1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help setting up a VPN server on Tomato router

Discussion in 'Tomato Firmware' started by yolanda_123, Nov 2, 2013.

  1. yolanda_123

    yolanda_123 Reformed Router Member

    Hi. I've been struggling with setting up a VPN server on my WRT-GL for some time and have come here to ask for help. I want to be able to log in to the VPN from elsewhere and securely use my networked devices (printer, camera, computers, etc.). I was very excited to discover the OpenVPN capability of TomatoUSB but have not been able to get it working.

    First, I followed the instructions from here: http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/

    I'm using Ubuntu 13.04, but I was able to figure out how to create the keys following the windows directions pretty easily. All was going well, and the server fired up.

    On my client, the ubuntu network manager won't connect to the VPN when I type in the correct settings, even though I have the network-manager-openvpn installed and everything. Whatever, I'll just use openvpn from the command line. With this (using sudo), I'm able to get the connection to load up just fine.

    Code:
    Sat Nov  2 13:39:29 2013 [ntvpn-Server] Peer Connection Initiated with [AF_INET][redacted]:1194
    Sat Nov  2 13:39:31 2013 SENT CONTROL [ntvpn-Server]: 'PUSH_REQUEST' (status=1)
    Sat Nov  2 13:39:31 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
    Sat Nov  2 13:39:31 2013 OPTIONS IMPORT: timers and/or timeouts modified
    Sat Nov  2 13:39:31 2013 OPTIONS IMPORT: --ifconfig/up options modified
    Sat Nov  2 13:39:31 2013 OPTIONS IMPORT: route options modified
    Sat Nov  2 13:39:31 2013 ROUTE default_gateway=192.168.43.1
    Sat Nov  2 13:39:31 2013 TUN/TAP device tun0 opened
    Sat Nov  2 13:39:31 2013 TUN/TAP TX queue length set to 100
    Sat Nov  2 13:39:31 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Sat Nov  2 13:39:31 2013 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
    Sat Nov  2 13:39:31 2013 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.5
    Sat Nov  2 13:39:31 2013 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
    Sat Nov  2 13:39:31 2013 Initialization Sequence Completed
    
    In ifconfig, the TUN device shows as:
    Code:
    tun0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
      inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:11 overruns:0 frame:0
      TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100
      RX bytes:0 (0.0 B)  TX bytes:336 (336.0 B)
    
    Once that's done, I thought I'd be able to just ping the router (192.168.1.1) or any of my other peripheries. But nope, I cannot. No pinging, no connecting through the browser, nothing.

    I tried switching TUN to TAP to get a IP address right on the 192.168.1 subnet but that didn't work. If I turned off the DHCP option in the VPN server it did assign the client 192.168.1.50 but I still couldn't communicate with the router or anything. My ubuntu firewall is disabled.

    One thing I'm worried about is the default_gateway listed above. To test the client, I'm connecting to my phone via tethering, and so I'm already on a 192.168.43 subnet before I start trying to connect to 192.168.1.0 via the VPN.

    Am I doing anything else wrong? Seems SO close to working. Thanks in advance for any help or advice!

    Oh, and I'm running Tomato Firmware v1.28.8754 ND USB vpn3.6.

    My client config is:
    Code:
     remote [myIP] 1194
     client
     ns-cert-type server
     dev tun
     proto udp
     resolv-retry infinite
     nobind
     persist-key
     persist-tun
     float
     cipher AES-128-CBC
     ca ca.crt   
     cert ntXPS.crt
     key ntXPS.key
     verb 3
    [CODE]
     
    Last edited: Nov 2, 2013
  2. yolanda_123

    yolanda_123 Reformed Router Member

    Bump. anyone have ideas or suggestions?
     
  3. yolanda_123

    yolanda_123 Reformed Router Member

    With TAP it doesn't work either. It seems to connect from the command line but doesn't create a new tap0 device or anything in ifconfig.
     
    Last edited: Nov 24, 2013

Share This Page