Tomato Mod v1.19.1464 with OpenVPN/Tomato Mod v1.21.TEST-v5 with OpenVPN-GUI,SDMMC,IP/MAC

Hi
Any ideas how to detect if the VPN connection is established/active without parsing the log files?
Thanks

I forgot to mention - without pinging other side
This is not about 'if it works' (as it works perfectly, thank you). I wanted some front panel LED telling the link status, but it seems there is no straight way...

sorry for bothering
i have a wrt54g with 7.2.00 firmware i tried to upgrade to tomate but is giving me upgrade failed what do i do wrong
thanks for your help

there's the openvpn manager interface which is compiled into roadkills build. With it you can query the server about active connections.. so if you have a site to site connection, you could connect to the management interface and look if the cn that you use for the client router is connected.. if so the connection is up, if not the connection is down.
There's even a GUI software for the manager interface which allows you to disconnect users as well as see their stats (all also possible via the interface itself but it's not as convenient).

I've lost my Linksys

Hi

I have upgraded from dd-wrt to tomato 1.19 and I have lost the router IP. I expected the router to come back as 192.168.1.1 or similar but its not there.

I have done an nmap -sP 192.168.0.0/16 also and it still does not appear.

Does anyone have any suggestions?

SD Card with TomatoMod V1.19-Extended *TEST VERSION*

Hi all,

I'm trying to get tomato running on a WRT54GL V1.1 with my newly installed SD card. I followed instructions shown here to install my SD card. Since I couldn't get the card recognized by tomato, I followed instructions and I installed OpenWRT as mentionned in the article to try to debug my problem and I got it working perfectly with this OpenWRT version. What I'm I doing wrong with this tomato version?

Many thanks in advance.

I'm afraid I did not reset, cos various had comented that it shouldnt be necessary. But now I have no access to the router (WRT54GL). it seems to give a partial dhcp reply on its original IP but I have no Telnet/ssh/http response.

Tomato 1.21 and openvpn

Wow I managed to un-brick my WRT54GL with the tftp.exe utility...

Now for my next issue I need openvpn on the router with the AES-128-CBC cipher which 1.19 does not include.

So I reflashed with tomato version 1.21 hopeing that it would be included only to find that openvpn is not there :-( and thats my fault for not having checked properly.

The question is: is anyone close to including openvpn in 1.21 and if so is it likely to include the AES... cipher?

I am tired of dd-wrt issues and need to find a solution.

tia

The VPN build (Web GUI version) here is based off of 1.21. However, it does not support the AES cipher at the moment. I'll look into what it would take to add it.

EDIT: It looks like I'll just need to update the version of openssl from 0.9.6d to >= 0.9.7 and AES will be supported. Sometime in the near future I'll work on getting it included...

client-config-dir working in new version?

the openvpn mod is working great!

Will client specific configuration by means of client-config-dir be supported in the next version?

Anyone tried to bridge togehter 2 routers via vpntunnel with this build?
im trying with the openvpn gui build atm, and i cant get it to work

I'm still using the build based on tomato 1.11 but I've had not one but two site to site tunnels on the same router (separated by vlan) for months.
It took me a while to get there so I developed some best practices:
If you can't figure it out, start from scratch
Use a PC as client
Run the server process from the cli to that you have a real-time look at the logs

And of course.. make sure both machines have a matching time..

Is it normal that windows file sharing is slow through VPN ?
When I'm connected to my VPN, I can download/upload at 80kB/s (that's ok), but directory listing is really slow (something between 2 and 4 sec).
Is there a way to improve the speed ?
I use XP on both computers, and I tried with explorer and servant salamander, with a network drive, or with the IP address.

From here:

That's probably what you're seeing, and I've noticed similar. I'm not aware of a way to speed it up, though (besides using something besides CIFS, of course).

ok, thanks for the answer

Roadkill,

We cannot thank you enought for this mod so me thanks too!

Only one comment.. i've a wrt54gl and using sdmod since 1.14, working fine:

[INFO] mmc_hardware_init: initializing GPIOs
[INFO] mmc_card_init: the period of a 380KHz frequency lasts 568 CPU cycles
[INFO] mmc_card_init: powering card on. sending 80 CLK
[INFO] mmc_card_init: 80 CLK sent in 47532 CPU cycles
[INFO] mmc_card_init: resetting card (CMD0)
[INFO] mmc_card_init: doing initialization loop
[INFO] mmc_card_init: card inited successfully in 295 tries (9841204 CPU cycles).
[INFO] mmc_init: MMC/SD Card ID:
04 50 44 45 30 34 32 31 10 30 08 a0 26 00 5b c3 [INFO] Manufacturer ID : 04
[INFO] OEM/Application ID: PD
[INFO] Product name : E0421
[INFO] Product revision : 1.0
[INFO] Product SN : 3008a026
[INFO] Product Date : 2005-11
[INFO] mmc_card_config: size = 249856, hardsectsize = 512, sectors = 499712
[WARN] mmc_init: hd_sizes=249856, hd[0].nr_sects=499712
[INFO] mmc_card_init: set_blocklen (CMD16) succeeded !
Partition check:
mmca: p1

But with your latest test version, sd card cannot initialize.

thx roadkill, i will test it!

And another interesting thing. (looks like WAN dhcp setting have problems)

My main wrt54g uses latest stable Victek 1.21.. I've a wrt54gl too, which get Internet from the main wrt54g using lan connection and dhcp.

With your latest 1.21TEST5 fw, the wrt54gl just trying to get ip from dhcp, but nothing happens. The status page says Renewing always..
Then i change fw (1.21TEST5 -> Victek 1.21) and dhcp started to works fine!

