Teaman mod, WPA2 WET, 2 VLAN's

Discussion in 'Tomato Firmware' started by pngaudioguy, Dec 3, 2012.

  1. pngaudioguy

    pngaudioguy Serious Server Member

    I've been reading on here for awhile, but finally registered to post a question. First off, these firmware mods enable an amazing amount of features, and are phenomenal. The community support is also great, and I've never had to post before because I've been able to answer all my questions by reading. You guys rock!

    Ok, so here's the deal. I'm in the military and have recently been stationed overseas. My wife enjoys watching Netflix, and I have a decent movie collection on my server that we watch through a media center PC running XBMC. Unfortunately, Netflix requires you to be in the US. I've got an openVPN setup that works great, but, when I connect to the VPN, I can no longer connect the XBMC to my server. I found Teaman with VLAN's and I think this will be the answer.

    My configuration:
    Wifi AP - Linksys WRT54G running Tomato 1.28 in office, WPA2 at, with DHCP enabled.
    WIFI "ethernet bridge" in living room - Linksys WRT54G v2.0 running 1.28.0025 Teaman-VLAN-PPTPD ND VPN

    Due to physical constraints of this rental, running a wire is not an option.

    I was going to try and describe my settings, but they say a picture is worth a thousand words, so here are my settings.
    Basic, Network:
    Advanced, VLAN:
    Advanced, LAN Access:
    Advanced, Routing:

    When I connect my laptop to one of ports 1-3, I get an IP served from the office router, and have ready access to my server and the internet. If I connect to port 4, I don't get an IP, even though I think I've configured it to supply DHCP to VLAN2/br1 via port 4. If I set a static IP on the computer, I can connect to the router at and manage it happily but not connect to the real world past that.

    Things I'm questioning myself on:
    DHCP on VLAN2 - why doesn't it work?
    why does br1 not have internet access? I thought that's what I did on the LAN Access tab.
    should I roll back to WPA? I know this was an issue on some other firmwares...
    how do I connect tun11 to br1 instead of br0, and also to eth0/wl0?

    The VPN tunnel works fine, I just need to assign it to the right port. I've used RIP to handle adding all the required routes, VPN server IP blacked out for obvious reasons.

    I don't understand tagged interfacing at all. Perhaps that's the solution?

    If there's anything else that you need to know about the configuration, please let me know. I'm all ears and curious to see how the gurus would configure this optimally.
  2. pngaudioguy

    pngaudioguy Serious Server Member

    I see there have been quite a few views, but no replies yet. Let me try rewording my question a little -

    Is there some way to set up a VLAN so that my OpenVPN tunnels through that VLAN, and all the ports on my other VLAN continue to get their IP's from the other router? It seems like one VLAN needs to be in gateway mode while the other is in router mode, maybe?

    At the core of it, I can't seem to get any connectivity at all in the second VLAN that I thought I had bridged to the first one (on LAN Access settings). Thanks in advance for any help!
  3. pngaudioguy

    pngaudioguy Serious Server Member

    Anybody out there have any clue how to have two VLAN's on separate subnets, one of which is bridged through a VPN tunnel? The WAN source needs to be either Wireless Client or Wireless Ethernet Bridge. Thanks!
  4. pngaudioguy

    pngaudioguy Serious Server Member

    For anyone following along (144 views as of this posting), I've decided to buy a really long CAT5 and tape it around doorways, etc to get to the media center. Then I'll throw a spare switch back there so the XBMC can live on my regular network and the TV can live on my VPN network, since nobody seems to know how to accomplish this, and nothing I've tried (and I've gone through just about every possible combination of semi-logical settings) has achieved success. If I'm feeling adventurous, I might try splitting the VLAN's with the physical WAN port as source instead of Wireless, but I'm getting pretty fed up with that router right now.
  5. leandroong

    leandroong LI Guru Member

    If your setting your router as "wireless ethernet bridge", Advanced->Miscellaneous->Mode = "router".

    Watchout !!! Since your using same router model, Make sure you don't have LAN MAC conflict. I said this, because, I'm using same model router that has LAN MAC conflict on my 2nd router setup as "Wireless ethernet bridge". Problem that I encouter is having no ping access to main router and no internet. After discovering LAN MAC conflict and correcting it, everything when smooth.
    BTW, to correct LAN MAC Conflict, you need to perform nvram modification manually. This is what I did:
    root@BTROUTER1:/tmp/home/root# nvram find macaddr
    nvram set et0macaddr=08:10:74:85:0E:27 <====== any mac you decide
    nvram commit

    Reboot your router. I also recommend that il0macaddr MAC change also. Key thing is, keep the first 10 digit the same for LAN, wireless, WAN. In my case, "08:10:74:85:0E:" is fixed.
  6. pngaudioguy

    pngaudioguy Serious Server Member

    Thanks for the suggestion. I guess I'm not sure what that fixes in my case.

    I am able to connect to the AP fine, ping works both directions, internet works fine. I can have the router either appear in the local subnet, or on the VPN subnet, and have internet access either way with showing the correct result (either local or VPN) depending on which I have connected at the time.

    What I really want to do is have two separate VLAN's running on the router. Physical port 1 needs to be in the local subnet, and port 4 on the VPN subnet. I don't need to be able to ping the TV, but the XBMC box I use a wifi network remote and it depends on the IP address and doesn't seem to want to play nice through the VPN.

    Will forcing an alternate MAC make the VLAN thing work?
