dd-wrt with true tompson cable modem/router help? pse

[Jayman]

It does seem like your modem sites support bridge mode.

http://www.hs-works.fi/en/yksityiset/ohjeet/pikaohje-thomson-tcw710tcw750tcw770n-asettaminen-siltaavaan-tilaan/

Make sure you do this with your computer plugged directly into the modem and not your ddwrt router.

Sent from my GT-I9100T using Tapatalk

[yankee99]

True came last monday and said the modems were OOS. They said they will return in a week (today). Installed the new modem put it in bridge mode and like magic all is working :')

Will have to see speed when downloading torrents but my slingbox is working normal....

Thanks for the help!

[TallGuyJohninBKK]

I believe I've got a similar issue to Yankee above, but I'm looking for a clearer answer as to what kind of setup I want to be aiming for.

Basically, I've also got True Cable Internet with a similar (to what Yankee posted above) True issued Cisco EPC2325 combo modem-router at home. I've been using a variety of PC-based VPN solutions at home that don't involve the True router. But now, I've added a Roku HDMI stick at home, and it needs a router-based VPN solution.

I really don't particularly want to mess around with True's modem-router or trying to change its firmware. And I don't necessarily need all my Internet traffic automatically going thru a U.S. IP VPN connection that the Roku stick wants. So, I took a spare Linksys E1000 N router I have at home and successfully flashed it with new DD-WRT firmware that enables router-based VPN connections.

So, now what should I do??? I've got my regular True Cisco EPC2325 and my newly flashed DD-WRT Linksys E1000. The question is how to configure them together to provide what I need?

Can I leave my True router settings as they are, and somehow add (via Lan to Lan cable) the DD-WRT router set up with one of my VPN services? Or do I have to change my True router into bridge mode?

Ideally, I'd like to leave my True-Cisco-Thailand wifi just as it is providing Thai IPs, and then have the option of my DD-WRT router providing a different wifi SSID and U.S. VPN IP that only my Roku stick would connect to. And then leave all my individual PC's able to connect via their own VPN clients on the True router wifi whenever I need them. Is that possible, and if so, how to configure it???

Thanks much!!!

[RichCor]

I've ... got True Cable Internet with a ... True issued Cisco EPC2325 combo modem-router at home. I've been using a variety of PC-based VPN solutions at home that don't involve the True router. But now, I've added a Roku HDMI stick at home, and it needs a router-based VPN solution.

... I don't necessarily need all my Internet traffic automatically going thru a U.S. IP VPN connection that the Roku stick wants. So, I took a spare Linksys E1000 N router I have at home and successfully flashed it with new DD-WRT firmware that enables router-based VPN connections.

So, now what should I do???

... Ideally, I'd like to leave my True-Cisco-Thailand wifi just as it is providing Thai IPs, and then have the option of my DD-WRT router providing a different wifi SSID and U.S. VPN IP that only my Roku stick would connect to. And then leave all my individual PC's able to connect via their own VPN clients on the True router wifi whenever I need them. Is that possible, and if so, how to configure it???

Thanks much!!!

Do you subscribe to a VPN service that will operate over/through a NAT (and your DD-WRT software)? If so, then what you want to do will work.

I'll do a little research later if someone doesn't already have the answer.

[RichCor]

True issued Cisco EPC2325 combo modem-router

a spare Linksys E1000 N router I have at home and successfully flashed it with new DD-WRT firmware

If you have setup/configure access to your Cisco router, you'll need to set ports 53 and 443 to forward to the same IP Address you'll use for your DD-WRT router.

HMA has a section here called Router VPN Configuration - Getting Started

Try the section for OpenVPN

This HMA support link may give clues if you are trying T2TP and PPTP connections

Basically you'll be configuring your DD-WRT device to act as a VPN Appliance sitting behind a NAT Router.

A small issue you will find -- Any device you connect behind the DD-WRT will be isolated from your 'normal' network. If you want to use another device with the Roku you'll need to connect that device to the DD-WRT WiFi connection.