Hi

This SD/MMC-Mod also seems not to work on my WRT54GL 1.1 with GPIO's 2,3,4 & 7-Mod. As I recognized, I'm not able to change the Module from "WRT54G up to v3.1" to "WRT54G/WRT54GL v4.0 and later" ... everytime I click on save, it jumps back to "WRT54G up to v3.1" ... I'm using FAT and Partition 1.

Also I have the error message "Error mounting MMC. Check the logs to see if they contain more details about this error." ... but they don't:

I also tried to change the GPIO-Mask via SSH, but:

I even didn't find any informations related to MMC with "dmesg" ... also not with "dmesg | grep mmc" or "dmesg | grep gpio" in the console.

I've flashed the router from "Tomato 1.21.1515" to your TomatoMod (Description in the About-Section: Tomato Firmware v1.21.0107) using the "tomato.trx" out of the archive (TomatoMod-1.21-TESTv5.7z) and did a "Erase all data in NVRAM memory (thorough)" before, and after the flashing.

Any ideas?

Patric

I'm reporting the same problem for SD/MMC. My card is working well with DD-WRT. I tried manually install the mmc module (insmod mmc-gpio2) but I get a segmentation fault.

OpenVPN road-warrior and Tomato DNS

I am trying configuration listed on page 80 for TCP road-warrior. But I am not able to query Tomato DNS.
Does someone has an idea how to make the road-warrior to read Tomato DNS?

SD/MMC

Do I need the SD/MMC hardware modification on my WRT54GL v1.1 to get the openvpn mod working?

No you did not to modify it. Just install Tomato Mod on it an you are in the game!

Great job on the OpenVPN build, roadkill.

I wanted to make a small request... Jon has already made the change on the main Tomato code base (081102_1-21-1554). I asked him to enable the "netcat" (nc) applet in busybox.

While I use OpenVPN every day to get from work into my home network, there are times when OpenVPN is overkill. For instance, sometimes, I just want to SSH to a box behind my router. A buddy from our local Linux User Group showed me a neat SSH trick. In my ~/.ssh/config file, I added an entry like this:

Code:

Host mypc-at-home
  Hostname mypc
  ProxyCommand ssh [email]root@myhome.com[/email] nc -w 1 %h %p 2>/dev/null

This allows me to ssh directly from work (or wherever) right in to a machine that is behind the router. All I have to do is say "ssh user@mypc-at-home", and netcat takes care of directing me to the right place. It's all ad-hoc, with no pre-planned port-forwarding required. SSH and SCP both work. And depending on whether or not I have exchanged SSH keys properly, I can get in by entering 0, 1 or 2 passwords.

It's a pretty cool setup.

I'm not sure how you handle the upstream changes. If you're getting changes from the main Tomato code base, we'll see it soon in the OpenVPN variant, too. Otherwise, could you make the same change?

Many thanks!

Alan

Any idea when your latest and greatest will be a final? Im a bit eager to get this going (my SD mod feels neglected). I might give it a go later today as it stands and see how the SD runs and then go back to stock tomato... depends on how badly I get the itch LOL

I would not say lazy.. do what I tell my wife.. Im time impared

OK, tried it on my 2.2 WRT54G and it said error mounting.... looked at dmesg and no mention of mmc at all. Where you want me to look and what do we need?

For the record I used: http://wiki.openwrt.org/OpenWrtDocs/Customizing/Hardware/MMC

Note @ 1/2 way down the page on the 2.2 hardware..

Quick question, how can I make sure my VPN server starts once my router is booted? My VPN server works well once I hit Start Now but when (if) my router reboots, the VPN server doesn't start.

add "service vpnserver1 start" in the init script, reboot and check if it ran through the log.

Thanks, I will try. I'm playing with another firmware right now, I'll give you some feedback once I reload roadkill's firmware.

Update:

Many thanks!!!

Got it working by adding in my init script:

sleep 10
service vpnserver1 start

Thanks for this great mod.

I'll give it a try another day.

RoadKill,

First off just wanted to say that I have been running TomatoMod 1.19.1464 successfully in a 20 user lan with 4 VPN users, QOS enabled with great success for the past ~2 months. Thanks again.
I noticed you have a Asus WL-500W running Kamikaze v7.09, is this the direction I should be heading as well? I have been unsuccessful at getting TomatoMod 1.19.1464 running on the WL-500G Premium v2 (and have had to fall back on that other firmware... for VPN support in spite of the inferior QOS implementation ).
TomatoMod will install and I get to the web interface, however the actual WAN doesn't work. (Yes I changed the nvram vlan setting to no avail) I checked the logs and some CPU specific modules appear to fail early in the boot. Has anyone gotten this device to work with TomatoMod?

-skyanvi1

roadkill,

do you planning to update busybox to BusyBox 1.12.2? And do you've and ideas about the MMC mount problems?

respect!

kiskakas

ntfs is not important I discovered, that tomato 1.22 is out, with the new busybox

Well.. let me know when we have another test run to check the thing and I'll give it a get go

VPN Tunning for 1.21.beta5

First of all, thanks for the great firmware mod. I have been tomato firmware mod since 1.16 version.

It seems there is a length limit impose on the server certificate field. I am using 1024 bits prime number to generate my server certificate, but it won't fit in the field. Tomato complains the length is too long (limited to 1360). I try to take out CR and the BEGIN CERTIFICATE and END CERTIFICATE markers. If that do that, it will fit, but syslog indicates loading error for the certificate because it was missing those BEGIN and END markers. Any idea what workaround I can use? Thanks in advance.

That's my fault. The VPN GUI code comes from my builds, and apparently set that limit too short. There is a test build in the VPN GUI that increases the limit, but that won't include the other features roadkill has included. You can get around the limit by telnet/sshing to the router and running (replacing server1 as appropriate)

Code:

nvram set vpn_server1_crt="<paste certificate here>"
nvram commit

Make sure you set up the rest of the VPN settings first, though, since any time you try to submit that form, it will complain about the length. It should be fixed in future releases.

