Firmware for TomatoUSB for ASUS RT-N16 router. Part 2

In the first part we got acquainted with the installation of an alternative firmware TomatoUSB for the ASUS RT-N16 router, and also set up the basic functions, installed the torrent-client Transmission, configured access to the drive via FTP and NetBIOS, and made the printer network. This time, the narrative will affect the configuration of the VPN connection for access from the Internet to the local network behind the router, which is required for us to remotely control the computer. For example, in order to throw on the mail forgotten at home an important document or something like that. Also, we'll touch on the QoS settings a bit, and finally we will touch on the issues related to overclocking the router's processor and further experiments with Optware. So, let's start.

⇡ # Setting up OpenVPN

We will need the OpenVPN distribution. The latest version can be downloaded from the official website by selecting Windows Installer in the download section. When installing, check all the components. We will use the simplest version of the organization of a VPN tunnel with authorization for a static key. This method makes it possible to create one connection to one server (who wants to be confused – here). In our case, such a server will be a router. Generate our key. To do this, from the main menu in the OpenVPN → Utilities section, run Generate a static OpenVPN key. The finished key is in the file C: Program Files OpenVPN config key. txt .

In the web interface of the router, go to the VPN Tunneling → Server section and on the Server 1 → Basic tab, check the Start with WAN checkbox. In the Interface Type, select TUN, and in Protocol – UDP. Port is set to 1194. For Firewall, select Automatic and switch Authorization Mode to Static Key mode. In the remaining two fields, specify the internal IP addresses of the server and client – and

On the Advanced tab, you will need to add several lines to the Custom Configuration field:

 keepalive 10 60 




Finally, on the Keys tab, you need to enter the key that we generated earlier. Open the file with the key (see above) and copy everything from the line —– BEGIN OpenVPN Static key V1 —– to the line —– END OpenVPN Static key V1 —– inclusive, and then we paste it in the Static Key field. It should look like the screenshot.

Do not forget to click on the Save button and start the server by clicking on Start now. On the Status tab, you can view the current status of the OpenVPN server (enabled or disabled), as well as statistics on the data sent and received, if the server is running. Now you can proceed to configure the client. On the client machine (for example, on the working laptop) it will also be necessary to install OpenVPN and copy the file key to it. txt . In the folder C: Program Files OpenVPN config create a new text file and copy the following lines to it:

 remote ddns_root_name 

dev tun


secret "C: \ Program Files \ OpenVPN \ easy-rsa \ keys \ key.txt "


keepalive 10 60



persist- key


The directive remote specifies the IP address or DDNS name of the router (in our example it was The directive ifconfig contains the internal IP addresses of the client and the OpenVPN server, respectively. In secret you must specify the full path to the copied file key. txt and the use of double slashes (\) in the path is mandatory. The last line ( route ) registers the route to the local network behind the router. We save the file under some comprehensible name (for example, homeroutervpn ) and change its extension from txt to ovpn . Double-clicking on it will open the OpenVPN tunnel to the router. Alternatively, you can run the OpenVPN GUI from the main menu. After launching the icon will appear in the tray, a double click on which will also raise the tunnel. When connected, a window will be displayed with the progress of the operation, which will automatically disappear after the installation of the tunnel. If everything went well, then the color of the icon screens will change to green (sorry for such a "blond" explanation). Another double click on the icon will show the window with the log. To disconnect from the VPN, you must press the Disconnect button.

By the way, with OpenVPN it is easy to combine two remote networks, for example, in different offices. It is necessary that they use two routers with the same firmware TomatoUSB. One of them is configured as a server, and the second as a client (VPN Tunneling → Client). It would be superfluous to reiterate that the corresponding port for OpenVPN (1194 by default) should be opened in the firewall, and that the addressing in the client's subnets, router (s) and VPN tunnel should not coincide.

⇡ # Setting up TightVNC

For remote access to the home computer, we will use the TightVNC program. Of course, it is much inferior to the built-in tools of Windows RDP, especially in the speed of rendering, but it is free and very easy to configure. Owners of Professional-versions of Windows XP / Vista / 7 better still use RDP. (Frankly, there are workarounds for Home Premium.) However, there are many alternative solutions, free and not very much. But back to TightVNC, the download of which is available from here. You can install either only a server or client, or both. At installation it is better to mark all additional operations with a tick.

You also need to set a password for accessing the VNC server and its settings. That's it – the VNC service will automatically start when the computer boots.