Edited November 7, 2014 by RichCor

[TallGuyJohninBKK]

Thanks Rich.... AFAIK, I can't configure the Linksys E1000 and its DD-WRT firmware using OpenVPN because it lacks sufficient ROM memory. But the version of DD-WRT on it clearly will support a PPTP service, as will all of my VPN accounts.

So if I follow your approach above using PPTP on the DD-WRT router, can you fill in some of the blanks involved:

--Run an ethernet cable from the LAN port of the Cisco router to the LAN or WAN port of the DD-WRT router?

--Set the Cisco router to handle DHCP, and the DD-WRT router how?

--Am I choosing an IP address for the DD-WRT router inside or outside the IP address range of the Cisco router?

--Will the port forwarding you mentioned above work the same if the DD-WRT is running PPTP instead of OpenVPN?

Re the DD-WRT VPN wifi, the only device in my home that would need to use that wifi connection would be the Roku device. My intention is to continue running all my other Ethernet and wifi devices off the Cisco router and its regular wifi, and using VPN client software on those devices as needed.

Where I get lost in trying to follow the VPN service router instructions is they're usually talking about configuring a single router for being able to make VPN connections. Whereas in my case, I'm trying to use two different routers -- the Cisco one just normally, and then the linked/cascaded??? DD-WRT one to provide a VPN IP via wifi.

Edited November 7, 2014 by TallGuyJohninBKK

[RichCor]

Run an ethernet cable

Run an ethernet cable from the LAN port of the Cisco router to the WAN port of the DD-WRT router

Set the Cisco router to handle DHCP, and the DD-WRT router how?

Am I choosing an IP address for the DD-WRT router inside or outside the IP address range of the Cisco router?

Will the port forwarding you mentioned above work the same if the DD-WRT is running PPTP instead of OpenVPN?

The Cisco Router can still handle DHCP for devices that request/need it, but you should plan to have the DD-WRT router use a STATIC IP address outside the DHCP Pool Range (but withing the same subnet range). If your DHCP serves out 192.168.1.x addresses, then maybe 192.168.1.2 or .250, whatever is outside the DHCP Pool Range.

In the Cisco Router you should set ports 53 and 443 to forward TCP/UDP and to the same Fixed IP Address you'll assign the DD-WRT.

That should be all you need to do with the Cisco Router.

On the DD-WRT

Set the WAN port to the same STATIC IP Address you used to forward port 53 and 443

Follow the instructions here in the HMA link DD-WRT Router PPTP And L2TP Setup

I'd suggest you use the instructions for DHCP Turned Off (WAN interface with Static IP)

There are Two Schools of Thought

-- Static, Static, Static. Set EVERYTHING manually. Leave nothing to chance.

-- Lets see if DHCP and UPnP automatic discovery of other Plug n Play devices on the network works and I don't have to understand or do 'nuffin.

As always, if you are caught or killed, I will disavow... no, wrong. Well, yes, but not.

As always, IF you can connect a VPN using your computer connected to your Cisco Router THEN you should be able to configure a DD-WRT to act as a similar VPN Appliance also connected to your Cisco Router. (Caveat: You may not be able to use TWO VPNs utilizing the SAME protocols AT THE SAME TIME).

[thedemon]

I used to have that model (EPC2325) until TRUE changed it for some reason. It is extremely easy to get into bridge mode. Just hold the reset button for a few seconds and it will switch from NAT to bridge mode. To get it back do the same thing. The reset switch just toggles between modes. Once in bridge mode the LAN address will change to 192.168.100.1 but in any case there is absolutely nothing to configure.

The set WAN on the DD-WRT to DHCP and you're done.

I think not using bridge mode in this scenario is just making things unnecessarily complicated.

[thedemon]

A small issue you will find -- Any device you connect behind the DD-WRT will be isolated from your 'normal' network. If you want to use another device with the Roku you'll need to connect that device to the DD-WRT WiFi connection.

