginormous random key. At least I think that's how WPS works, I've hardly ever used it so please correct me if I'm wrong.

    Bottom line, I guess why take up the precious memory for a feature most fans of the firmware wouldn't use? Just my opinion, and you know what they say about opinions, "Opinions are like _____s. Everybody's got them and everyone thinks most everyone else's stink!" :biggrin:.

    If WPS is a valuable feature to you, as you said, the Linksys firmware offers it so you can always reload that to use WPS. Tomato adds a lot of other features which I personally would never give up for that. I'm not sure why you think Tomato replaced WPS with a wireless off/on toggle unless just the position on the menu but I'm pretty sure the Tomato wireless toggle was in that place on the menu long before Linksys put WPS there.
  5. Morac

    Morac Network Guru Member

    Actually I'd mainly use WPS for guests. It turns out the E3000 has a separate network for guests, but that's not in Tomato either. :frown:
  6. TexasFlood

    TexasFlood Network Guru Member

    Well, like I said before, typically at least in my experience, connecting a client is as simple as typing in a passkey so still not sure what the advantage to WPS is.

    It's been so long since I actually looked at the features of the original Linksys firmware so I am not really even sure what is there currently. But looking at the user guide, looks like it's essentially the same thing as AP Isolation which Tomato has a setting for. Some have developed more sophisticated ways to create a separate guest network with Tomato, but perhaps more trouble then they are worth unless you are into that sort of thing.

    The beautiful thing about a router like the E3000 is you -can- load Tomato, or DD-WRT, or other 3rd party firmware. But if you like the stock Linksys features better, you can go that route, you have freedom of choice.
  7. Morac

    Morac Network Guru Member

    I'm not sure it's just AP Isolation since the guest network actually gets it's own SSID. Maybe it uses the 2nd band for guests or something. That might be possible with TomatoUSB, but as there's no documentation on what any of the settings do I have no idea how to do it if it is possible.

    I actually picked the E3000 since I had been using the stock Tomato on a WRT54GL which doesn't support any of those things in firmware. I like Tomato's bandwidth monitor, the ability to change dnsmasq settings (to force using specific server farms for content providers) and the ability to as see what connections are being made outbound. That's all I really use.

    Since Tomato was sort of based off the old Linksys code and just added features I assume, incorrectly, that the newer Tomato versions were based off newer Linksys code, but I guess they're still based off the old code.
  8. TexasFlood

    TexasFlood Network Guru Member

    OK, I didn't see anything in the user manual stating that the guest network gets a separate SSID, at least not in language that was clear to me.

    That being the case, to my knowledge, Tomato doesn't support that. DD-WRT does allow you to do that. Guess it's a cool feature, especially for paranoid folks like myself and can imagine scenarios where it might be useful. Let's say you do isolate them to a guest network, all they have to do is plug directly into your router with an Ethernet cable and they have full access to your LAN anyway. So you'll have to physically prevent access to your LAN ports to complete the security model.

    Practically speaking, nobody I'm going to allow on my network is going to have the inclination or the ability to pose any danger to anything on my LAN. But that's me.

    There are ways to do similar things with Tomato, like the link I pointed to above.. While you can't, to my knowledge, set up a separate SSID for guests. You could, for example, I believe assign static DHCP IPs to all your equipment, set aside a small DHCP pool for guests and set up iptables rules preventing anything in that pool from accessing the LAN. While not total separation, and could be circumvented, if you're allowing folks you don't trust into your home then there is always going to be some risk.

    As I understand it, Tomato is based of older Linksys code, with quite a few features added. If the features aren't important to you then it might not be the right firmware for you. Linksys has added some features since the old days. I still find it lacking but must admit it's come a long way by looking at the user guide. Once of the main reasons I switched from Linksys firmware initially was to assign static DHCP addresses which the Linksys firmware now can do. Can't assign the same IP to two different MACs like Tomato, so you get the same IP wired or wireless, but still it's progress. DD-WRT has had more features and supported more routers than anything else for quite some time but historically isn't as stable so if you go that way, make sure you stick to the recommended and hopefully stable build, not the latest greatest build.
  9. TexasFlood

    TexasFlood Network Guru Member

    I did a bit of searching to find out what the Linksys "guest network" is.