On the machine with which we will access the home computer, it is enough to install only the VNC client. It can be launched from the main menu TightVNC → TightVNC Viewer. Naturally, before the connection, we should already have an OpenVPN tunnel running. Then everything is simple – enter the IP address of the home computer and press Connect, and then enter the password that was set when installing the VNC server.

For optimal performance you will have to play around with additional settings in the Options section. You can choose the encoding algorithm (Use encoding) and manually set the level of compression of traffic (Custom compression level). An alternative option is to launch the JAVA applet, which is located at http: // ip_domestic_pc: 5800.

⇡ # Static DHCP and WOL

Naturally, you can access your home PC if it's on. Enthusiasts who do not turn off the computer around the clock, not so much. We will also benefit from the Wake-on-LAN (WOL) feature, which is supported by most motherboards and many laptops. This option must be enabled in the BIOS. It can also be called "Wake-on-LAN" or, for example, "PCI device Power On". In general, look in the documentation or just look in Google. Please note that when you connect via Wi-Fi, WOL will not work. We also need to know the MAC address of the network card: Start → Run → cmd. Enter the command

ipconfig / all

In the output of the command, we search for the characteristics of the connection over the local network and rewrite the physical address of the network card somewhere, only use colons instead of hyphens.

To start the machine remotely, go to the web-based interface of the router (https: // ddns_same_password: 8080) and go to Tools → WOL. If the desired PC is in the list, then just click on it to start it. Otherwise, you will need to enter the corresponding MAC address in the MAC Address List field, click Wake Up and wait for the OS to start, after which it will be possible to connect to the VNC server.

The IP address for the VNC connection can be viewed in the list of active devices in the Status → Devices List section. In order for the computer to always have the same IP address, you must click on the static link under its MAC address in the list.

As a result, you will be prompted to configure the IP binding to the MAC. You can manually assign this binding for each device on the local network. This is done in the Basic → Static DHCP section. Enter the MAC, specify the desired IP, add the name (Hostname) and click Add, and then Save.

⇡ # Configure QoS

With this option, in general terms, you can prioritize the transmitted traffic. For example, you need to make sure that some bandwidth is allocated for the transmission of some particular type of data. To enable this option, check Enable QoS in the QoS → Basic Settings section. It is also recommended to adjust the settings to the form shown in the screenshot below. The class of default traffic (Default class) can be selected different, depending on the further settings.

Then in the Max Bandwidth fields in the Outbound Rate / Limit and Inbound Limit sections, you must manually specify the maximum speeds (in Kbps) of outgoing and incoming traffic of your Internet connection. Next, you need to configure the traffic classes and for each class, specify the speed as a percentage of the total bandwidth of the channel. Note that it makes no sense to specify 100% of the speed – it does not happen that at any given moment there is only one defined traffic type. There are 10 classes in total. The highest priority is Highest, the minimum is Class E. It is important to understand that the priority and width of the channel are not directly related, it's not the same thing. If a type of traffic of the Highest class appears, it will be processed first. This does not mean that traffic of any other type or class will be "slow". For home use, the first five classes can be completely dispensed with.

This is just an example, it is not necessary to use it

Any traffic that goes directly from the computer to the router is not classified. Similarly, traffic that goes to the router from the outside or directly to any machine on the Web side is not classified. In general, QoS applies only to those data that are inside the local network (Internet traffic of all types after the router also becomes local). When any network activity appears, the router will try to determine the data type and apply the appropriate rules to them. Rules are created based on addresses (MAC or IP), protocol type (TCP, UDP, ICMP, IGMP etc) + port numbers, P2P protocols and L7 filters (Layer 7), and the amount of traffic transmitted (not always). The IPP2P filter is able to detect the traffic of popular file-sharing networks, and the L7 filter contains ready-made rules for some online services. Identify the type of traffic is not always possible, especially if it is transmitted in encrypted form.

This is also just an example

Let's take a look at the QoS configuration example, which is shown in the screenshot. The first line with the highest priority is the service protocols. They have a very small channel width, since the size of the transmitted data is quite small, but it is more important for us from the DNS server to get an answer as soon as possible. Dst Port specifies the ports to which calls are sent. Then there are several rules with the Medium class that serve streaming data. For such data, channel stability is important. The meaning of using filtering by the volume of traffic passing is simple. In the example, we have two similar rules regarding HTTP / HTTPS traffic. In the first case, the transferred filter is 0-256kb, and in the second Transferred: 256 kb +. It is assumed that most web pages fit into 256 KB, and everything above is most likely not just an attempt to open a site, but something to download from it. Therefore, in these two cases, different classes are used. For the FTP, SFTP, WLM File Transfers rule, the filter is specified simply by the ports without dividing the incoming / outgoing, because the probability is great that we not only download the data, but also upload them, for example, to the server. Finally, the last rule tries first of all to restrict the work of uTP, which is used in some torrent clients and often creates an unnecessarily high load on the network.

