1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

connect to tomato vpn: channel all internet data through vpn

Discussion in 'Tomato Firmware' started by vinhdizzo, Oct 5, 2011.

  1. vinhdizzo

    vinhdizzo Networkin' Nut Member

    Hi,

    I set up OpenVPN on my Tomato as outlined here (ignore the last section as it is not true). When connected to the VPN (say, using my laptop at a remote location), I can access devices on my network. However, if I check my laptop's ip, it does not show the my router's public ip.

    What would I need to do in order to channel all my internet connections through the VPN? That is, encrypt all of my data transfers to to the vpn when I'm on a remote, public network? I tried the method in the last section of my post, but it did not work (as a matter of fact, I could not connect to the internet on my laptop after connecting to vpn).

    Please advise, thanks!
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    When you say you couldn't connect to the Internet, did you try using IP addresses or just DNS names? It could be that the DNS server your client is configured to use isn't available from your server. If that's the case, the server can be configured to push itself as the DNS server for your clients.
     
  3. vinhdizzo

    vinhdizzo Networkin' Nut Member

    You are indeed correct. It was a DNS issue. I was able to connect connect to other web servers via their ip address. Also, "my" ip address with VPN is indeed that of my home server.

    Now, how exactly do I get DNS working? I checked "Respond to DNS" and "Advertise DNS to Clients" but that didn't do anything. Thanks!
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    What operating system is your client? If it's Windows, that should be enough (while connected, see what the current DNS server is with ipconfig /all).

    Alternatively, you can just have your laptop configured to use a public DNS server that's also available through the tunnel (eg, 8.8.8.8 for google public dns) and not worry about pushing anything DNS-related from the server.
     
  5. vinhdizzo

    vinhdizzo Networkin' Nut Member

    I am using Ubuntu 11.04. I will give this a try later tonight.

    Is there no way to set up the DNS for OpenVPN on the router? I pay for HideMyAss VPN service (OpenVPN), and I do not have this DNS issue. Thanks.
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    For non-windows operating systems, you have to do more work to accept the DNS options from the server.

    I'm not near any of my Linux computers at the moment, but I think you need to add the following to your client config file:
    Code:
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
    I'm not sure what you mean by "DNS for OpenVPN". Do you mean telling the clients to use the server-pushed DNS server when connected? If so, the "Respond to DNS" and "Advertise DNS to Clients" check boxes should do it.

    Is your server router configured to act as a DNS server (it needs to be for the DNS options in the GUI to work)?
     
  7. vinhdizzo

    vinhdizzo Networkin' Nut Member

    Thank you for your help. Using your comments and reading this post, I resolved the DNS issue by adding the following to my client config file

    Code:
    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
    
    and added
    Code:
    push "dhcp-option DNS 8.8.8.8"
    
    to the "custom configuration" field under the "Advance" tab of the VPN server page on Tomato.
     
  8. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    FYI: I entered a wishlist item to add the capability of pushing a custom DNS server to the GUI. I think it would be nice if the GUI allowed you to push a DNS server of a) the router itself (this is how the option currently works), b) the router's configured DNS server, or c) a custom server (this option would have covered your need on the server).

    Out of curiousity, do you have your server router either a) not set up to be a DNS caching server or b) don't have a DNS server configured for the router to use? Either one of those would have caused using the current "Advertise DNS to clients" option to not work.
     
  9. vinhdizzo

    vinhdizzo Networkin' Nut Member

    Not sure if I have DNS caching or not. How do I check? I did set up my router to access the opendns server according to these instructions. Could this be the problem?
     
  10. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    In Advanced->DHCP/DNS (in the overall menus, not VPN), is "Use internal DNS" checked?
     
  11. vinhdizzo

    vinhdizzo Networkin' Nut Member

    Yes, I do have this checked. Is this the culprit?
     
  12. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    No, it needs to be checked for it to work.

    It sounds like you're up and running, though. Unless you're wanting to dig in deeper to see why pushing the 8.8.8.8 DNS directive was necessary, you're probably good to go.
     

Share This Page