SgtPepperKSU,

Thanks for the prompt reply. Is it possible to double the fields' size limit in the next release? I personally prefer 2048 bits to generate the certificate. I think for anyone out there who is as paranoid as me will love to have that too. And thanks for the quick tips/workaround. I am looking forward to your next version so I can do some more tests for you.

I'm actually considering removing the limit altogether, and just leave it up to the user to not put so much in there to fill up NVRAM.

Hi SgtPepperKSU,

I tried your suggestion, and I get a different error.

Code:

Nov 20 22:28:43 gateway user.warn kernel: nvram_commit(): init
Nov 20 22:28:44 gateway user.warn kernel: nvram_commit(): end
Nov 20 22:29:12 gateway daemon.notice openvpn[2296]: OpenVPN 2.1_rc13 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Oct 16 2008
Nov 20 22:29:12 gateway daemon.notice openvpn[2296]: Diffie-Hellman initialized with 1024 bit key
Nov 20 22:29:12 gateway daemon.err openvpn[2296]: Cannot load CA certificate file /etc/openvpn/server1-ca.crt path (null) (SSL_CTX_load_verify_locations) (OpenSSL)
Nov 20 22:29:12 gateway daemon.notice openvpn[2296]: Exiting

Greatly appreciated any help you can give. Thanks in advance.

Nevermind. Found the problem...

One suggestion for future/next version. Another option, in VPN Tunneling, to specify if openvpn should be restarted after the router reboot. Thanks in advance.

sdmmc feedback:

on wrt54gl v1.1, not working.

when i set the dropdown to wrt54g/wrt54gl v4 or later,ext2, partition 1 (working fine in 1.14 1291) and click save, it tells me some error occured and the dropdown is back on wrt54g up to 3.1, not saving my changes....

greetings

Sorry if this has been asked before, but this thread is really, really long... I've been thinking about setting up a VPN for remote access into my LAN. I'm currently using Victek's mod, which contains SpeedMod, TCP Vegas, and a few other enhancements. Are these features in this mod? If not, can they be added? I know a couple of features, such as IP/MAC limiter and ARP binding are in both this mod and Victek's.

Bug report

Hi,

Found a minor bug for Tomato 1.21 beta 5 with OpenVPN
NVRam Show

Steps
1) Login tomato via https
2) Click on NVRam Show

Result:
All link become http instead of https

If one set to allow web access only via https without http. Aforementioned steps will causes tomato to return page without actual nvram show contents, and all the font style become default.

@GhaladReam: the VPN mods have always been built upon the vanilla tomato.. meaning you only get stock tomato features plus VPN.
SgtPepperKSU has actually suggested that mod developers work towards a build system that would permit to build a firmware that contains all the features. I, too, hope that this will get done as I need VPN but some of the other features in other mods also interest me.

Hi!

I tried this 1.21 test version today.

DHCP for WAN is not working properly. It won't get IP address and the status stays "Renewing".

Also mmc/sd is not working. I am using WRT54GL and if i select "WRT54G/WRT54GL v4.0 and later" and press "Save" button it switches back to "WRT54G up to 3.1". This release also lacks some fs modules (ext2,ext3 etc).

# ls -la /lib/modules/2.4.20/kernel/fs/
drwxr-xr-x 2 1000 1000 85 Oct 16 2008 .
drwxr-xr-x 6 1000 1000 47 Oct 16 2008 ..
-rw-r--r-- 1 1000 1000 266692 Oct 16 2008 cifs.o
-rw-r--r-- 1 1000 1000 108688 Oct 16 2008 jffs2.o
-rw-r--r-- 1 1000 1000 39372 Oct 16 2008 mmc-buffalo.o
-rw-r--r-- 1 1000 1000 39164 Oct 16 2008 mmc-gpio2.o
-rw-r--r-- 1 1000 1000 39372 Oct 16 2008 mmc-gpio5.o
#

Right now i have switched back to v1.16.1374.

I think that this kind of feature would severely bloat the firmware. Generally, the kind of Web-based console you're talking about relies on java applets. SmoothWall v3.0 has this feature, if you want it, but of course you need a full blown PC to run that. There's not a whole lot of room in the NVRAM of most routers for this kind of bulk.

Just my 2¢.

BTW, happy to see that this mod is moving beyond Tomato 1.19! :biggrin:

Hello Roadkill,

is it possible to increase the length of the VPN client fields? (Invalid length. Please reduce the length to 1296 characters or less). Could you also add a field for the tls-auth key (HMAC signature), username and password?

I created the files manually and got:

My config.ovpn:

Router, Firmware:

Thanks.

I removed the length restrictions altogether in the last VPN GUI release, so if/when Roadkill incorporates that release, that won't be a problem anymore.

There has been a tls-auth key field for a few releases now, but I'm not sure what release roadkill has incorporated.

Assuming you're talking about the auth-user-pass directive (require clients to provide a password), I'll consider adding that capability.

AES is not yet supported since it is not supported by the OpenSSL version in the firmware. Work is being done to update OpenSSL, but has run into a couple of snags. Once OpenSSL is updated, VPN GUI will pick up the additional ciphers available automatically.

Thanks for the answer. I dont like to push you and Roadkill cause your doing a great job here but any idea when the firmware with the updated OpenSSL will be avail.?

Sorry, no ETA. However, I should be able to start looking into it again, so hopefully not too long (but no guarantees).

who can give me a ND version with VPN

I have download TomatoMod_ND_1.19.1464-OnlyEssentials.7z,but it can't work with VPN,who can give me a ND version with VPN? Thanks a lot!

