How to connect 3 wireless routers wirelessly?

Ag3r1

Honorable
Dec 19, 2013
6
0
10,510
I want to connect 3 wireless routers wirelessly. I live in Switzerland and have a Samsung set top box from UPC Cablecom (Horizonbox, http://www.oliver-staehli.ch/wp-content/uploads/2013/01/UPC-Horizon-TechSpec1.jpg at this link you can see the specs) which provides the internet connection, so a modem + router.
I also have a Linksys WRT54GL router with DD-WRT v24-sp2 (10/10/09) std and a TP-Link tl-mr3420 ver 1.2 with factory firmware.
What I want to do is to connect these 3 wirelessly. Wirelessly because the LAN cable is only 100 Mbps and my internet connection is 150 Mbps. I never reach that speed, but correct me if I'm wrong, it can make a difference. If no, I still want to connect at least the Linksys and TP-Link routers wirelessly.
How to do that? I already connected the Samsung set top box with wire to both devices, but we live in a 2 storey apartment and I want a secondary router downstairs, so the rest of the family can also have a good connection and I will not put a cable through the apartment.
My other issue, basically the reason why I do this in the first place is that the set top box and my laptop's wifi adapter have a connection problem. I have tried older firmware, new firmware for my wifi adapter, but not working. I do have a separate wifi adapter but hey, it is a laptop with wifi built-in, so why should I plug in an extra adapter?
A new reason why I do this, is because I am using a VPN from Private Internet Access and the Linksys WRT54GL router with DD-WRT v24-sp2 (10/10/09) std can easily handle that.
So there are 2 more things.
1: in case all 3 devices will be connected wirelessly considering my internet speed, then I want to somehow be able to restrict either the set top box or my laptop to connect to each other, just to another device. How to do that? Plus how to connect my other devices to a specific router? Should I make separate sub-networks? Or just assign a MAC filter to the specific router? Or set up a static IP? I use WPA2-Personal, MAC filter, hide the SSID. Any good suggestions?
2: maybe a little bit off-topic, but how can I configure my VPN to either automatically select the gateway with the smallest latency or to give it multiple gateway choices and let it select the one which is available? I sent an email to Private Internet Access costumer support, and they said I should write a script. I am not experienced with writing scripts, but here in the community I hope to find someone who can help me with this too. The reason why I want to do this is because the Switzerland gateway is down many times, but I want to use that, if no then the Germany, France, Netherlands, Sweden, UK gateways are also fine. How to write a script for that?
So again: connecting 3 routers wirelessly, denying the set top box to connect with my main laptop, if possible then writing a script to auto select or select best gateway for VPN.
Hope I was clear enough about my issue. It is the first time I am writing to this or basically any forum. Because my case is a little complex I wrote a separate topic to it.
 

rdc85

Honorable
Well I'm using ADSL wifi router, and another wifi router myself..

The second router act as repeater in the living room (Downstairs, my room is in upper lvl) to increase range of my ADSL ... is that the setup u need?

if that is, the second router need to set as a bridge in the setting, also need on matching the channel....
 
As mentioned you need to run the router in client bridge mode or repeater mode.

Now if you are really doing this to improve your speed then that is a laugh. When you start running repeater mode you cut your speed by 1/2 at the very least and many times much more. On top of that the speed they quote for wireless is total bandwidth both up and down. That would be like saying your 100m ethernet cable can do 200m

I suspect you will get much better speed by using ethernet cable if you can accomplish it. If you would cable your 2 routers to the main router and could somehow split your users between them your would have 2 x100m (400m if you lie like wireless does).

Likely the bottleneck is going to be the main router. Most times it is the NAT translation that will slow you down but it hard to say since lots of small packets hurt much more than larger ones.

You cannot easily filter traffic between lan devices. Most routers only allow wan-lan fitlers. DD-WRT is a little different but I think you would have to still put in separate subnets.

Determining best latency is different than determining if it is down. Latency would require a script in and dd-wrt is unix but you have to be careful since it is still a tiny processor compared to a computer. Now down is a little easier. You could just build a VPN tunnel to more than one gateway. Since these have different metrics only 1 can be used with a default route. If one would fail the second would just take over...of course it would cause a major hit to your sessions because the IP at the other end of the vpn likely changes.
 

Ag3r1

Honorable
Dec 19, 2013
6
0
10,510


Thank you for your answer. So just to clerify some things, I want to do this setup for the following reasons:
1: My laptop has issues with the wifi of my set top box.
2: I want to use VPN on all devices and DD-WRT can handle that.
3: Since the apartment has 2 storey, I want to install the other router in the first floor so the other part of the family also has better reception.
4: When I was talking about speed, I meant the internet speed, because if I have a speed a 150 Mbps download speed from my ISP and I connect my routers with a LAN cable which has only 100 Mbps, then it might affect the overall download speed. As I wrote before, correct me if I am wrong about this. I did not say anything about 100 m cables whatsoever. I want to do it wirelessly because I do not want to install wires in the apartment. IF possible.

Somehow I want all the traffic go through my DD-WRT router, so I can use the VPN. How to do that?
Both the set top box and the TP-Link router are pretty "dumb" as per settings. Should I go for static IP?
And how to do that VPN tunnel?
Thanks again for your reply, waiting for your next one.
 
So I got lazy and typed m instead of mbps.

I promise wired at 100mbps is much faster than wireless. Wireless assumes best case and states a total bandwidth number that adds up and down together. It is also shared between all the users where cabled each user gets his own dedicated bandwidth.

