1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Mod v1.19.1464 with OpenVPN/Tomato Mod v1.21.TEST-v5 with OpenVPN-GUI,SDMMC,IP/MAC

Discussion in 'Tomato Firmware' started by roadkill, Jun 4, 2007.

  1. prudy

    prudy Addicted to LI Member

    Hi
    Any ideas how to detect if the VPN connection is established/active without parsing the log files?
    Thanks
     
  2. roadkill

    roadkill Super Moderator Staff Member Member

    ping the other side... ;)
     
  3. prudy

    prudy Addicted to LI Member

    I forgot to mention - without pinging other side :)
    This is not about 'if it works' (as it works perfectly, thank you). I wanted some front panel LED telling the link status, but it seems there is no straight way...
     
  4. yiannistamv

    yiannistamv Guest

    sorry for bothering
    i have a WRT54G with 7.2.00 firmware i tried to upgrade to tomate but is giving me upgrade failed what do i do wrong
    thanks for your help
     
  5. humba

    humba Network Guru Member

    there's the openvpn manager interface which is compiled into roadkills build. With it you can query the server about active connections.. so if you have a site to site connection, you could connect to the management interface and look if the cn that you use for the client router is connected.. if so the connection is up, if not the connection is down.
    There's even a GUI software for the manager interface which allows you to disconnect users as well as see their stats (all also possible via the interface itself but it's not as convenient).
     
  6. MPCleverdon

    MPCleverdon Addicted to LI Member

    I've lost my Linksys

    Hi

    I have upgraded from dd-wrt to tomato 1.19 and I have lost the router IP. I expected the router to come back as 192.168.1.1 or similar but its not there.

    I have done an nmap -sP 192.168.0.0/16 also and it still does not appear.

    Does anyone have any suggestions?
     
  7. roadkill

    roadkill Super Moderator Staff Member Member

    did you reset nvram?
     
  8. MrSVT

    MrSVT LI Guru Member

    SD Card with TomatoMod V1.19-Extended *TEST VERSION*

    Hi all,

    I'm trying to get tomato running on a WRT54GL V1.1 with my newly installed SD card. I followed instructions shown here to install my SD card. Since I couldn't get the card recognized by tomato, I followed instructions and I installed OpenWRT as mentionned in the article to try to debug my problem and I got it working perfectly with this OpenWRT version. What I'm I doing wrong with this tomato version?

    Many thanks in advance.
     
  9. roadkill

    roadkill Super Moderator Staff Member Member

    Please do not open any more threads regarding the TEST version.
    that version is incomplete and will be soon be replaced with a newer build (currently 1.21)
    if you would like to help and test the newer build please PM me with your e-mail and pinouts which you used to connect the card to the WRT.
    Thanks,
    RK
     
  10. MPCleverdon

    MPCleverdon Addicted to LI Member

    I'm afraid I did not reset, cos various had comented that it shouldnt be necessary. But now I have no access to the router (WRT54GL). it seems to give a partial dhcp reply on its original IP but I have no Telnet/ssh/http response.
     
  11. MPCleverdon

    MPCleverdon Addicted to LI Member

    Tomato 1.21 and openvpn

    Wow I managed to un-brick my WRT54GL with the tftp.exe utility...

    Now for my next issue I need openvpn on the router with the AES-128-CBC cipher which 1.19 does not include.

    So I reflashed with tomato version 1.21 hopeing that it would be included only to find that openvpn is not there :-( and thats my fault for not having checked properly.

    The question is: is anyone close to including openvpn in 1.21 and if so is it likely to include the AES... cipher?

    I am tired of dd-wrt issues and need to find a solution.

    tia
     
  12. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The VPN build (Web GUI version) here is based off of 1.21. However, it does not support the AES cipher at the moment. I'll look into what it would take to add it.

    EDIT: It looks like I'll just need to update the version of openssl from 0.9.6d to >= 0.9.7 and AES will be supported. Sometime in the near future I'll work on getting it included...
     
  13. bladecgn

    bladecgn LI Guru Member

    client-config-dir working in new version?

    the openvpn mod is working great!

    Will client specific configuration by means of client-config-dir be supported in the next version?
     
