I’m including this stuff on my site because I haven’t found good answers out on the Internet. I may need to be reminded of how I did various things, or maybe you’ll do a search that turns it up…in which case I hope it helps. Incidentally, I have published a book on privacy and internet security. If you’d like to leave me a tip, feel free to buy it from one of the links posted on that page. Or download it for free (same page), and then consider buying something else…maybe fiction? If your mind is twirled pleasurably by sf/fantasy/crime/thriller stuff. Regardless, welcome to the site!
This one is pretty specific to our situation. For reasons too silly to go into, we’re in a period with no broadband connection other than our phones. Tethering the phones via Wi-Fi kind of works, but it involves finding a location to set whichever phone we’re using that both (a) gets a good LTE signal–which is an issue where we live, and (b) is close enough to our other devices that the Wi-Fi signal works for them. And some of our devices move around, and we like to move our phones around, and…yech.
So the first thing I did was turn our dd-wrt router, previously plugged into a DSL “modem,” into a repeater. But it turned out that it couldn’t (quite) manage to be a repeater for our phones’ Wi-Fi networks. Or at least, none of our devices could authenticate correctly to the network…via Wi-Fi. The temporary workaround was to simply configure the dd-wrt router as a repeater, then connect a computer to it via a Cat-5 cable, and have that computer then generate a new Infrastructure-mode Wi-Fi network. (Had to be infrastructure, because some of our devices won’t connect to an ad-hoc network. About the “security” difference that makes in the real world, see my book.) Which worked fine, but we had to leave that computer on all the time. A nice feature of all this was that we could actually configure dd-wrt as a repeater, but not generate another Wi-Fi network…since that didn’t actually work. And all was well…except for the noisy fan, the concern about the computer maybe dying, and the relatively weak Wi-Fi network it generated that didn’t quite reach all rooms in the house.
The next step was to buy an ASUS 3-In-1 Wireless Router (RT-N12), which was both pretty cheap and also, well, cheap. Oh, and I figured if it didn’t work out of the box it was supposed to be compatible with dd-wrt.
So I told the Asus device to be a repeater for my phone’s Wi-Fi hotspot. Then I named the other relevant phones’ hotspots the same way I’d named mine, and duplicated passwords, so as long as (at least) one of us turned on a hotspot all would be, in theory, well. (If we ignore various security-type issues covered in my book–WiFi devices should not work this way, at least not by default…but in this case stupid is helpful.)
Turned out the Asus thing was a repeater bridge, not a repeater. This meant all devices were in the same subnet, which actually made my life a little bit tougher. So I configured the Asus device to have a static IP address (so I could reliably connect to it without having to search an IP range), then connected the dd-wrt router to it via an Ethernet cable, gave the dd-wrt router a static IP address too, and voilà!
There are a couple of problems outstanding: first, that “repeater bridge” thing is still annoying–though it may be the reason the setup actually works, and if I cared enough I could try re-configuring the original dd-wrt device as a repeater bridge to see what happened. Also, the Asus device has a really, really annoying lack of configurability. So, just for starters, it creates a Wi-Fi network that none of our devices use. And for reasons unknown to me, our dd-wrt router doesn’t automatically connect to a VPN when I give it a static IP address. It did when it had a dynamic address…but when it was dynamic, the Asus device would, via DHCP, give the dd-wrt device its own IP as a gateway (rather than the IP address our phones use for themselves) when no phone hotspot was actually available. And DHCP leases from the Asus device would expire every hour, and that wasn’t configurable. So basically it required either tech-assistance from me to make stuff work, or the non-techies would have to reboot the dd-wrt device most of the time when they turned on a hotspot. Ick.
The upshot was that I had to decide whether to make turning the VPN on a thing I had to do manually, or make connecting to the internet (via the hotspot) a thing everybody had to do manually. I chose the first option, because only I really care about the VPN and the rest of the family cares a lot about the internet connection. More than I do, actually. I’d be fine without it. But if we’re going to have it, there are things I want it to do.
Is this perfect, right now? Nope. But it’ll do.
Meanwhile, to explain my lack of interest in perfection: further configuration of the dd-wrt router tends to scramble it, requiring me to restore its settings from a backup. Why? Well, on its primary interface it forces the use of OpenDNS servers, because we sometimes have foster kids who know porn sites by name at surprisingly tender ages and OpenDNS lets me do all sorts of filtering the kids don’t know how to bypass. On a virtual interface it sends (non-kid) traffic via a VPN, because I don’t like to let my ISP know what we’re doing. Just doesn’t seem like a good idea. On a second virtual interface, it sends traffic out unmolested, because Netflix doesn’t like VPNs anymore…and the interface the kids use also blocks YouTube and stuff we don’t necessarily mind on our living room TV, because that’s so rarely carried into a kid’s bedroom. Unlike, say, a tablet. That last interface is used solely by our Roku, and is also configured with “AP isolation” so the Roku can’t see any other devices or their traffic, just because the Roku is so hackable (see my book!) and why should it have access to other traffic anyway?
Whew. Is that all? No, not really. It also turns out that I have to turn off the VPN my phone otherwise uses when the Asus device is first connecting to it, or the connection doesn’t work. If the Asus device uses DHCP (already a bad idea), turning on the phone’s VPN will kill the Asus device’s access to the internet.
I think that’s it. Does any of this help anyone? Beats me. But there are a lot of steps to get this setup to work. Maybe this will remind me of what I had to do, next time something breaks and I have to rebuild a piece of it. On the bright side, combined with this stuff about noisy Wi-Fi environments, it all works very smoothly. Except for that “manually restart the VPN connection” thing, which I admit is weird and also silly. But only affects me, not the rest of the fam.
If I decide I care enough, I’ll try putting dd-wrt on the Asus device, set it up as a repeater without generating a Wi-Fi network of its own, let the existing dd-wrt device use DHCP via an ethernet cable, and the VPN will again work automatically. Or try to do it all via the dd-wrt device, configuring it as a repeater bridge this time. But I’m going to have to be really bored first. Not today. Probably.
Have fun out there!