heredago's blog

September 17, 2013

how to connect to a VPN server on a TomatoUSB router and then only tunnel the traffic to specific hosts

Filed under: Uncategorized — Tags: , , , , , , , , , — heredago @ 20:48

1- setup openvpn connection on the router


2- ImageImageImageImage




2- only tunnel specific hosts route through openvpn client on tomato

I finally did it 🙂

I’m using v1.28.9054 MIPSR2-beta K26 USB vpn3.6, but should work on others, as it’s networking.

OpenVPN wants to setup all your routing, you’ve got to stop that…

In VPN Tunneling/Client/Basic: Uncheck “Create NAT on Tunnel”

In VPN Tunneling/Client/Advanced: Uncheck “Redirect Internet Traffic”

Custom Configuration, add the line: route-nopull


In Administration/Scripts/Firewall, make sure you have:

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE

Reboot, and viola, you got nothing…

Then, in a VPN up script (Best choice), or if you have your VPN start with WAN, put in your Administration/Scripts/WANUP

sleep 30
ip route flush table 200
ip route flush cache
ip rule add from lookup 200
ip rule add from lookup 200
VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
ip route add table 200 default via $VPN_GW dev tun11

This probaly isn’t the “best” or “proper” way to do it, but it works. Now only and192.168.2.13 will go through the OpenVPN tunnel. All other devices, and their traffic will go local.

This was extremely important for me, as i didnt want my Transmission torrent traffic going over the VPN. Some guy like SgtPepperKSU is looking at this and probably laughing… Anyway, from one Routing noob to another…


March 25, 2012

tomato tomato-usb tomatousb firmware routeur router gigabit 802.11n 802.11.n reddit dd-wrt wrt54gl linksys

Filed under: Uncategorized — Tags: , , , , — heredago @ 19:29


Ask Slashdot: DD-WRT Upgrade To 802.11n?

Posted by timothy on Tuesday October 25, @10:38AM
from the bending-over-backwards-for-flexibility dept.


First time accepted submitter krinderlin writes“My home network consists of a Linksys WRT54GL for WAN access and a WRT54G version 8 for a wireless bridge for my Blu-Ray and old XBox 360*. Due to a recent move and coaxial jack placements, I can’t run Ethernet to the office, so I’m now looking at about 8 wireless clients at any given time. I’d like to start piecing together a network upgrade to 802.11n, but want to keep the flexibility and power of DD-WRT. So what 802.11n routers do you have with DD-WRT? What would you recommend for PCIe x1 and USB adapters? *Because $100 for a 802.11g adapter is pure insanity.”

January 3, 2012


Filed under: Uncategorized — Tags: , , , , , , , — heredago @ 21:57

Now, to wake up a device via an UDP magic packet sent by the router must be able to UDP forward to a broadcast address. Two cases must be taken into consideration:

  • UDP forward to a broadcast address from the Wan Port to a LAN Port:

In this case, the UDP packet arrive on the WAN port and is forwarded to the LAN. By default, latest Tomato (v1.25) and DD-WRT (24SP2) do not support UDP forward to a broadcast address.

The good news is that an easy workaround can be implement on both firmware. Simply add the two lines below to the init script:

ip neigh change lladdr ff:ff:ff:ff:ff:ff nud permanent dev br0
ip neigh add lladdr ff:ff:ff:ff:ff:ff nud permanent dev br0

Make sure to replace the IP address “” by a free IP member of your LAN subnet. Then, create a UDP forward rule toward Since ff:ff:ff:ff:ff:ff is a broadcast address, the UDP packet will be sent to all device on the connected to the LAN.

Init scripts settings are located at:
for DD-WRT: Administration >> commands >> startup
for Tomato: Administration >> scripts >>Firewall



Blog at