This is true and can be a real PITA if you're often switching between VPN and non-VPN subnets. You will forget which one you are using and then wonder why you can't connect to a printer or some other resource on your home network. I think It's a much better solution to keep everything on the same subnet and only switch gateways as required.

[thedemon]

An easy way to create a VPN appliance on your home network is to take a DD-WRT, Tomato etc. flashed router and connect it to your existing network via a cable to one of the LAN ports. Then take a patch cable and connect that between another LAN port and the WAN port (on the same device). Then in the GUI setup L2TP or PPTP as the WAN connection entering user/password and any other parameters as normal.

If the LAN IP of your router is e.g. 192.168.1.1, then set the LAN IP of the VPN device to e.g. 192.168.1.2

Then any client on your network can have either a local or remote public IP just by switching the gateway between the above addresses. For a PC or Laptop I use one of the many freely available IP switching utilities so it is just a couple of mouse clicks to switch.

For a client device like a Roku, use managed DHCP in DD-WRT to find the mac address of the Roku and convert the DHCP lease to a reservation. Then you can manually assign whichever gateway is appropriate.

[TallGuyJohninBKK]

A small issue you will find -- Any device you connect behind the DD-WRT will be isolated from your 'normal' network. If you want to use another device with the Roku you'll need to connect that device to the DD-WRT WiFi connection.

This is true and can be a real PITA if you're often switching between VPN and non-VPN subnets. You will forget which one you are using and then wonder why you can't connect to a printer or some other resource on your home network. I think It's a much better solution to keep everything on the same subnet and only switch gateways as required.

I believe I mentioned this above... The ONLY thing in my home that I'll need a router wifi delivered VPN service for is the Roku device.

All my other devices (PC, tablets, phones) use either the native True internet or, when using a VPN, use a device-specific VPN software application.

So on the wifi end of things, what I'm envisioning/hoping for is keeping the current True Online/Cisco router wifi that delivers Thai IP addresses under one SSID, and then a separate, different SSID delivered by the DD-WRT router with VPN U.S. IP that ONLY would be used by the Roku device.

Not entirely clear to me whether the different approaches mentioned above would end me up in that status.

PS - Ahh... I guess one place where having the different subnets would make a difference would be in the Roku's ability to play local network files stored on my various networked PCs, which is a non-issue for me. The stored media content would be on my Cisco network, whereas the Roku would be on the DD-WRT network, which I gather wouldn't be connected to my PCs on the other network. No biggie for me.

Edited November 8, 2014 by TallGuyJohninBKK

[TallGuyJohninBKK]

I used to have that model (EPC2325) until TRUE changed it for some reason. It is extremely easy to get into bridge mode. Just hold the reset button for a few seconds and it will switch from NAT to bridge mode. To get it back do the same thing. The reset switch just toggles between modes. Once in bridge mode the LAN address will change to 192.168.100.1 but in any case there is absolutely nothing to configure.

The set WAN on the DD-WRT to DHCP and you're done.

I think not using bridge mode in this scenario is just making things unnecessarily complicated.

Demon, if I'm following your advice, it sounds like it would result in ALL the wifi in my home being switched to the VPN connection through the DD-WRT router.

If that's correct, that's not really the result I want. I only want the VPN wifi for the Roku device which requires it.

For all my other devices, I want to use the regular True Online / Cisco delivered wifi with Thai IPs, and then use software apps on those devices to connect to VPN on that network when I need/want it.

[chubby]

..

Edited November 8, 2014 by chubby

[thedemon]

I used to have that model (EPC2325) until TRUE changed it for some reason. It is extremely easy to get into bridge mode. Just hold the reset button for a few seconds and it will switch from NAT to bridge mode. To get it back do the same thing. The reset switch just toggles between modes. Once in bridge mode the LAN address will change to 192.168.100.1 but in any case there is absolutely nothing to configure.

The set WAN on the DD-WRT to DHCP and you're done.