  14. diggyz

    diggyz Addicted to LI Member

    Anyone tried to bridge togehter 2 routers via vpntunnel with this build?
    im trying with the openvpn gui build atm, and i cant get it to work
     
  15. humba

    humba Network Guru Member

    I'm still using the build based on tomato 1.11 but I've had not one but two site to site tunnels on the same router (separated by vlan) for months.
    It took me a while to get there so I developed some best practices:
    If you can't figure it out, start from scratch
    Use a PC as client
    Run the server process from the cli to that you have a real-time look at the logs

    And of course.. make sure both machines have a matching time..
     
  16. srouquette

    srouquette Network Guru Member

    Is it normal that windows file sharing is slow through VPN ?
    When I'm connected to my VPN, I can download/upload at 80kB/s (that's ok), but directory listing is really slow (something between 2 and 4 sec).
    Is there a way to improve the speed ?
    I use XP on both computers, and I tried with explorer and servant salamander, with a network drive, or with the IP address.
     
  17. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    From here:
    That's probably what you're seeing, and I've noticed similar. I'm not aware of a way to speed it up, though (besides using something besides CIFS, of course).
     
  18. srouquette

    srouquette Network Guru Member

    ok, thanks for the answer :)
     
  19. kiskakas

    kiskakas Network Guru Member

    Roadkill,

    We cannot thank you enought for this mod :) so me thanks too! :)

    Only one comment.. i've a WRT54GL and using sdmod since 1.14, working fine:

    [INFO] mmc_hardware_init: initializing GPIOs
    [INFO] mmc_card_init: the period of a 380KHz frequency lasts 568 CPU cycles
    [INFO] mmc_card_init: powering card on. sending 80 CLK
    [INFO] mmc_card_init: 80 CLK sent in 47532 CPU cycles
    [INFO] mmc_card_init: resetting card (CMD0)
    [INFO] mmc_card_init: doing initialization loop
    [INFO] mmc_card_init: card inited successfully in 295 tries (9841204 CPU cycles).
    [INFO] mmc_init: MMC/SD Card ID:
    04 50 44 45 30 34 32 31 10 30 08 a0 26 00 5b c3 [INFO] Manufacturer ID : 04
    [INFO] OEM/Application ID: PD
    [INFO] Product name : E0421
    [INFO] Product revision : 1.0
    [INFO] Product SN : 3008a026
    [INFO] Product Date : 2005-11
    [INFO] mmc_card_config: size = 249856, hardsectsize = 512, sectors = 499712
    [WARN] mmc_init: hd_sizes=249856, hd[0].nr_sects=499712
    [INFO] mmc_card_init: set_blocklen (CMD16) succeeded !
    Partition check:
    mmca: p1

    But with your latest test version, sd card cannot initialize.
     
  20. roadkill

    roadkill Super Moderator Staff Member Member


    please check your module type
    http://wiki.openwrt.org/OpenWrtDocs/Customizing/Hardware/MMC
    GPIO2, GPIO5
    and post logs please since I can't test it myself (don't have a mmc mod yet)...
    I will do the mmc mod and finish the 1.21 version..
     
  21. kiskakas

    kiskakas Network Guru Member

    thx roadkill, i will test it!

    And another interesting thing. (looks like WAN dhcp setting have problems)

    My main WRT54G uses latest stable Victek 1.21.. I've a WRT54GL too, which get Internet from the main WRT54G using lan connection and dhcp.

    With your latest 1.21TEST5 fw, the WRT54GL just trying to get ip from dhcp, but nothing happens. The status page says Renewing always..
    Then i change fw (1.21TEST5 -> Victek 1.21) and dhcp started to works fine!
     
  22. Seraphin

    Seraphin LI Guru Member

    Hi

    This SD/MMC-Mod also seems not to work on my WRT54GL 1.1 with GPIO's 2,3,4 & 7-Mod. As I recognized, I'm not able to change the Module from "WRT54G up to v3.1" to "WRT54G/WRT54GL v4.0 and later" ... everytime I click on save, it jumps back to "WRT54G up to v3.1" ... I'm using FAT and Partition 1.

    Also I have the error message "Error mounting MMC. Check the logs to see if they contain more details about this error." ... but they don't:

    I also tried to change the GPIO-Mask via SSH, but:

    I even didn't find any informations related to MMC with "dmesg" ... also not with "dmesg | grep mmc" or "dmesg | grep gpio" in the console.

