Persistent Storage
The only persistent storage on most routers is NVRAM, this is limited both in size and life, ie. each write action diminishes the life of the module (much more so than with, say, a hard drive). The Tomato implementation makes the firmware read only, any files that need to be read/write are created under /tmp directories during boot and are lost in a power down or reboot.This can be a nuisance if you use logging to create a long term record of bandwidth usage, useful with a capped mobile account. It also means there is no way to store your own programs or other files that are not part of the firmware.
It is possible to create a persistent file system within the router using JFFS. Tomato provides menu support to format JFFS so, providing the router has sufficient RAM available, this is one way provide persistence. I've created a jffs filesystem and my bandwidth log, system log, kplex and VPN certificates are kept on it. The jffs filesystem is enabled fairly early in the boot sequence so putting the system log on it, whilst it doesnt show a complete record, is perhaps a good compromise.
It is also possible, with TomatoUSB, to use USB storage devices. I have a micro SD card as part of the mobile dongle. That has been formatted as an ext2 filesystem, because this hardware also suffers from write limitations and ext2 has no journalling, to use with the router firmware. It is on this device that files not needed for day to day router operation are kept. These include kplex source, tomatoware, entware and couple of large utilities. When tomatoware or entware programs are required, that directory can be mounted on /opt or wherever else it is required. The firmware takes care of mounting the filesystem as a whole.
Bandwidth Monitoring
As said above, its useful to keep track of data usage if only to verify the information recieved from your ISP. Enabling bandwidth logging and putting the log file into the jffs filesystem means that usage data survives reboots. By excluding the wireless device traffic from the logging I can ensure that the kplex NMEA traffic is not added to the internet data traffic. I have verified this by comparison with ISP records.VPN
I currently use the Astrill VPN service. Astrill provide an install script for Tomato and DD-WRT which adds an explicit menu item to Tomatos user interface. However, what this actually does, given the firmware filesystem is read only, is place a script into NVRAM which is executed at boot to download and install the Astrill menus and operating files. This only works if the router has a working internet connection at boot time, not guaranteed on board. It also uses some 2.5k of valuable NVRAM space with all the variables it sets up.It is also possible to obtain the VPN access certificates from Astrill, then configure the VPN access 'manually' storing the certificates, which are user unique, on the jffs filesystem. The downside is that its slightly more difficult to change end points but the advantages are that the VPN service is always there ready to use, start up of the service is far quicker than the cumbersome Astrill provided scripts and there is very little NVRAM used - the advantages far outweigh the disadvantage.
Utilities
WinSCP and putty, both invaluable. WinSCP to transfer files from Windows and make editing much easier on the router (I dont have to struggle with vi :)).All that said, I'm planning to try implementing OpenWRT instead of Tomato fairly soon. I think that might resolve, or provide the tools to resolve, the problems I'm seeing with conflicting serial devices.