Roadkill... Roadkill... Roadkill... Roadkill...

Just reading back a few pages and now realize just how much we sound like a broken record. But, thanks for your efforts and attention despite our constant whining.

Incidentally, what are the chances of your tweaking the SD portion to function like it does in DDWRT so we are default but can manually specify GPIO if needed rather than a drop down menu?

Hi, roadkill
Thanks for your great MOD.
How is the progress of Open Swan/Free Swan? Currently we already have 2 choice, while one is inconvenience (need to install dedicated client) and other is unsecure (faulty protocal). Then a IPsec VPN server would be the best?
Hope so and have a good day.

So is the branch pretty much dead?

If Roadkill is moving over to openWRT and SgtPeper is doing his thing.... have we seen then end of this development?

=(

is there any tomato mod with working sd/mmc support for gpio2 based mods?

Anybody want to help me? My client can't seem to get an IP address from the VPN connection and instead uses the same one it gets from its Internet connection. My server settings are defaulted with only the keys filled in. My client config is below:

client
dev tap
#dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name
proto udp
remote xxx.xxx.xxx.xxx 1194
route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory. This should be be different for each client.
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key" # This file should be kept secret
ns-cert-type server
cipher BF-CBC # Blowfish (default) encrytion
comp-lzo
verb 1

I use ifconfig to get an IP from the server:
ifconfig 192.168.1.200 255.255.255.0

Do you need to redirect the traffic from your client through the VPN tunnel ? that's why you use route ?

And a little advice, you should put your ca file, cert file and key file un the "config" directory, with your .ovpn file. This way, you won't have to specify the full path.

Well, basically I followed a windows tutorial and I'm trying to adapt it for use with my router instead of running the server on my computer 24/7.
Here's the tutorial: http://www.itsatechworld.com/2006/01/29/how-to-configure-openvpn/

if the Tomato Mod v1.21.TEST-v5 have snmp, it will be great!

do you think we still have enough space to add this feature?

Info about OpenVPN in Tomato.

Hi All I'm starting to use Tomato on my WRT54GL. The structure of the catalogs is different from standard Linux distributions. Is there a guide about Tomato Linux implementation which would describe:
- the used structure of catalogs?
- how to eventually install new software?
- how to add scripts at boot-up?

As far as I know the current Tomato version doesn't have OpenVPN built inside. Where from could I download the newest Tomato Mod with OpenVPN? Is there a guide about configuring&using OpenVPN under Tomato?

Any help will be greatly appreciated

well, for all the questions above, you can easily find it in this forum by search.
actually, this thread is about openvpn in tomato, you can download what you want in the first page of the thread.

Hi All !
I use TomatoMod 1.21 *TEST VERSION 5* for WRT54GL.
VPN multiclient OK !
My server setting in Init script and WanUp script.

How make Custom script in VPN tunneling menu?
How make the Amber LED on until VPN connection live ?

WAN DHCP doesn't work for me

Hi @all.

Setup:
wrt54gl (actually original tomato 1.19) <-- wds --> wrt54gl (already 1.21 vpn mod)

I'm trying to install 1.21 vpn mod (#1 post).

the router will not get any dhcp adress (renewing all the time).
if i check the log files, i'll the this:

Code:

Jan  1 01:00:12 ? daemon.info dnsmasq[89]: started, version 2.45 cachesize 150
Jan  1 01:00:12 ? daemon.info dnsmasq[89]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
Jan  1 01:00:12 ? daemon.info dnsmasq[89]: DHCP, IP range 192.168.66.100 -- 192.168.66.149, lease time 2d12h
Jan  1 01:00:12 ? daemon.warn dnsmasq[89]: failed to access /etc/resolv.dnsmasq: No such file or directory
Jan  1 01:00:12 ? daemon.info dnsmasq[89]: read /etc/hosts - 0 addresses
Jan  1 01:00:12 ? daemon.info dnsmasq[89]: read /etc/hosts.dnsmasq - 8 addresses

so: that means, there is no /etc/resolv.dnsmasq
i created it with touch and did a reboot.
the dhcp request is now working, but there is no dns avaliable

if i do the same with the original tomato (in this case 1.19) you can see:

Code:

Jan  1 01:07:43  daemon.info dnsmasq[421]: started, version 2.41 cachesize 150
Jan  1 01:07:43  daemon.info dnsmasq[421]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
Jan  1 01:07:43  daemon.info dnsmasq[421]: DHCP, IP range 192.168.66.100 -- 192.168.66.149, lease time 2d12h
Jan  1 01:07:43  daemon.warn dnsmasq[421]: no servers found in /etc/resolv.dnsmasq, will retry
Jan  1 01:07:43  daemon.info dnsmasq[421]: read /etc/hosts - 0 addresses
Jan  1 01:07:43  daemon.info dnsmasq[421]: read /etc/hosts.dnsmasq - 8 addresses
Jan  1 01:07:43  cron.notice crond[424]: crond 2.3.2 dillon, started, log level 9 
Jan  1 01:07:44  user.info init[1]: Linksys WRT54G/GS/GL
Jan  1 01:07:46  daemon.info dnsmasq[421]: exiting on receipt of SIGTERM
Jan  1 01:07:46  daemon.info dnsmasq[436]: started, version 2.41 cachesize 150
Jan  1 01:07:46  daemon.info dnsmasq[436]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
Jan  1 01:07:46  daemon.info dnsmasq[436]: DHCP, IP range 192.168.66.100 -- 192.168.66.149, lease time 2d12h
Jan  1 01:07:46  daemon.info dnsmasq[436]: reading /etc/resolv.dnsmasq
Jan  1 01:07:46  daemon.info dnsmasq[436]: using nameserver 195.202.128.2#53
Jan  1 01:07:46  daemon.info dnsmasq[436]: using nameserver 195.202.128.3#53
Jan  1 01:07:46  daemon.info dnsmasq[436]: using nameserver 62.40.128.2#53
Jan  1 01:07:46  daemon.info dnsmasq[436]: read /etc/hosts - 0 addresses
Jan  1 01:07:46  daemon.info dnsmasq[436]: read /etc/hosts.dnsmasq - 8 addresses
Jan 26 19:14:55  user.info kernel: vlan1: add 01:00:5e:00:00:09 mcast address to master interface
Jan 26 19:15:08  cron.warn crond[424]: time disparity of 20549887 minutes detected 
Jan 26 19:15:42  daemon.info dnsmasq[436]: DHCPDISCOVER(br0) 00:04:20:1a:2d:12 
Jan 26 19:15:42  daemon.info dnsmasq[436]: DHCPOFFER(br0) 192.168.66.100 00:04:20:1a:2d:12 
Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPDISCOVER(br0) 00:04:20:1a:2d:12 
Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPOFFER(br0) 192.168.66.100 00:04:20:1a:2d:12 
Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPREQUEST(br0) 192.168.66.100 00:04:20:1a:2d:12 
Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPACK(br0) 192.168.66.100 00:04:20:1a:2d:12 SCDuet

