Home >> Articles >> Recipes
Building The Ultimate Home Network
Asus RT-N16 router
Installing Tomato on an Asus RT-N16 router
DOWNLOAD TOMATO FIRMWARE
- K26 version
- MIPSR2 version
- VPN version
INSTALLING TOMATO ONTO ROUTER
# Go into our router page (http://192.168.1.1)
default user/pass is admin/admin for Asus router firmware
- download a generic version of DD-WRT to install on the NT-16 router first, such as from: ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/broadcom_K26/
example .trx file: ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/broadcom_K26/dd-wrt.v24-21676_NEWD-2_K2.6_mini_RT-N16.trx
# administration -> restore/save/upload setting -> restore -> yes
# administration -> firmware upgrade -> select .trx file for generic DD-WRT that we downloaded above -> upgrade firmware
The router is now running DD-WRT.
In DD-WRT ...
# administration -> firmware upgrade -> please select a file to upgrade -> select the Tomato by Shibby firmware file we downloaded. You may first need to rename the extension from .trx to .bin
Once firmware is finished loading, you may need to do a hard reset on the router.
The router is now running Tomato by Shibby.
default user/pass is root/admin for Tomato firmware
In Tomato by Shibby...
# administration -> configuration -> Restore Default Configuration -> Select ... -> Erase All Data in NVRAM memory (thorough)
# advanced -> MAC address -> WAN Port -> Clone PC -> Save -> OK
should now see an IP address from your ISP
TOMATO: CHANGING THE ADMIN PASSWORD
# administration -> admin access -> change password at bottom
TOMATO: CONFIGURING THE WIRELESS CONNECTION
# basic -> network -> wireless
- checkmark beside 'wireless'
- SSID: think of something clever
- click on SCAN. Once it's done, it will show you which channels are being used, and by how many people. Pick a channel that is furthest from everybody else in your area.
- under security, pick WPA2 personal. Change the encryption type from TKIP to AES. Click on 'random' to generate a 64 character key.
- Click save.
- Copy and paste the 64 character key to a text file and save it on a usb stick. You can bring this to your laptop later.
I like to lower the transmitting power of my router, do we really need more radio waves than necessary running through our body? And who knows, maybe it even extends the life of the router.
I bring my laptop to the most likely furthest point in my house that I'll be using it. Run a speed test.
Then, in Tomato...
# advanced -> wireless
change 'Transmit Power' from the default 42 to 32. Hit save. Run back upstairs to the laptop, run the speed test. Still going plenty fast. Dropped it to 22. Still going the same speed. Dropped it to 12. Wow, still no drop in speed. Can I really get by with just 6mW ? Nope. Now having trouble connecting. Let's try 9 mW. Hmmm, still problems. Looks like 12 mW is about as low as I'll want to set it for now.
TOMATO: USING DIFFERENT DNS SERVERS (such as Unblock-Us)
# advanced -> DHCP / DNS
Make sure there is a checkmark beside 'Use internal DNS'
In the Dnsmasq box, enter the DNS servers you want to use, ie:
Now take the checkmark off of 'Use received DNS with user-entered DNS'
Hit Save again.
Now go to...
# basic -> network
Under 'LAN -> static DNS' , enter the IP addresses of the DNS servers you added above. Example:
TOMATO: CONFIGURING OPENVPN
Follow instructions at http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/
(also saved under Chris Myden's Ultimate Netbook -> saved pages)
Start at 'Configuring OpenVPN' and follow the instructions from there
- Important: Change the KEY_SIZE in vars.bat from 1024 to 2048
Meanwhile back in Tomato...
# Advanced -> VPN Tunneling
- put a checkmark beside 'Start with WAN'
- interface type should be TUN
- protocol should be TCP
# now click on the 'Advanced' tab of the OpenVPN Server Configuration
- put a checkmark beside 'Direct clients to redirect internet traffic'
- put a checkmark beside 'Respond to DNS'
- put a checkmark beside 'Advertise DNS to clients'
- change the encryption cipher to 'AES-128-CBC'
# now click on 'Keys'
- In Windows Explorer (on our client machine), navigate to C:\Program Files (x86)\OpenVPN\easy-rsa\key
Paste in the keys
box 1 = ca.crt
box 2 = server.crt
box 3 = server.key
box 4 = dh1024.pem
- Note that for the server certificate, you don't include the first part of the file '-----BEGIN CERTIFICATE-----'
Hit Start Now
Okay, now we just need to do a few more things before testing our OpenVPN connection
# basic -> time
- change Time Zone to the correct time zone (-7)
- set the NTP time server to North America
- hit Save
# basic -> DDNS -> Dynamic DNS 1 -> select 'FreeDNS (afraid.org)'
Beside Token / URL, enter the Token URL from afraid.org and hit Save
And now back in Windows...
create a .bat file with this in it:
start C:\"Program Files (x86)\APPS\OpenVPN\bin\openvpn-gui-1.0.3.exe" --connect xxxxx.ovpn
- Add this .bat file to the Windows startup menu in your client, so that OpenVPN starts and connects automatically.
