OpenVPN on Tomato based router
Hi all. I get OpenVPN by StrongVPN to work on Tomato based Linksys WRT54GL and create this tutorial for you.
Tested on TomatoVPN ver. 1.27vpn3.6
Once you received files we are ready to go.
1) Login to router and set DNS servers under Basic -> Network
216.131.94.5 and 216.131.95.20 are StrongVPN DNS servers
!!! if you have New York server you should use this DNS 98.158.112.60 and 216.131.94.5
2) You set correct Time and Date under Basic -> Times
!! Its very important, other way OpenVPN will unable connect!!
recommend set UTC-08 Pacific Time due to most of servers use this time zone
3) Open your configuration files folder from greeting email. Find ovpnXXX.ovpn file and open by editor.
4) go to VPN Tunnelling -> Client
with Tomato you can have 2 configured clients. I start from Client 1
under Protocol set UDP (as in configuration file, if you have TCP you should choose it from list)
under Server Address/Port add Server and Port using configuration file as in example
5) Fill Keys tab with ca.crt, ovpnXXX.crt and ovpnXXX.key. See example
6) under Advanced tab ser Compression to Disabled
7) Set Connection retry to -1
8 ) under Custom Configuration we need input this
tls-auth ta.key 1
<tls-auth>
data from your ta.key file
</tls-auth>
fragment 1300
mssfix 1450
tun-mtu 1500
You can open ta.key file using editor and copy all lines. For this example it was like:
tls-auth ta.key 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----21a0726b99851f2475aef37ba693413c54f814cb2aaabe3d054b1ed5bc2fc35e8bbe7bc131ab3136a4339a045c2b4e31ca64cb2ba8384d7c62635c2b2f7d56ef7d116570934184fcc678eb3126c529bd98365c13e986e783922804aaf1cf897d5eff3f516cf74625f005a2147236869363787f4e9b190905afeb457dda627d4fc643dbad081291bf20459743b5765d559c33dc7f98ae16c1ec3f19b39db0ab83551cc1c996c8bb1c909c9cf944558628f17c7c62a59c4501d4a94987e2bae823c72f6ceb23c8ec535f5f40a4e6cc2eb2229ad85ee9fca70ae07344229fa55657b10c8e6ccbccdf8048a6a243024fef0a28ab2ca314df5ac970c61065d8aef5ad-----END OpenVPN Static key V1---</tls-auth>fragment 1300 mssfix 1450 tun-mtu 1500
9) Click Save to save all
10) Click Start Now to initiate connection
We are done !
12) Once connected you can check how its going under Status tab
One trick if you need auto start OpenVPN
Check option Start with WAN under VPN tunnelling -> Client and Basic tab
Troubleshooting
Go to Stauts -> Logs and click View All
You will have output with a lot of lines. Copy all of them and send to support person.
You can contact StrongVPN support at http://strongvpn.com/contacts.shtml
You can also use trace option under Tools -> Trace. Input any hostname(like google.com) and click Trace
Copy output and attach to previous results. Send all this to support person or paste in comments(I will check)
Find any errors or question? go ahead and start comment
There is no need to ask to disable fragment 1300, mssfix 1450 and tun-mtu 1500 from the server. Simply add these parameters before the line tls-auth ta.key 1, in client 1 -> Advanced -> Custom Configuration.
It did work for me.
Thanks Paulo, actually depends on firmware as I discover
Working on new tutorial now
Thanks. that worked like a charm thanks.
Speed wise I couldn’t find any VPN service that can be configured on the router that can match PureVPN L2TP. The bad thing is that I couldn’t configure LT2P on my two routers. I think I will end up setting a machine on my home network to work as a router that will run the L2TP connection.
Thanks again for the thorough tutorial.
you’re welcome
Very good tutorial.Thanks ! It works like a charm.
I guess I’m stupid for not knowing… Your tutorial starts off with “Once you received files we are ready to go.” And then, “3) Open your configuration files folder from greeting email. Find ovpnXXX.ovpn file”. What system did these files come from? What system is greeting me?
I looked at the site:
http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
However, it says to issue the command on my computer but I get the error:
openvpn –genkey –secret static.key
I suspect that is because I don’t have openvpn installed/running on my Mac. I was going to use Viscosity to connect. I have setup other VPNs with SharedKey but Viscosity doesn’t have a filed to enter a SharedKey. (It has the option, but no field as far as I could see.)
Can anyone tell me where I’m going wrong?
If I have to get a certificate from a CA, what kind of certificate do I apply for?
Rob
Hello Rob
this was example for StrongVPN service. You connect to OpenVPN configured server and receive config files from provider.
if you need own VPN server try google example
Its more a lot of easier than the DDWRT but the issue here is the speed.. Im not impressed of the speed.. but its a great job and nice post
After changing some settings with strongvpn (quick configuration for speed – tcp with compression), I could not start vpn anymore.
So, I decided to copy the nvram set ovpn_cfg=” from the ovpnXXX_ddwrt.sh file to my custom configuration on tomatovpn (just the portion between the quotation after nvram set openvpn and the quotation before nvram set ovpn_up). The only thing that I had to remove from custom configuration was the “dev tun”, because it wasn’t creating the correct routes on my router. Some configuration can be duplicated on both custom configuration and on the client configuration menus, like server, port, compression, etc. I cleared the keys section, as my keys were stored on my custom configuration. I didn’t test if it was ok to clear other configuration, but I think most of configurations that have a drop down menu must be configured, and server . After these tweaks, my vpn started working again.
For the people complaining about the speed issue, try modifying your configuration at strongvpn, I used the tcp+compression configuration, and my speed is almost 4 times the one that I got with udp+nocompression.
@Marco,
You are indeed a champion!! After struggling with the VPN issue for many hours I found this post. I did exactly as you mentioned. The only thing I had to alter was … remove txt after mss fix 1450
“script-security 2
up “/tmp/ovpn/up”
down “/tmp/ovpn/dn”…
before
Thank you once again. :p
Cheers -n 0Ne happy Aussie
Just adding some info that was incomplete on my previous post, I think server and port must be configured on the basic vpn client configuration menu.
Thanks for the tutorial. I am setting up an OpenVPN client connection for HMA!VPN on Tomato, and have been using this tutorial as a general guide (realizing it was written for StrongVPN). I did not see instructions for entering your username and password. My log file has “unknown user” errors in it which makes sense, since I didn’t enter any. Can you tell me where in the Tomato configuration I would enter my VPN username and password?
Thanks.
JK
email me at alexey at vpnblog.info and I will send you tips for login/pass
Hi James,
Did you ever get openvpn working on Tomato? I’m trying to do the same…I keep getting:
Jan 1 02:48:37 unknown daemon.notice openvpn[4499]: UDPv4 link remote: 64.64.131.118:1194
Jan 1 02:48:37 unknown daemon.err openvpn[4499]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sounds like you got a little further since you were seeing username/passwd errors.
Let me know if you have any thoughts.
Thank you,
Baher
First of all very thanks! I did it by the letter and got a connection but no internet access at all, I can’t even ping an address through the ping tool of Tomato. Any ideas?
Is there a way to disable the ‘nobind’ statement that Tomato generates into the config? I need to be able to specify a local outgoing port which is in-conflict with ‘nobind’.