1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help newb with GUI OpenVPN setup

Discussion in 'Tomato Firmware' started by geoffc, Mar 5, 2009.

  1. geoffc

    geoffc Addicted to LI Member

    Hi all,

    What I want to do is, when I bring up the VPN to tunnel all network traffic over the VPN connection to avoid snooping and blocking sites/apps.

    I've installed the v1.23vpn2.0006 firmware and can connect from my client. I have the following setup so far:

    On the router:

    Interface: TUN
    Proto: UDP
    Port: 1194
    Firewall: Auto
    Auth: Static Key
    Local/remote endpoint addresses: 10.99.88.1 10.99.88.101
    Encryption cipher: Default
    Compression: Enabled
    [no custom config]
    Static key: my 2048 bit OpenVPN static key

    On the client: Viscosity Version 1.0.3 on OS X 10.5.6 running OpenVPN 2.0.9

    [​IMG]
    [​IMG]
    [​IMG]
    [​IMG]

    I can connect, but can't do anything else. If I set the default route to 10.99.88.1 I get this in the connection log:

    Code:
    Wed Mar  4 21:59:22 2009: IMPORTANT: OpenVPN's default port number is now 1194
    Wed Mar  4 21:59:22 2009: LZO compression initialized
    Wed Mar  4 21:59:23 2009: gw 192.168.130.1
    Wed Mar  4 21:59:23 2009: TUN/TAP device /dev/tun0 opened
    Wed Mar  4 21:59:23 2009: UDPv4 link local: [undef]
    Wed Mar  4 21:59:23 2009: UDPv4 link remote: **redacted**:1194
    Wed Mar  4 21:59:40 2009: Peer Connection Initiated with **redacted**:1194
    Wed Mar  4 21:59:40 2009: Initialization Sequence Completed
    Any ideas to get me started? I'd like to force all DNS through the VPN as well (no leakage).
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    With how you have the router set up, you will need to have the equivalent of
    Code:
    ifconfig 10.88.99.101 10.88.99.1
    in the VPN config on the client (though, you may need to change the 10.88.99.101 to 10.88.99.2). I don't know your client, so I can't say how that is done. Perhaps something on the advanced tab?
     
  3. geoffc

    geoffc Addicted to LI Member

    OK, I changed the IPs on the router side to:

    [​IMG]
    Click for full size - Uploaded with plasq's Skitch

    I have the option to add routes, like this:

    [​IMG]
    Click for full size - Uploaded with plasq's Skitch

    Is that what you mean?

    Thanks!
     
  4. geoffc

    geoffc Addicted to LI Member

    Also, with that connection active, ifconfig shows:

    Code:
    tun0: flags=8850<POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    	open (pid 2910)
    
    Do I need to set the default gateway?
     
  5. geoffc

    geoffc Addicted to LI Member

  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    No, it's not just a matter of setting routes. We need to be able to tell the client side what IP to use on the tunnel (and what IP is on the other end of the tunnel). I just don't know how to accomplish that with your client software.

    This would be a lot simpler if you used TLS authentication. All of that information is pushed from server to client automatically in that case. If you don't have a reason to use static key authentication, could you generate and use TLS certs/keys?
     
  7. geoffc

    geoffc Addicted to LI Member

    I will try and generate the keys. I actually thought a static key would be simpler, but maybe not. I'll report back after I've done that.
     
  8. geoffc

    geoffc Addicted to LI Member

Share This Page