    Apparently you'll only see "guest network" via the Cisco Connect software and not via the router web GUI. This is because the "guest network" isn't an additional virtual network rather than dedicating an existing one for this purpose as Morac suspected. The ability to create a new virtual network like DD-WRT can is not what is happening here, it's much simpler. The 2.4GHz network is being dedicated for "guest access" use with a small DHCP pool and AP isolation enabled. If you want to access the LAN via wireless you have to use the 5GHz network. That's why it sounded to me like AP isolation, because it is! (although only for the 2.4GHz radio) If you set this up on your router via Cisco Connect then go check the router setup via the router web GUI, I'm confident this is what you'll find.

    So I guess my point is, I believe you can do exactly the same thing on Tomato just don't have the Cisco Connect interface to configure it for you.
  10. TexasFlood

    TexasFlood Network Guru Member

    After a bit more reading, I'm not so confident any more. It's starting to look like Cisco/Linksys DOES support a "virtual" guest SSID/network on their N routers although with the exception of the new E4200, it's only available using the Cisco Connect software and can't be set up or modified via the router web GUI.

    I might have to go back to the Linksys firmware and try this myself to be sure that I understand what the deal is, if Cisco Connect is really doing some direct configuration of the router to bring up a second guest as it appears. I noticed that the user guide for the new E4200 it shows GUI access to create a guest network. Not sure if this is going to be available in future firmware releases for the other Cisco routers. Interesting, more research/testing to do as time permits.

    Interesting way to look at it though is if Cisco/Linksys -is- bringing up a "virtual" guest SSID & DHCP server, perhaps Tomato can support it as well. Thing is to figure out, if that's what is happening, how to get in there and figure out how it's being done?

  11. Morac

    Morac Network Guru Member

    I found a good example of when WPS would come in very, very handy. I'm currently setting up a WiFi device (TV) that doesn't have a keyboard input so that WPA2 passphrase needs to be entered via an onscreen keyboard using arrow buttons. Doing that for 64+ characters is a PITA.

    The TV supports WPS so if that was working it would take a few seconds to set up as supposed to 10 minutes.
  12. roadkill

    roadkill Super Moderator Staff Member Member

    AFAIK setting up a multi-ssid wireless network requires the hostapd package which tomato currently does not include as for wireless AP isolation it is used to prevent wireless client from contacting each other directly forcing them to use the network AP instead.
  13. lugnut

    lugnut Networkin' Nut Member

    In this case, we may be thankful that WPS wasn't implemented on Tomato. A huge WPS vulnerability just recently surfaced:

    EDIT: It looks like it may only be the vendor's implementation of WPS that was vulnerable, not the protocol itself.

  14. Psilo

    Psilo Networkin' Nut Member

  15. dwanthny

    dwanthny Networkin' Nut Member

    It's nice to know my Asus RT-N16 is safe from this vulnerability because of TomatoUSB.
  16. jsmiddleton4

    jsmiddleton4 Network Guru Member

    I'd also add that WPS is kinda plug n play. Not exactly but sorta. The type of people who are loading Tomato aren't usually looking for WPS. We not only don't mind setting stuff up, we enjoy it.
  17. PGalati

    PGalati Network Guru Member

    Listen or watch Twit's Security Now Episode #335 which discuss the WPS vulnerability. Steve Gibson does a good job explaining how the vulnerability works.
  18. lissny

    lissny Networkin' Nut Member

    I Need firmware for linksys e2500.. Can any body help me. plz............
  19. dwanthny

    dwanthny Networkin' Nut Member

    I'm currently using Toastman's build on my Asus router. For the correct version for your router check this post.
  20. lissny

    lissny Networkin' Nut Member

    thanx for responce.. thanq very much.,,,
    but three is no support for e2500... i can found there only E2000;E3000;E4200; but there is none for E2500....
    plz help me again
  21. dwanthny

    dwanthny Networkin' Nut Member

    It doesn't look good. I've looked around, infodepot states that this router is currently not supported. The dd-wrt supported devices page says this is still a work in progress (WIP). It seems the hang up is the new 5Ghz chip. Maybe someone else can point you to a build that will work.
  22. lissny

    lissny Networkin' Nut Member

    but now DDWRT is available for linksys e2500.... can I know Which Hardware or Router Model is in Progress for Tomato firmware
    I Need firmware for linksys e2500.. Can any body help me. plz............
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice