I run an open wireless network at home – there’s no passwords to log on, just join the network. Don’t get the wrong idea, I’m really not that generous. I use open firmware to share my wireless freely, but give priority to my personal internet traffic. Basically, I’m generous when it is convenient to me, and selfish when it isn’t, while keeping my data safe. With open firmware I can safely offer to the neighborhood whatever amount of my network connection I’m not using.
Why I gave up on my old WRT-54G router
I bought a WRT-54GL back in 2008. There were better wireless routers available at the time, but few for what I wanted. I had heard the story of the amazing free software/GPL legal victory of the WRT54G and wanted to take advantage of those newly liberated features.
Why bother with open wireless? Well, I have memories of wandering around foreign countries, phone in hand, searching for an open wifi signal. Or moving to an apartment building in Flatbush, Brooklyn and having to wait over a week to get cable internet installed. In both cases I was able to see dozens of available wireless networks on my computer, but all of them were locked. Then I would head to a café to order a coffee I didn’t want, so I could receive an inscrutable code that lasted 45 minutes… ugh. I could see all the benefits of open wireless, and as I researched potential costs they sounded more like paranoid fears of very unlikely events.
So I got my WRT-54GL, flashed the open firmware onto the router, and never looked back. For the past 7 years I used that router – and collected others that people had discarded. I’d been offered new routers for free by Comcast – that would enable Comcast’s own, branded, subscriber-only, advertising saturated (and never seems to work for me) wireless network – and said no. I wanted to share my connection my way, not the Comcast way. I also wanted the level of control open firmware provided to shape my traffic, so when I’m downloading a movie it wont affect a Skype (or Jitsi) call. And more recently, I had this wild idea of running all the traffic in the house through a VPN so that the internet traffic from our computers and phones all looks like it’s coming from the Netherlands. (You know, because, why not?1) So, even when offered a “free” new router from Comcast, I refused. I held on to my trusty old WRT-54Gs. The version of Tomato Firmware I was running worked fine enough, so I didn’t seek out updates or alternatives.
But in trying to run that VPN connection on the WRT-54GL with Tomato, I learned that its age was becoming a factor: it was underpowered. I tried upgrading to Tomato by Shibby and the VPN couldn’t start. And I wanted to seem like I was from the Netherlands so bad. So, after 7 years — and because my birthday was coming up — I decided to get a better router.
Choosing a new router
I was lazy in researching the new router. My conditions were:
- It had to have more processing power and more memory than my old router
- It had to be relatively cheap, as I wasn’t going to waste money on what I knew was a silly VPN endeavor
- It had to run recent builds of Tomato by Shibby
I did a cursory search and found people raving about the Asus N66U. Their caveat seemed to be that:
- the N66U didn’t support wireless AC – but the only AC device I have is a phone, so that feature could wait.
- the N66U didn’t support USB 3, which newer models do
Those features are nice, but not worth further research and extra $40 of the newer AC66U model for me. Since the N66U was released a couple years ago (or as the “millenials” say: old) it’s relatively cheap at around $100. I can upgrade later and make the router a gift for someone else.2 So, I just bought the N66U.
Again, I had no idea how much faster it would be. Once I had the N66U up and running, I was just stunned by the difference in download speeds (see below).
If you really want to be lazy, openwireless.org is developing their own firmware for sharing your connection which should be released in the near future.
Installing Tomato Firmware on the Asus N66U
Here’s how I did the install. It’s pretty easy, but the instructions I found online had a few hiccups for my set up. For one, I was on OS X 10.9.5 (10.10 had been out for many months, but I hadn’t installed it yet) and navigating the Shibby builds is a bit unfriendly.
Get the version of Tomato you want to use
This is what I did:
Visit tomato.groov.pl/download/K26RT-N/ and pick the folder with the latest build. For me, at the time of this writing, that was:
build5x-130-EN/. Then I chose
There was a folder specifically called
Asus RT-N66u 64k, which is exactly the model I have, but there were fewer builds and they were not as recent as the
Asus RT-Nxx folder. I figured development stalled out on those and they started working on a branch of the firmware that works with newer models and is compatible with the N66U. My hunch worked.
In the end I chose:
You can look at a spreadsheet of the different Tomato builds and the features they support on the Tomato by Shibby site but don’t be intimidated if it doesn’t make sense to you.
I chose USB, Mega, and VPN (you can get builds without those features) because I wanted to use the USB ports — even though I haven’t decided what for yet. I bought this thing because I want to use the VPN feature, so I definitely wanted to check that out. And Mega, well, from all I’ve heard this router is a beast with all kinds of memory and processing power compared to my old trusty WRT54GL, so I figured go for it. I can downgrade later if needed.
Note: months later and I haven’t downgraded… or taken advantage of many of those features.
Access the miniweb server to install the firmware
- Connect Ethernet from your computer to the LAN 1 connection on the router.
- Holding the Reset button on the back, power up the router
Now, this slowed me down, because I couldn’t really connect to the miniweb server at
http://192.168.1.1. In the Network window of System Preferences in OS X. Ethernet would show as connected with the little green light for a few seconds, then go red. It was enough time to load the page if I was quick, but not enough time to upload the new Tomato firmware.
Here’s the trick:
Set a manual IP address as I did in the image below. I used
192.168.1.140. Then you can keep your connection and get the job done.
Then power up the router again (you may be able to do this earlier and save a step in the process, but I know this works and don’t want to lead you astray.)
Load the miniweb server in your browser from
I forgot to grab a screenshot of what the miniweb server looks like, so I grabbed one online. This is what it looked like as best as I can remember.
Select the Firmware you chose. Again, I used
You’ll see confirmation that it uploaded. Then wait. It says a few moments. It actually should say around 10 minutes. I wrote most of the steps you read above while waiting for it to load. Just walk away, have a sandwich, and come back. When you see the power light and the two antennae lights on again, you’re good.
Check your work
Load up `http://192.168.1.1/“ and you should get the tomato firmware interface.
Once I figured out the trick I mentioned above, it was pretty straightforward and quick.
Note: If this didn’t work for you, well, don’t worry. These routers are said to be unbrickable, so take a deep breath, do a hard reset and start again. Troubleshooting is out of scope for the guide I am writing here (and you’ll notice I don’t have comments enabled on this post) but there’s a lot support online for this kind of thing.
You can learn to configure Tomato elsewhere, but here’s some things I do right away:
- Under the menu Basic > Network rename the network to openwireless.org (that url provides an intro for people to create open networks of their own and helps spread the word.)
- do a scan and choose a wireless channel that’s not used in your neighborhood
- Basic > Time Set the time to my time zone
- Static DHCP makes it easier to identify your devices later.
- Port Forwarding > UPnP/NAT-PMP Enable UPNP and NAT-PMP on LAN for letting software on your computer configure ports automatically.
- Access Restriction I create a rule to block my access to my email servers between say 11pm and 9:30am. If it’s urgent, they’ll call, and my day is better for it. And I can always turn off the rule and gain access, but default is off.
- Administration > Admin Access change the admin user name and password
QoS (Quality of Service) settings do a great job of shaping the different traffic moving through the router, so your youtube video keeps playing while downloading an OS upgrade on your other machine. The default settings that come with Tomato work pretty well. However, you first need to test your internet speed with QoS off using something like SpeedTest.net. Get your speed (you may want to check it, with QoS off, every so often just to make sure it’s not wildly different).
QoS is also the way you can give guests on your network the lowest priority. There’s many ways of doing this that give you fine grain control, but basically you can take the range of IP addresses that guests would sign onto and assign them lower priority.
Another note – if/when you upgrade firmware, if things don’t behave correctly you may want to clear the NVRAM.
The result: It’s so much better.
Just, unreal levels of faster. I did not know this was possible. The WRT-54G was a 802.11g device and the Asus N66U is 802.11n – but here’s how it worked out in practical terms:
When transferring files from computer to computer within the network it’s even faster. Even via ethernet, the ports on the WRT-54G are only 100MB and the ASUS N66U has gigabit ethernet so it’s substantially faster.
Credits and more info:
- TomatoUSB firmware Flashing Guide
- How to Supercharge Your Router with DD-WRT
- Brett Terpstra and I talked about this on the Systematic Podcast.
- I learned why not. VPNs are inherently a bit slower, and much slower when run through a router, even with a better processor. But it is a cool to be able to do and it’s what got my started on this adventure. And all that NSA stuff is bad news… ↩
- I have given gifts of open firmware installed routers to art institutions I visit so that they’ll have open wifi connections. Most are open to it, but just don’t understand how it’s done, so I’m like the Johnny Appleseed of open wireless. ↩