So in the rare case where you have a perfect environment with no interference and you sit close to the router and you only have a single device talking to the router yes you might get more than 100mbps

I understand why you want to do it wireless but you have to understand the downside to this when you compare the difficulty to put in wired. In a absolute best case running a repeater will cost you 50% of the the speed because all the signal must be transmitted 2 times. Because their is seldom a environment with no interference you have now doubled your change to get packet damage which causes retransmissions so it is even less. On top of that because of how wireless tries to listen for others before transmitting to avoid transmission over each other it is now broken. The router and the end device can normally only see the repeater but not each other so they can easily transmit at the same time. This destroys both signals when the repeater see it.

When you use a wireless repeater I always say it must be thought of better than nothing. You have to accept the slowness and random drops because at least you are getting access to the network.

If that is your only option then you do it but be aware in addition to it not working real well because it transmits on the same channels as your main router it will affect machines that have direct wireless connection to the main router also. Not as much as the ones using the repeater but it is the same as if you had a neighbor really close using the same channels.
 

Ag3r1

Honorable
Dec 19, 2013
6
0
10,510


Thank you again for your answer.

So if I understand you well, you suggest wired over wireless, connecting the routers wired way. Okai. Can you help me with the other part? I mean how to run all the traffic through the VPN even using 2 wireless routers? I want all the data run through my DD-WRT router, how to do that? DHCP is turned off on the DD-WRT. Is it possible to have DHCP enabled on my DD-WRT and same time disabled on my set top box so the DD-WRT handles the traffic and IP selection? Static IP and such? And how to combine that with the TP-link router? I mean I want to connect it somehow with a wire. So imagine this: upstairs set top box. Wireless radio is turned off on the set top box. It is connected with a wire to the DD-WRT router. They are practically on top of each other. The DD-WRT is connected with a wire to the TP-Link router which is on the first floor. I want all the traffic go through the DD-WRT because it handles the VPN. Is it possible to enable DHCP on the DD-WRT only and set up for example static IP on it and same time disabling DHCP on the set top box and the TP-Link router? Sounds a little confusing but I think you get the picture.
And how to do that VPN tunnel setup? You pretty much convinced me with the wire thingy, I see the ups and downs now.
Thank you in advance for your reply.
 
VPN not on the main router gets a little tricky.

If you want all your traffic to flow only via vpn then what you do is lie to your end devices. Say your main gateway is 192.168.1.1 and your vpn router is 192.168.1.2 You would set the DHCP server (can be any router) to tell the client devices to send all the traffic to 192.168.1.2. The 192.168.1.2 router would know to send all the traffic into the VPN tunnel to the remote site but it also would know that the gateway to the internet was really 192.168.1.1. It would send the tunnel traffic itself to 192.168.1.1 but it would send any other non tunnel internet traffic though the tunnel.

Now if you want to run some traffic though the VPN and some not then life gets a little complex. You would have to choose where most the traffic goes and configure the default gateway for that. So lets say you default the traffic via the vpn but want say tomshardware.com to go direct. You would but in ROUTE statements in the end clients to send the traffic to the real internet gateway rather than the VPN. You can if your work really hard at it put these route statements in the DD-WRT route that is running the VPN. The problem is the traffic runs asynchronously. The end clients send it to 192.168.1.2 which sends it to 192.168.1.1 but the response coming back from the internet goes directly from 192.168.1.1 to the end client. Some firewalls in the clients can detect this via mac addresses and block traffic.
 

Ag3r1

Honorable
Dec 19, 2013
6
0
10,510


I want all the Internet traffic through VPN. For more reasons. It does not really matter why, it is more convenient this way. Not because the other solution is more complex.
So let me understand this now, since I am no expert, just not a n00b.
So let's say like in your example I set the DHCP server on the VPN router. The default gateway would be on all other devices the VPN router (1.2). So if the VPN router handles the DHCP server and all the traffic flows through it, but it sends the data through the non-VPN router, then it is all still a VPN traffic, right?
I do not need to have non VPN data flow.

How about setting multiple gateways? I mean if the Switzerland gateway is down, how to set that it chooses another one? How do I do that? I mean this VPN tunnel setting, so it has a multiple VPN gateway choice.
Your answers are very helpful, I think I am getting the gist of it now. Thanks a lot!
I am looking forward for your answer.
 
I would try to get it to run with a single VPN first then worry about the second one.

It may be a little tricky to get 2 to run...I forget there is a restriction when you run though a NAT router when you use IPSEC. You could I suppose use ssl/tls vpn.

In any case the basic configuration is the same as if you would say have 2 remote offices. You build a VPN connection to both from your central location. Unlike a office situation where you would route certain networks to each tunnel in your case you need to route the default route. Since the router likes to always has a BEST route even though there are 2 default routes in the routing table it will choose one or the other based on some metric value you set. If the primary link would go down this default route will get removed and it will use only other one that is left. When the primary comes back it will get the better default route back and it will switch back. The only problem with this design is when the VPN stays active but just does not pass any traffic or is getting 90% packet loss. You would have to write a script that could detect something that advanced and cause it to change the metrics on the other default route to make it be selected.
 

Ag3r1

Honorable
Dec 19, 2013
6
0
10,510


Much appreciated. One more thing: how to write that script? Like I wrote the first time I have no idea about script writing. Can you help me with that maybe?
Thanks again for your kind help.
 

Ag3r1

Honorable
Dec 19, 2013
6
0
10,510


So means you can not help me with this one? I mean the script. Do you know somebody who might be able to help on this? Or ask someone? Would be highly appreciated.
 
A unix person will have to help you and they will have to be able to live within the restrictions dd-wrt has. It does not have every tool loaded and is quite complex to get other software installed.

If you had wanted to do it on a commercial cisco router that I could probably give you a example but that is something totally different than a unix script.