could it be, that there is a problem with the dns whithin another network?
cause the dns servers are
195.202.128.2
195.202.128.3
62.40.128.2

and my ip would be 81.217.134.*

do you have any idea?
thx in advance

So.. if this is dead can we get a final with the bugs out? I feel like I have been kicked in the gut

P.S. RK how ya like that SDMod?

THank you, thank you, thank you

what are the differences between 'Tomato Mod v1.21 TEST-v5 with OpenVPN-GUI,SDMCC,IP/MAC' by roadkill and 'VPN build with Web GUI' by SgtPepperKSU?

updating from 1.19.1464

is it a smooth process upgrading from 1.19.1464 to 1.21.TEST-v5? will i need to reconfigure/re-setup my vpn in any way?

No love for me with the mmc mounting. It would not mount my 4gb (sdhc) SD card that I had mounted with a SDHC build of tomato. Stated it had errors mounting. I understand this is an older build (october), but wanted to give you feedback in case it helps with your next version.

unknown user.info init[1]: notice: Error mounting MMC. Check the logs to see if they contain more details about this error.


I have a WRT54G-TM and I used the WRT54GS image since they are essentially the same (8mb flash, 32mb ram). Also tried the GL labeled firmware too just in case that was the issue. My 4GB sd is formatted as FAT32 and it opens fine in Windows.

I would get a reboot when I would try to install the driver manually with the command below.

insmod mmc-gpio2.o

Here are my pinouts if it helps

CS=7, CLK=3, DI=2, DO=4

EDIT: Tried a FAT formatted 512MB card to see if it would work (non-SDHC). Got the same error with it.

EDIT2: Here is a little more detail

Some info here...

http://www.linksysinfo.org/forums/showthread.php?t=59416&page=16

Hi boys,

form Open VPN provider I received such config

Code:

remote x.x.x.x 1296
proto udp
ca ca.crt
cert ovpn.crt
key ovpn.key
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
verb 4
mute 5
tun-mtu 1500
fragment  1300
mssfix 1450

it's ok from my laptop.
I have WRT54GL router with Tomato v1.19.1464

I add this script to init

Code:

insmod tun.o
sleep 5
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
./myvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
sleep 5

echo "
client
dev tap0
proto udp
remote x.x.x.x 1296
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
verb 4
mute 5
tun-mtu 1500
fragment  1300
mssfix 1450
" > /tmp/client.conf

echo "
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
" > /tmp/ca.crt

echo "
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
" > /tmp/client.key
chmod 600 /tmp/client.key

echo "
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
" > /tmp/client.crt

./myvpn --config client.conf
" > /tmp/client.crt

./myvpn --config client.conf

rule for Firewall seems correct

Code:

iptables -I INPUT 1 -p udp --dport 1296 -j ACCEPT

and have such log

Code:

Dec 31 16:00:07 unknown user.warn kernel: Checking for 'wait' instruction...  unavailable.
Dec 31 16:00:07 unknown user.warn kernel: POSIX conformance testing by UNIFIX
Dec 31 16:00:07 unknown user.warn kernel: PCI: no core
Dec 31 16:00:07 unknown user.warn kernel: PCI: Fixing up bus 0
Dec 31 16:00:07 unknown user.info kernel: Linux NET4.0 for Linux 2.4
Dec 31 16:00:07 unknown user.info kernel: Based upon Swansea University Computer Society NET3.039
Dec 31 16:00:07 unknown user.warn kernel: Initializing RT netlink socket
Dec 31 16:00:07 unknown user.warn kernel: Starting kswapd
Dec 31 16:00:07 unknown user.info kernel: devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
Dec 31 16:00:07 unknown user.info kernel: devfs: boot_options: 0x1
Dec 31 16:00:07 unknown user.info kernel: squashfs: version 3.0 (2006/03/15) Phillip Lougher
Dec 31 16:00:07 unknown user.warn kernel: pty: 256 Unix98 ptys configured
Dec 31 16:00:07 unknown user.info kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
Dec 31 16:00:07 unknown user.info kernel: ttyS00 at 0xb8000300 (irq = 3) is a 16550A
Dec 31 16:00:07 unknown user.info kernel: ttyS01 at 0xb8000400 (irq = 0) is a 16550A
Dec 31 16:00:07 unknown user.warn kernel: HDLC line discipline: version $Revision: 1.1.1.4 $, maxframe=4096
Dec 31 16:00:07 unknown user.info kernel: N_HDLC line discipline registered.
Dec 31 16:00:07 unknown user.info kernel: PPP generic driver version 2.4.2
Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x400000 for the chip at 0x0
Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x800000 for the chip at 0x0
Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0xc00000 for the chip at 0x0
Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1000000 for the chip at 0x0
Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1400000 for the chip at 0x0
Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1800000 for the chip at 0x0
Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1c00000 for the chip at 0x0
Dec 31 16:00:07 unknown user.notice kernel:  Amd/Fujitsu Extended Query Table v1.1 at 0x0040
Dec 31 16:00:07 unknown user.notice kernel: number of CFI chips: 1
Dec 31 16:00:07 unknown user.notice kernel: Flash device: 0x400000 at 0x1c000000
Dec 31 16:00:07 unknown user.notice kernel: Creating 5 MTD partitions on "Physically mapped flash":
Dec 31 16:00:07 unknown user.notice kernel: 0x00000000-0x00040000 : "pmon"
Dec 31 16:00:07 unknown user.notice kernel: 0x00040000-0x003f0000 : "linux"
Dec 31 16:00:07 unknown user.notice kernel: 0x000e270c-0x00340000 : "rootfs"
Dec 31 16:00:07 unknown user.notice kernel: 0x00340000-0x003f0000 : "jffs2"
Dec 31 16:00:07 unknown user.notice kernel: 0x003f0000-0x00400000 : "nvram"
Dec 31 16:00:07 unknown user.err kernel: sflash: found no supported devices
Dec 31 16:00:07 unknown user.info kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Dec 31 16:00:07 unknown user.info kernel: IP Protocols: ICMP, UDP, TCP, IGMP
Dec 31 16:00:07 unknown user.info kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
Dec 31 16:00:07 unknown user.info kernel: TCP: Hash tables configured (established 1024 bind 2048)
Dec 31 16:00:07 unknown user.info kernel: Linux IP multicast router 0.06 plus PIM-SM
Dec 31 16:00:07 unknown user.warn kernel: ip_conntrack version 2.1 (8092 buckets, 4096 max) - 368 bytes per conntrack
Dec 31 16:00:07 unknown user.warn kernel: ip_tables: (C) 2000-2002 Netfilter core team
Dec 31 16:00:07 unknown user.info kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Dec 31 16:00:07 unknown user.info kernel: NET4: Ethernet Bridge 008 for NET4.0
Dec 31 16:00:07 unknown user.alert kernel: 802.1Q VLAN Support v1.7 Ben Greear <greearb@candelatech.com>
Dec 31 16:00:07 unknown user.alert kernel: All bugs added by David S. Miller <davem@redhat.com>
Dec 31 16:00:07 unknown user.warn kernel: VFS: Mounted root (squashfs filesystem) readonly.
Dec 31 16:00:07 unknown user.info kernel: Mounted devfs on /dev
Dec 31 16:00:07 unknown user.info kernel: Freeing unused kernel memory: 64k freed
Dec 31 16:00:07 unknown user.warn kernel: Algorithmics/MIPS FPU Emulator v1.5
Dec 31 16:00:07 unknown user.warn kernel: ip_conntrack_pptp version 1.9 loaded
Dec 31 16:00:07 unknown user.warn kernel: ip_nat_pptp version 1.5 loaded
Dec 31 16:00:07 unknown user.warn kernel: ip_conntrack_rtsp v0.01 loading
Dec 31 16:00:07 unknown user.warn kernel: ip_nat_rtsp v0.01 loading
Dec 31 16:00:07 unknown user.warn kernel: eth0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.38.0
Dec 31 16:00:07 unknown user.warn kernel: eth1: Broadcom BCM4320 802.11 Wireless Controller 3.90.38.0
Dec 31 16:00:07 unknown user.warn kernel: tomato_ct.c [Jul  5 2008 15:21:00]
Dec 31 16:00:07 unknown user.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
Dec 31 16:00:07 unknown user.info kernel: vlan0: dev_set_promiscuity(master, 1)
Dec 31 16:00:07 unknown user.info kernel: device eth0 entered promiscuous mode
Dec 31 16:00:07 unknown user.info kernel: device vlan0 entered promiscuous mode
Dec 31 16:00:07 unknown user.info kernel: device eth1 entered promiscuous mode
Dec 31 16:00:07 unknown user.info kernel: br0: port 2(eth1) entering learning state
Dec 31 16:00:07 unknown user.info kernel: learning state
Dec 31 16:00:07 unknown user.warn kernel: vlan1: Setting MAC address to  00 22 6b 81 14 6a.
Dec 31 16:00:07 unknown user.info kernel: br0: port 2(eth1) entering forwarding state
Dec 31 16:00:07 unknown user.info kernel: br0: topology change detected, propagating
Dec 31 16:00:07 unknown user.info kernel: br0: port 1(vlan0) entering forwarding state
Dec 31 16:00:07 unknown user.info kernel: br0: topology change detected, propagating
Dec 31 16:00:07 unknown user.info kernel: vlan1: add 01:00:5e:00:00:01 mcast address to master interface
Dec 31 16:00:08 unknown cron.notice crond[95]: crond 2.3.2 dillon, started, log level 9 
Dec 31 16:00:08 unknown user.info init[1]: Tomato 1.19.1464
Dec 31 16:00:08 unknown user.info init[1]: Linksys WRT54G/GS/GL
Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: started, version 2.41 cachesize 150
Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
Dec 31 16:00:08 unknown daemon.warn dnsmasq[101]: failed to access /etc/resolv.dnsmasq: No such file or directory
Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: read /etc/hosts - 0 addresses
Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: read /etc/hosts.dnsmasq - 1 addresses
Dec 31 16:00:09 unknown daemon.info dnsmasq[101]: exiting on receipt of SIGTERM
Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: started, version 2.41 cachesize 150
Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: reading /etc/resolv.dnsmasq
Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: using nameserver 192.168.4.80#53
Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: read /etc/hosts - 0 addresses
Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: read /etc/hosts.dnsmasq - 1 addresses
Dec 31 16:00:12 unknown user.info kernel: device tap0 entered promiscuous mode
Dec 31 16:00:12 unknown user.info kernel: br0: port 3(tap0) entering learning state
Dec 31 16:00:12 unknown user.info kernel: br0: port 3(tap0) entering forwarding state
Dec 31 16:00:12 unknown user.info kernel: br0: topology change detected, propagating
Feb 28 12:00:20 unknown daemon.info dnsmasq[116]: exiting on receipt of SIGTERM
Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: started, version 2.41 cachesize 150
Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: reading /etc/resolv.dnsmasq
Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: using nameserver 192.168.4.80#53
Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: read /etc/hosts - 0 addresses
Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: read /etc/hosts.dnsmasq - 1 addresses
Feb 28 12:00:29 unknown cron.warn crond[95]: time disparity of 20597520 minutes detected 
 

