1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Configure VPN Server on Tomato

Discussion in 'Tomato Firmware' started by shadowken, Jul 23, 2011.

  1. shadowken

    shadowken Networkin' Nut Member

    I configured the VPN server on Tomato and wasted my time to get connected , In fact It connects to the VPN Server but didn't obtain an ip address from VPN server don't know why i configured openvpn but didn't work for me here is the configurations of OpenVPN :

    route-delay 3
    remote Shadow 1194 udp
    client
    dev tun
    proto udp
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    float

    ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"

    cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Shadow_client.crt"

    key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Shadow_client.key"

    tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\Shadow.key"

    ns-cert-type server
    comp-lzo
    verb 3

    Tomato Router settings :

    VPN server Configuration>Basic >

    Interface Type : TUN
    Protocol : UDP
    Port : 1194
    Firewall : Automatic
    Authorization Mode : TLS
    Extra HMAC-authorization : Bi-directional
    VPN subnet/netmask : 10.10.0.0/255.255.255.0

    VPN Server Configuration>advanced :

    Poll Interval : 0
    Push LAN to Clients : Checked
    Direct clients to redirect internet traffic : Checked
    Respond to DNS : Unchecked
    Encryption cipher : Use default
    Compression : Adaptive
    TLS Renegotiation Time : -1
    Manage client-specific options : Unchecked
    Custom configurations : push "dhcp-option DNS 208.67.222.222"
    push "dhcp-option DNS 208.67.220.220"

    Keys are well configured also.

    I couldn't figure out what is missing or something wrong with settings , Need help plzzzzzzzzzz in this issue
    Thanks
     
  2. shadowken

    shadowken Networkin' Nut Member

    Well , after spending all this time trying to get this working it may this firmware Tomato Firmware v1.28.7477 MIPSR2-Toastman-RT-Beta K26 USB VPN-NOCAT
    the VPN server within doesn't work MAYBE !

    Now it's obtaining ip address with 255.255.255.252 subnet and without gateway , it seems something wrong with it .
    if anyone have a solution i would really appreciate , plzzzzzzz
     
  3. shadowken

    shadowken Networkin' Nut Member

    Which version of Toastman Tomato includes a working VPN Server ?
    Any recommendation plz
     
  4. shibby20

    shibby20 Network Guru Member

    did you look into LOGS after start openvpn? Any Errors?
     
  5. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The routing table from the client and server would be useful, too.
     
  6. shadowken

    shadowken Networkin' Nut Member

    @shibby
    I take a look on the OpenVPN LOG , didn't notice any error except route ADD 128.0.0.0 MASK 128.0.0.0 10.10.0.5 , and at the end of the log "Initialization Sequence Completed"
    do you recommend any further steps ?
     
  7. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Post the errors and the routing tables.
     
  8. shadowken

    shadowken Networkin' Nut Member

    Tue Jul 26 17:42:57 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
    Tue Jul 26 17:42:57 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Tue Jul 26 17:42:57 2011 Control Channel Authentication: using 'C:\Program Files\OpenVPN\Shadow.key' as a OpenVPN static key file
    Tue Jul 26 17:42:57 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue Jul 26 17:42:57 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue Jul 26 17:42:57 2011 LZO compression initialized
    Tue Jul 26 17:42:57 2011 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Tue Jul 26 17:42:57 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Tue Jul 26 17:42:57 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Tue Jul 26 17:42:57 2011 Local Options hash (VER=V4): '02af3434'
    Tue Jul 26 17:42:57 2011 Expected Remote Options hash (VER=V4): '3f08d474'
    Tue Jul 26 17:42:57 2011 UDPv4 link local: [undef]
    Tue Jul 26 17:42:57 2011 UDPv4 link remote: xx.xx.xx.xx:1194
    Tue Jul 26 17:42:58 2011 TLS: Initial packet from xx.xx.xx.xx:1194, sid=4a59a0b6 6235e31b
    Tue Jul 26 17:43:00 2011 VERIFY OK: depth=1, /C=JO/ST=JO/L=Amman/O=HomeVPN/CN=Shadow-CA
    Tue Jul 26 17:43:00 2011 VERIFY OK: nsCertType=SERVER
    Tue Jul 26 17:43:00 2011 VERIFY OK: depth=0, /C=JO/ST=JO/O=ShadowVPN/OU=VPN/CN=ShadowVPN
    Tue Jul 26 17:43:05 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Tue Jul 26 17:43:05 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue Jul 26 17:43:05 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Tue Jul 26 17:43:05 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue Jul 26 17:43:05 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Tue Jul 26 17:43:05 2011 [Shadow] Peer Connection Initiated with xx.xx.xx.xx:1194
    Tue Jul 26 17:43:07 2011 SENT CONTROL [Shadow]: 'PUSH_REQUEST' (status=1)
    Tue Jul 26 17:43:08 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,route 10.10.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.10.0.6 10.10.0.5'
    Tue Jul 26 17:43:08 2011 OPTIONS IMPORT: timers and/or timeouts modified
    Tue Jul 26 17:43:08 2011 OPTIONS IMPORT: --ifconfig/up options modified
    Tue Jul 26 17:43:08 2011 OPTIONS IMPORT: route options modified
    Tue Jul 26 17:43:08 2011 ROUTE default_gateway=192.168.40.1
    Tue Jul 26 17:43:08 2011 CreateFile failed on TAP device: \\.\Global\{52694C8A-4228-4E11-8422-A1CD27F6B351}.tap
    Tue Jul 26 17:43:08 2011 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{9426B06B-3A11-49CF-8E18-08343264C0F4}.tap
    Tue Jul 26 17:43:08 2011 TAP-Win32 Driver Version 9.6
    Tue Jul 26 17:43:08 2011 TAP-Win32 MTU=1500
    Tue Jul 26 17:43:08 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.0.6/255.255.255.252 on interface {9426B06B-3A11-49CF-8E18-08343264C0F4} [DHCP-serv: 10.10.0.5, lease-time: 31536000]
    Tue Jul 26 17:43:08 2011 Successful ARP Flush on interface [25] {9426B06B-3A11-49CF-8E18-08343264C0F4}
    Tue Jul 26 17:43:11 2011 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
    Tue Jul 26 17:43:11 2011 C:\WINDOWS\system32\route.exe ADD xx.xx.xx.xx MASK 255.255.255.255 10.10.0.1
    Tue Jul 26 17:43:11 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Tue Jul 26 17:43:11 2011 Route addition via IPAPI succeeded [adaptive]
    Tue Jul 26 17:43:11 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.10.0.5
    Tue Jul 26 17:43:11 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Tue Jul 26 17:43:11 2011 Route addition via IPAPI succeeded [adaptive]
    Tue Jul 26 17:43:11 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.10.0.5
    Tue Jul 26 17:43:11 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Tue Jul 26 17:43:11 2011 Route addition via IPAPI succeeded [adaptive]
    Tue Jul 26 17:43:11 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.10.0.5
    Tue Jul 26 17:43:11 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Tue Jul 26 17:43:11 2011 Route addition via IPAPI succeeded [adaptive]
    Tue Jul 26 17:43:11 2011 C:\WINDOWS\system32\route.exe ADD 10.10.0.1 MASK 255.255.255.255 10.10.0.5
    Tue Jul 26 17:43:11 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Tue Jul 26 17:43:11 2011 Route addition via IPAPI succeeded [adaptive]
    Tue Jul 26 17:43:11 2011 Initialization Sequence Completed
     
  9. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Okay, no problems in the logs. Now the routing tables?
     

Share This Page