I think not using bridge mode in this scenario is just making things unnecessarily complicated.

Demon, if I'm following your advice, it sounds like it would result in ALL the wifi in my home being switched to the VPN connection through the DD-WRT router.

If that's correct, that's not really the result I want. I only want the VPN wifi for the Roku device which requires it.

For all my other devices, I want to use the regular True Online / Cisco delivered wifi with Thai IPs, and then use software apps on those devices to connect to VPN on that network when I need/want it.

OK I think I get you. In that case it is even simpler.

You only need one cable from the WAN port on the DD-WRT connected to one of the LAN ports on your TRUE router. Just go with all the default settings on DD-WRT giving it a LAN IP on a different subnet than the rest of your LAN i.e. If the TRUE router is set to 192.168.1.1 then set the DD-WRT to 192.168.2.1 with LAN DHCP service on.

If your goal is just to have a US IP not enhanced security then I would just go with L2TP or PPTP rather than OpenVPN which is more complicated to configure. If you're using HMA as the provider it is quite straight forward to set up L2TP or PPTP. There are lots of guides on the web. You need to log in to HMA with your account to get the list of server IP's for each country/city.

In this configuration anything that connects to the DD-WRT whether by WiFi or LAN will get an LAN IP on the 192.168.2.x subnet and go through the US public IP, once it's made a successful connection.

In my experience once in a while the VPN connection is dropped and the only way I can get it back is by rebooting the VPN router. I'm pretty sure that in the configuration above, when this happens the devices connected the the DD-WRT will still have an internet connection but will be routed through the straight through the TRUE router so will have a Thai public IP. Not sure if this is a problem for you but I can imagine it might be if you don't want the US streaming service to know that you aren't in the US. There is a way of configuring DD-WRT not to do this but I can't remember how. If you google it, I guess you will find the necessary settings.

[thedemon]

I used to have that model (EPC2325) until TRUE changed it for some reason. It is extremely easy to get into bridge mode. Just hold the reset button for a few seconds and it will switch from NAT to bridge mode. To get it back do the same thing. The reset switch just toggles between modes. Once in bridge mode the LAN address will change to 192.168.100.1 but in any case there is absolutely nothing to configure.

The set WAN on the DD-WRT to DHCP and you're done.

I think not using bridge mode in this scenario is just making things unnecessarily complicated.

Demon, if I'm following your advice, it sounds like it would result in ALL the wifi in my home being switched to the VPN connection through the DD-WRT router.

If that's correct, that's not really the result I want. I only want the VPN wifi for the Roku device which requires it.

For all my other devices, I want to use the regular True Online / Cisco delivered wifi with Thai IPs, and then use software apps on those devices to connect to VPN on that network when I need/want it.

Yes if you only had the DOCSIS modem (in bridge mode) and one DD-WRT router, it would mean that all traffic would go through the VPN connection. What I really meant but failed to say was that in that scenario you need 2 DD-WRT flashed routers, one of which manages regular traffic and the other a dedicated VPN appliance.

That means that there are 2 gateways on your LAN and so the advantage is you can easily switch any device between VPN and non-VPN by simply changing the gateway address.

[TallGuyJohninBKK]

Well... I do have another spare N router at home, a DLink DIR645, that's not currently flashed with DD-WRT, but could be, I gather. And I already have the Linksys E1000 flashed with DD-WRT.

But the idea of trying to configure 3 different routers to work together -- True's Cisco EPC2325 modem-router and then my own two routers -- is probably, well, should say certainly, beyond my limited networking skills.

BTW, in your scenario, why would the other non-VPN router need to be flashed to DD-WRT? For that use, why couldn't the DLink DIR645 just continue to operate in a non-VPN mode using its own firmware???

BTW, as a PS -- all this grief originally started with my original True Online Motorola Surfboard DOCSIS modem-ONLY died, and True claimed they no longer had any solo-modems to give me as a replacement. Thus I got stuck with the EPC 2325 modem-router.

Originally, I was using the DLink DIR 645 N router with my True modem and it worked great. But when the True yahoos came out to swap out the old modem with the new router modem, they couldn't get my Internet to work properly . No matter what they did, they couldn't get their EPC2325 to play well with my DLink, and couldn't get any speed test faster than 7 Mbps inside Thailand. So I ended up having to unplug and store my DLink, and rely only on the True modem-router, which I'd really rather NOT be using at all.

Edited November 9, 2014 by TallGuyJohninBKK

[thedemon]

Well... I do have another spare N router at home, a DLink DIR645, that's not currently flashed with DD-WRT, but could be, I gather. And I already have the Linksys E1000 flashed with DD-WRT.

But the idea of trying to configure 3 different routers to work together -- True's Cisco EPC2325 modem-router and then my own two routers -- is probably, well, should say certainly, beyond my limited networking skills.

BTW, in your scenario, why would the other non-VPN router need to be flashed to DD-WRT? For that use, why couldn't the DLink DIR645 just continue to operate in a non-VPN mode using its own firmware???

BTW, as a PS -- all this grief originally started with my original True Online Motorola Surfboard DOCSIS modem-ONLY died, and True claimed they no longer had any solo-modems to give me as a replacement. Thus I got stuck with the EPC 2325 modem-router.

Originally, I was using the DLink DIR 645 N router with my True modem and it worked great. But when the True yahoos came out to swap out the old modem with the new router modem, they couldn't get my Internet to work properly . No matter what they did, they couldn't get their EPC2325 to play well with my DLink, and couldn't get any speed test faster than 7 Mbps inside Thailand. So I ended up having to unplug and store my DLink, and rely only on the True modem-router, which I'd really rather NOT be using at all.

Strictly speaking there is no reason why the non-VPN router needs to be flashed with DD-WRT or other firmware. I guess it would work fine with the stock firmware.

The reason I do change to DD-WRT (or Tomato) is that the stock firmware is too basic so you have not very many options to set more advanced DHCP parameters like mac based reservations. Also things like DDNS are more flexible.

I get your point about possibly over complicating things by adding another router to an already slightly complicated setup. However I find it easier to diagnose problems when the various functions are separated out to individual hardware. Also when we consider that the internet connections we have in Thailand are not always as stable as they could be and we're often connecting quite expensive, high powered equipment to our network expecting that to all work perfectly through a $20 device with pitiful processing power is a big ask.

At my house I have TOT Fibre which is where I primarily use VPN. The main reason I use it is to get around TOT's sometimes weird routing not for streaming TV though it definitely does improve youtube streaming.

My office has TRUE DOCSIS and when I had the EPC2325 I was perfectly happy with it (in bridge mode) but we had some problems which turned out to be caused by a cabling issue outside our premises. However after that was fixed and working ok, a TRUE technician showed up out of the blue to change the EPC2325 with another CISCO 38something. I asked why and just got the answer that the new one was "dee kwa". It's fine, no difference that I can see. Just for your info, to get the newer CISCO into bridge mode is done through the GUI, not by toggling the reset button.

[TallGuyJohninBKK]

The reason why I don't particularly want to be running my VPN connections through a single router is I tend to change my VPN server selections fairly regularly...based on what I'm doing and the sometimes vagaries of say a Singapore connection working better than a Taiwan connection, or visa versa at different points in time.

When the VPN is software based on a PC or other device, it's easy to change servers within a particular VPN provider usually just by selecting from a pull down list of available server locations. But if the VPN is residing in the router, it means having to go into the router software, perhaps rebooting the router or PC afterward, and of course having the result that every wifi connection in the house will suddenly be shifted to that VPN server -- which is something I usually don't want to have happen.

I find it much easier to handle the VPN connections and selections at the device level -- except of course in the case of devices like a Roku stick or box, which don't allow that. Ruku gets demerit points for that failing in my book.

Edited November 9, 2014 by TallGuyJohninBKK