IP is still my local IP.
What is the problem? I realy need this solution because gov block most of all traffic in our country
Thanks

The provided config specified

Code:

dev tun

, but you put

Code:

dev tap0

That will not work. You will need to use routed (tun) mode, not bridged (tap) mode.

ok,
what will be this way config for tun?

Code:

insmod tun.o
sleep 5
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
./myvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
sleep 5

???

config file seems like this

Code:

echo "
client
dev tun
proto udp
remote 74.217.58.4 1296
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
verb 4
mute 5
error openvpn-error.log
tun-mtu 1500
fragment  1300
mssfix 1450
" > /tmp/client.conf

thanks

Code:

insmod tun.o
sleep 5
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
./myvpn --mktun --dev tun0
ifconfig tun0 0.0.0.0 promisc up
sleep 5

Code:

echo "
client
dev tun0
proto udp
remote 74.217.58.4 1296
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
verb 4
mute 5
error openvpn-error.log
tun-mtu 1500
fragment  1300
mssfix 1450
" > /tmp/client.conf

Basically, just replacing tap0 with tun0. That and removing the brctl command.

thank you SgtPepperKSU :thumbup:

it's ok from router side now.

It can trace using VPN IP

traceroute google.com
1 10.8.3.49 198.46 228.88 209.04
2 (x.x.x.x) 198.88 203.40 200.44 -8.60
3 (x.x.x.x) 198.86 319.49 239.73 39.29
4 (x.x.x.x) 198.94 199.85 199.42 -40.31
5 sl-crs1-nyc-0-10-5-0.sprintlink.net (144.232.13.51) 199.54 199.82 199.65 0.23
6 sl-gw35-nyc-14-0-0.sprintlink.net (144.232.13.37) 198.41 219.84 206.05 6.40
7 sl-googl9-212975-0.sprintlink.net (144.223.74.126) 223.52 231.98 226.72 20.67
8 209.85.255.68 231.67 360.93 305.44 78.71
9 209.85.251.9 219.63 220.81 220.37 -85.07
10 72.14.232.215 220.29 222.29 221.42 1.05
11 209.85.253.137 223.34 233.82 229.55 8.13
12 yx-in-f100.google.com (74.125.45.100) 219.81 221.78 220.86 -8.69


but I can't use internet in laptop. I add VPN-provider DNSs to ethernet nic still no luck.

How now I can share this account from router to my laptop? :redface:

And really how can I add IP from (ehich I get from VPN-provider) router to my laptop for example(laptop 192.168.1.2/24 router 192.168.1.1/24)...mean something like DMZ

Search this forum for "redirect-gateway". You will need that directive in your client config to force all internet traffic over the VPN tunnel. I have never used this option, so I cannot speak to what parameters you should use.

To give your laptop unrestricted (all ports) access to the VPN tunnel, add the following firewall rules.

Code:

iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT

Hello,
I can connect my linksys to my sme openvpn-bridged mode vpn
It recieves the proper ip and connects no problem.
I checked the scripts in the router ssh and fired it up there and it connected.

The problem I am having is that when I am connected to the vpn the clients off of the router cannot connect to anything past the router.

This includes surfing(i have the pass all internet on) and anything else

I tried adding the firewall script to the router and that didnt help.

Code:

iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT

The vpn works great with clients connecting right to the server. I would like to get a router connected though for remote work locations.
Any suggestions?

Code:

iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o tun0 -j MASQUERADE

replacing 192.168.1.0/255.255.255.0 with your subnet/netmask.

If you were to use the VPN GUI build, this would all be done for you...

Hello,
I have the Lynksys wrt54GL and flashed it with the TomatoMod-1.21-TESTv5.

I wanted to use VPN as a client. But when i enter everything it tells me that the certification keys are too long.
I also tried it under Scripts -> Wan up, but it tells me "WAN UP scripts is too long"

Configuration looks like this

Code:

nsmod tun.o
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
./myvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
sleep 5

echo "
client
dev tun
proto udp
remote openvpn.ivacy.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ivacy-keys/ivacy-ca.crt
cert ivacy-keys/ivacy-client.crt
key ivacy-keys/ivacy-client.key
tls-auth ivacy-keys/ivacy-tls.key 1
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway
script-security 3
reneg-sec 0
" > /tmp/client.conf

echo "
-----BEGIN CERTIFICATE-----
*key* [B]***1494 characters***[/B]
-----END CERTIFICATE-----
" > /tmp/ca.crt

echo "
-----BEGIN RSA PRIVATE KEY-----
*key* [B]***1612 characters***[/B]
-----END RSA PRIVATE KEY-----
" > /tmp/client.key
chmod 600 /tmp/client.key

echo "
-----BEGIN CERTIFICATE-----
*key* [B]***1584 characters***[/B]
-----END CERTIFICATE-----
" > /tmp/client.crt

./myvpn --config client.conf

what can i do?
Thanks in advance!

