Well, I took the plunge without clearing NVRAM and all seems fine
Glad to hear it :smile: Keep a NVRAM in mind, though, in case weird stuff starts to happen.
1. I deleted the WAN UP script I had from the roadkill mod, I assume this is unnecessary now (it seems to work fine without). Correct?
If you are using the GUI, then yes, you shouldn't need anything in any of the scripts.
2. My old firewall script "iptables -I INPUT 1 -p udp --dport 444 -j ACCEPT" - can I delete this also, is it dynamically created?
See above.
3. How can I add the option (I presume to client config, or can it be pushed?) to force ALL traffic from the client computer including normal internet traffic over the VPN?
I think this was answered in the post immediately before you're first in this exchange. In short, I've never done it, but you should look into the redirect-gateway OpenVPN directive for your Custom Config (or the client config, I'm not sure).
4. How can I force DNS requests from the client computer to be sent to the Internal Caching DNS Forwarder of the Tomato router?
Can't help you there. It may come along with the redirect-gateway, though. Once you're establishing a connection, there is nothing unique to the router setup. You may have more luck with these types of questions on the OpenVPN IRC channel.
5. Finally, I'm seeing this in the router's logs every minute or so....
...
Jan 27 03:25:34 Tomato daemon.notice openvpn[521]: Inactivity timeout (--ping-restart), restarting
...
Any idea what this means, is it normal?
It is normal in that several people are seeing it, but not normal in that it should be happening. It seems to have shown up after I upgraded the firmware from OpenVPN 2.1rc13 to 2.1rc15. I keep meaning to make a new release downgrading it back to 2.1rc13, but just know that as soon as I do, 2.1rc16 will come out and fix it...
On the plus side, it only seems to happen if the tunnel is inactive, and it reconnects automatically, so it should mostly go unnoticed aside from the log entries.
I am sick at the moment, but if a new OpenVPN version doesn't come out soon, I
will release a new version with a downgraded openvpn.