Before setting up QoS, you should think ten times if you need it. If everything works well, then it makes no sense to wind something else. In principle, using QoS can solve one very common problem – to distribute the Internet channel between several users. This is done simply. You need to create a class that limits speed. For example, you need to divide the channel in half. Then we set up the same classes in Outbound and Inbound, in which we set a limit of 50%. We create two filters with parameters Src MAC / Any Protocol / IPP2P (disabled) / Layer 7 (disabled) and specify in each of them MAC-addresses of machines. The Robson's QoS Script Generator utility, which can be downloaded here, will simplify the work on creating QoS rules. The finished script should be copied into Administration → Scripts → Firewall. Just remember that the correctness of his work is not guaranteed.

⇡ # Statistics and monitoring

TomatoUSB provides quite good tools for monitoring and collecting statistics of everything that happens on the router and the local network. In the section QoS → View Graph, real-time graphs of the distribution of passing traffic by classes are updated. If you click on the class name in the table on the left, you can see the exact list of connections. Summary information indicating where and what is transmitted is available in QoS → View Details. If there is too much Unclassified traffic, then often this is an occasion to think about the correctness of network operation or QoS settings.

In the Bandwidth section in real time, the download schedules of the channel are displayed on each of the network interfaces, and the total statistics of the past traffic for a day, week or month is available. To enable statistics collection, you must click the Configure link and check Enable, and in the Save History Location select the place for storing logs.

For debugging it is useful to enable the ability to view logs of the system. This is done in the Status → Logs section, where you click on the Enable link, and then set the following settings:

You can also include statistics on all visited sites, as well as search queries, and then view it in Status → Web Usage. All logs can not only be viewed online, but also downloaded to a computer, for example, for subsequent detailed analysis.

⇡ # CPU frequency control

The frequency of the CPU in the ASUS RT-N16 is specially reduced from 533 to 480 MHz. Correct this "omission" by typing the following set of commands in the web interface in Tools → System → Command and pressing Execute. The nvram set clkfreq command sets the frequency of the processor and memory. Its parameters are indicated by the formula "4x, 2x, 1x", that is, the first number (just the CPU frequency) is four times larger than the last and twice the penultimate one.

 nvram set clkfreq = 532,266,133 

nvram commit


After the reboot, the processor and memory frequency will rise. However, in this mode, the router is likely to be very unstable to work. Moreover, even with the default frequency, there may be problems in the operation of the router. For example, overheating. To avoid this, you can forcefully reduce the frequency:

 nvram set clkfreq = 440,220,110 

nvram commit


By empirical way it is possible to achieve an optimal combination of stability and speed of the device. However, it is best to take care of more efficient cooling by yourself – carefully remove the heat sink from the processor and use a hot melt glue to fix a radiator on it that was removed from the bridge of some old motherboard. The main thing is that the new radiator does not interfere with the light guides.

⇡ # Instead of confinement

This, perhaps, should be finished. We did not consider a lot of additional options that appear after installing an alternative firmware. All the instructions given in the article are to a certain extent suitable for most other models of routers with TomatoUSB installed. If you plan to continue experimenting with Optware, it is recommended that you install it not in JFFS (and not include this option), but on an external drive. To do this, it will need to create a separate folder

mkdir / mnt / sda1 / opt

and add to USB and NAS → USB Support → Run after mounting at the beginning of the line

mount -o bind / mnt / sda1 / opt / opt

It is also useful to create a separate folder for the data. For example, like this

mkdir / mnt / sda1 / data

And in all places where we have access to data (FTP, NetBIOS, the launch of Transmission), use it. Further expansion of the router's capabilities depends on your needs and imagination. Just remember that in everything you need to know the measure. If you installed a bunch of applications and services, then do not be surprised that the router suddenly began to overheat, reboot or just hang. You can start a deeper acquaintance with Optware with the official instructions and the TomatoUSB forum. It is useful to look at the page of one of the developers. In general, there is a lot of information on the Web. Successful experiments!

If you notice an error – select it with the mouse and press CTRL + ENTER.

Leave a Reply