This may only apply to Asus RT-N16 and maybe there's already a proper fix somewhere... It is possible to have two servers running. For one client, we configured server1 as a tap server for the WAN with 2 other tomato routers as clients, and server 2 as a tun server for remote clients (who do not get access to the WAN, and since TAP is a pain to configure on Windows anyhow). Unfortunately, the settings do not configure properly for server2. Namely the server certificate is not saved, no matter how many times you enter it, and custom configuration is not saved. Consequently the openvpn.conf file doesn't get the cert server.crt line either. Here's a procedure that I thought I'd share in case it helps somebody else as a workaround. USB Flash drive is required (jffs seems to break the wan for me [no idea why]. I did look over the code, but not being very well versed with nvram settings or tomato source code itself, nothing jumped out at me... WHAT THIS DOES The server certificate is saved in /opt/openvpn/server2.crt (flash drive). The cru command gets added as a WAN script in the tomato gui sets a cron job to call the script /opt/openvpn/fix_server2.sh every minute. Once the script sees that openvpn is available, it changes the configuration, and starts openvpn server 2. Then it deletes the cron job so it shouldn't waste any further resources. If OpenVPN Server2 ever crashes, you will have to reboot the router. I'm about out of nvram, so saving that for other stuff instead of another cron job to monitor it. Administration -> Scripts -> Wan UP Add the following to the end: Code: #fix openvpn server2 cru a fixvpnserver2 "*/1 * * * * /opt/openvpn/fix_server2.sh" Open a ssh terminal to the router, and paste the following into the terminal. Code: mkdir /opt/openvpn cat > /opt/openvpn/fix_server2.sh <<DELIM #!/bin/sh #location: /opt/openvpn/fix_server2.sh #cron echo "*/1 * * * * /opt/openvpn/fix_server2.sh #fixvpn#" >> /tmp/var/spool/cron/crontabs/root #add to cron #add the next line to your wan startup script... minus the # # cru a fixvpnserver2 "*/1 * * * * /opt/openvpn/fix_server2.sh" #openvpn2 is busted. won't save server cert connection. #manually added via ssh, does not persist. Also server2 config.ovpn will #not show link to server cert. if [ -e /etc/openvpn/server2/config.ovpn ]; then #openvpn has started. let's set up server2 grep "cert server.crt" /etc/openvpn/server2/config.ovpn > /dev/null if [ $? -eq 0 ]; then echo "server2 openvpn settings have already been fixed." logger "[/opt/openvpn/fix_server2.sh] server2 openvpn settings have already been fixed." else echo "cert server.crt" >> /etc/openvpn/server2/config.ovpn #every tweak seems to remove server.crt as well. cp /opt/openvpn/server2.crt /etc/openvpn/server2/server.crt logger "[/opt/openvpn/fix_server2.sh] server2 openvpn settings have BEEN CORRECTED." echo "server2 openvpn settings have been CORRECTED." /etc/openvpn/vpnserver2 --cd /etc/openvpn/server2 --config config.ovpn #delete the cronjob. cru d fixvpnserver2 fi fi DELIM chmod 700 /opt/openvpn/fix_server2.sh Now you need to save the server certificate that was generated wherever you configure openvpn certs and keys. In a ssh session, paste your certificate into the following file (use i to get to insert mode, and right click in putty to paste): Code: vi /opt/openvpn/server2.crt Reboot your router. The VPN interface should be available after about 2 minutes.