ITEMS BELOW THIS LINE HAVE NOT BEEN COMPLETED ON THE NT-16 ROUTER YET
TOMATO: CONFIGURING QOS
Used the following 3 tutorials as a guide...
QoS -> Enable QoS
- left checkmark beside ACK packets (see debates in tutorials above)
- left SYN, FIN, RST unchecked
- Prioritize ICMP: left unchecked, useful if you're running a game server, which I'm not
- Kept default class as Low.
Max Bandwith: This is an important value. To figure out what mine was, I went to http://www.dslreports.com/speedtest?flash=1 and ran a speed test to each city.
845 895 with QoS Los Angeles:
3930 527 119
4211 720 4208 690 3842 692 4206 724 Chicago:
5165 845 28
4532 818 45
4218 838 3760 809 4194 821 3791 778 San Francisco:
2040 829 43
2121 652 2042 807 2113 859 2109 854 Parsippany:
3661 844 53
4416 762 3968 784 2642 818 It would appear that my max is 845. This is what I set it to. I'll probably revisit these speed tests later and make sure.
High: 10% - 92%
Medium: 3% - 90%
Low: 3% - 100%
Lowest: 2% - 70%
Class A-E: none - none (for all)
We don't want any QoS on our inbound rate, so set the Max Bandwidth to something ridiculously high... Max Bandwidth: 999999
and leave all dropdowns in their disabled state.
Lowest->Class E: none
Now we move on to QoS -> Classification
First I use the up arrow to move the DNS match rule to the top. Then I set it as class 'highest'. Click OK.
- Then I click on the one that has the description of WWW (should already be second from the top now).
Beside ports 80 and 443 I add 21 and 23, so it looks like this: 80,443,21,23
I change the description to WWW, FTP, SSH.
I set the class as 'high'.
Now at the bottom we'll create a new match rule, with a class of 'lowest'. In the description box put 'uTorrent'.
Changed the IPP2P (disabled) to BitTorrent. Then I moved this uTorrent rule up to 3rd place.
Moved the 'bulk traffic' rule up to 4th place.
Deleted the WWW (512K+) rule, and the DNS (2K+) rule.
Click 'Save' at the bottom.
TOMATO: CONFIGURING FOR UBERNET
Ok, getting Tomato to work with Ubernet was a bit annoying and caused me headaches. To do it successfully, follow these steps, the order is very important.
Go into the router, http://192.168.1.1/ Port forwarding -> UPnP / NAT-PMP -> take the checkmark off of UPnP
Now, disconnect the Linksys router from your setup. Connect your modem *directly* to your computer.
Go into Windows Vista firewall. Start -> control panel -> security -> allow a program through Windows firewall -> exceptions
Clear any entries relating to UberDC++ or the port you plan to use.
Click add port. Name: Ubernet TCP Port number: the port you want to use. 60125 for example. Protocol: TCP Click OK.
Click add port. Name: Ubernet UDP Port number: same port # as above. Protocol: UDP Click OK.
Launch UberDC++. When Windows asks, unblock it.
Go to Shields Up port test at https://www.grc.com/x/ne.dll?bh0bkyd2
Proceed -> enter in the port # that you entered above -> click User Specified Custom Port Probe ->
It should say open. If it doesn't, well there's no point in going further.
Go back into UberDC++.
File -> Settings -> General
Active IP: enter your outside IP address (whatismyip.com can tell you what it is)
Searching IP: same as above
Active Port: enter the port number from above
Searching Port: enter the port number from above
Hook your router back up the way it was before.
Go back into your router page: http://192.168.1.1
Status -> Device list
Which one is your computer? Not the one with interface vlan1. You want the internal IP. Should start with 192.168.x.x Copy down the IP address, it's your internal IP.
Port forwarding -> basic ->
Change the dropdown box from TCP to 'Both'
Under Ext Ports, put the port that you entered into UberDC++
Under Int Address put the internal IP address that you just figured out (above)
Under Description put Ubernet
Go back to the Shields Up port test. Is it still open? Should be. Try searching on UberDC++. Can you connect to other users? Can you download their lists ?
Go back into Windows firewall. You can remove the 'Ubernet TCP' and 'Ubernet UDP' port entries. Just make sure the UDC++ stays there, and stays checked.
TOMATO: CONFIGURING FOR UTORRENT
in uTorrent, go Options -> Preferences -> Connection. Note the incoming port.
Now in the router config page, go to Port Forwarding -> Basic
Change TCP to 'Both'. Set 'Ext Ports' to the incoming port noted above.
Set Int Address to the IP address listed under Status -> Device list (whichever one is your computer, your internal IP address, usually 192.168.1.X)
Set Description to 'uTorrent'.
backing up the router configuration
http://192.168.1.1 -> Administration -> Configuration -> Backup