Embarrassingly, I understand very little of that...however, it is working. The computer has internet, and everyone can see each other on the network. The only limitation is security. It only works with WPA and AES, no WPA2 or TKIP enabled on either router. I suppose my neck is exposed security wise?
WPA/AES-CCMP should be OK for most purposes. Honestly I'm not really sure what Tomato is doing for "Wireless bridge mode," a quick google didn't turn up an answer. It would be interesting to see some wireless frame captures from the setup. If it's doing some WDS 4-address mode, then that's great. If not, you may have some problems reaching some machines behind the client router. Sounds like "Wireless client mode" is running two different IP networks and routing at layer 3 between them (i.e. the network behind the client router would be on its own subnet compared from the AP network). This mode will work with any AP.
I never needed anyone to connect wirelessly to the second router. The signal from the main router, the Buffalo N600, is amazing, it covers the entire house. Actually, as I understood it, the second router would not even be offering wireless connectivity to devices in Wireless Bridge Mode.
Yes, this is something 'extra' that mesh could offer (if you wanted -- you can also just bridge the wireless traffic onto an ethernet LAN like you are doing, without running a second AP). Mesh also has some better encryption facilities built in. But, I'd say having an AP that supports mesh is highly unlikely unless you put openwrt on it yourself and the hardware is Atheros-based. -- Bob Copeland %% www.bobcopeland.com