You're placing your keys in /tmp, but telling OpenVPN that they are in /tmp/ivacy-keys/. You either need to remove "ivacy-keys" from the paths in your VPN config, or add it to the paths when you create the files.

-edit-
got it to work so far but now it says:

Code:

daemon.err openvpn[1124]: ERROR: could not read Auth username from stdin

where can add the username / pass ?
when i left out the auth-user-pass line i get this

Code:

Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Control Channel Authentication: using 'client1-static.key' as a OpenVPN static key file
Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: LZO compression initialized
Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mar 10 01:13:21 pandoras daemon.notice openvpn[1239]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 10 01:13:21 pandoras daemon.notice openvpn[1241]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Mar 10 01:13:21 pandoras daemon.notice openvpn[1241]: UDPv4 link local: [undef]
Mar 10 01:13:21 pandoras daemon.notice openvpn[1241]: UDPv4 link remote: 213.232.xxxx

but when i look up my ip in the web it still shows my real ip and not the 213.232.. one (which it does when i use the openvpn windows client)

In case some of you havnt figured out yet sgt pepper took over for roadkill and made the gui for the openvpn build. You can find his thread here, I would encourage you to check it out.
http://www.linksysinfo.org/forums/showthread.php?t=59416

change the cat to echo though.

hello boys

do anybody know (or use) how to start PPTP and then route all traffic + IP to LAN IP
like DMZ function but after PPTP connection

for example router have 192.168.1.1 will route all traffic and IP to 192.168.1.5

ready need such configuration asap
thanks to everybody

i tried this tutorial: http://www.linksysinfo.org/forums/showpost.php?p=302642&postcount=3

but when i want to save the tomato config i'll always get this error:
"WAN Up script is too long. Maximum allowed is 4096 bytes".

I copied my certificates into and changed nothing else.
Tried with Tomato Mod Version 1.19.

What did i wrong?

try to remove all unnecessary chars/lines, group commands into single line e.g.
cd /tmp;openvpn --mktun --dev tap0;brctl addif br0 tap0;ifconfig tap0 0.0.0.0 promisc up
use a text editor to measure no of characters but keep in ming that every new line adds extra char ...
If your router has USB port or SD mod put the script into a file on USB stick/SD card and execute once the device is mounted ....

Thanks for reply.
I use linksys WRT54G - no USB/HDD or SD Card support.
can i copy the files with telnet?
how to link the skript to files on the "internal" linksys storage ?

if you have no SD mod then I think the best for you is to stay with the WAN up script - just try to remove all unnecessary chars to make it as short as possible ...
If you are not able to make the script length less than 4k then you could try to enable jffs and then put it to the /jffs dir. Next you need to ensure its executed every time the router boots, for example put it to the WAN up script - actually I am not sure what is the Tomato boot sequence so it may happen that the jffs is enabled after the WAN interface is up - in that case you need to delay the initialization of the vpn

ok thx janosik47.
i got it - with cutting the spaces - to work. i mean saving the script.
next problem is the client.
ill get this errors: (changed my ip)

Code:

Wed May 13 14:15:36 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Wed May 13 14:15:36 2009 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Wed May 13 14:15:36 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 13 14:15:36 2009 LZO compression initialized
Wed May 13 14:15:36 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 13 14:15:36 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed May 13 14:15:36 2009 Local Options hash (VER=V4): 'd79ca330'
Wed May 13 14:15:36 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed May 13 14:15:36 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 13 14:15:36 2009 UDPv4 link local: [undef]
Wed May 13 14:15:36 2009 UDPv4 link remote: xx.xx.xx.xx:1194
Wed May 13 14:15:36 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed May 13 14:15:38 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed May 13 14:15:40 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

well not sure if I can help here
my understanding of the following lines

Wed May 13 14:15:36 2009 UDPv4 link local: [undef]
Wed May 13 14:15:36 2009 UDPv4 link remote: xx.xx.xx.xx:1194
Wed May 13 14:15:36 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed May 13 14:15:38 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

is that you use UDP protocol - try to change to TCP

udp should work or?
i changed the cutting areas a little bit, now it looks better (after reboot).
but again i dont get a connection:

Code:

Wed May 13 14:21:47 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Wed May 13 14:21:47 2009 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Wed May 13 14:21:47 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 13 14:21:47 2009 LZO compression initialized
Wed May 13 14:21:47 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 13 14:21:47 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed May 13 14:21:47 2009 Local Options hash (VER=V4): 'd79ca330'
Wed May 13 14:21:47 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed May 13 14:21:47 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed May 13 14:21:47 2009 UDPv4 link local: [undef]
Wed May 13 14:21:47 2009 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
Wed May 13 14:21:47 2009 TLS: Initial packet from 192.168.7.1:1194, sid=3469891a 7240b499
Wed May 13 14:21:48 2009 VERIFY OK: depth=1, /C=DE/ST=XXX/L=XXX/O=XXXX/CN=X7-Router/emailAddress=XXXXt@XXXXde
Wed May 13 14:21:48 2009 VERIFY OK: nsCertType=SERVER
Wed May 13 14:21:48 2009 VERIFY OK: depth=0, /C=DE/ST=NRW/O=XXXXX/CN=X7/emailAddress=XXXXXXXX

here the logfile on client stops and nothing happens after this.
does the vpnserver on my linksys tomato dont need the client certificates? only the root one?