    I've flashed the router from "Tomato 1.21.1515" to your TomatoMod (Description in the About-Section: Tomato Firmware v1.21.0107) using the "tomato.trx" out of the archive (TomatoMod-1.21-TESTv5.7z) and did a "Erase all data in NVRAM memory (thorough)" before, and after the flashing.

    Any ideas?

    Patric
     
  23. MrSVT

    MrSVT LI Guru Member

    I'm reporting the same problem for SD/MMC. My card is working well with DD-WRT. I tried manually install the mmc module (insmod mmc-gpio2) but I get a segmentation fault.
     
  24. yyovkov

    yyovkov Addicted to LI Member

    OpenVPN road-warrior and Tomato DNS

    I am trying configuration listed on page 80 for TCP road-warrior. But I am not able to query Tomato DNS.
    Does someone has an idea how to make the road-warrior to read Tomato DNS?
     
  25. horstvoll

    horstvoll Guest

    SD/MMC

    Do I need the SD/MMC hardware modification on my WRT54GL v1.1 to get the openvpn mod working?
     
  26. yyovkov

    yyovkov Addicted to LI Member

    No you did not to modify it. Just install Tomato Mod on it an you are in the game!
     
  27. analemma

    analemma Guest

    Great job on the OpenVPN build, roadkill.

    I wanted to make a small request... Jon has already made the change on the main Tomato code base (081102_1-21-1554). I asked him to enable the "netcat" (nc) applet in busybox.

    While I use OpenVPN every day to get from work into my home network, there are times when OpenVPN is overkill. For instance, sometimes, I just want to SSH to a box behind my router. A buddy from our local Linux User Group showed me a neat SSH trick. In my ~/.ssh/config file, I added an entry like this:

    Code:
    Host mypc-at-home
      Hostname mypc
      ProxyCommand ssh [email]root@myhome.com[/email] nc -w 1 %h %p 2>/dev/null
    This allows me to ssh directly from work (or wherever) right in to a machine that is behind the router. All I have to do is say "ssh user@mypc-at-home", and netcat takes care of directing me to the right place. It's all ad-hoc, with no pre-planned port-forwarding required. SSH and SCP both work. And depending on whether or not I have exchanged SSH keys properly, I can get in by entering 0, 1 or 2 passwords.

    It's a pretty cool setup.

    I'm not sure how you handle the upstream changes. If you're getting changes from the main Tomato code base, we'll see it soon in the OpenVPN variant, too. Otherwise, could you make the same change?

    Many thanks!

    Alan
     
  28. HarshReality

    HarshReality Network Guru Member

    Any idea when your latest and greatest will be a final? Im a bit eager to get this going (my SD mod feels neglected). I might give it a go later today as it stands and see how the SD runs and then go back to stock tomato... depends on how badly I get the itch LOL
     
  29. roadkill

    roadkill Super Moderator Staff Member Member

    I think I'll make some changes to make ipkg work with mmc...
    and no I don't have a date.. I need to do the SD mod myself and I'm a lazy bastard... ;)
     
  30. HarshReality

    HarshReality Network Guru Member

    I would not say lazy.. do what I tell my wife.. Im time impared
     
  31. HarshReality

    HarshReality Network Guru Member

  32. MrSVT

    MrSVT LI Guru Member

    Quick question, how can I make sure my VPN server starts once my router is booted? My VPN server works well once I hit Start Now but when (if) my router reboots, the VPN server doesn't start.
     
  33. peyton

    peyton LI Guru Member

    add "service vpnserver1 start" in the init script, reboot and check if it ran through the log.
     
  34. MrSVT

    MrSVT LI Guru Member

    Thanks, I will try. I'm playing with another firmware right now, I'll give you some feedback once I reload roadkill's firmware.

    Update:

    Many thanks!!!

    Got it working by adding in my init script:

    sleep 10
    service vpnserver1 start
     
  35. myeyre

    myeyre Addicted to LI Member

    Thanks for this great mod.

    I'll give it a try another day.
     
  36. skyanvi1

    skyanvi1 Addicted to LI Member

    RoadKill,

    First off just wanted to say that I have been running TomatoMod 1.19.1464 successfully in a 20 user lan with 4 VPN users, QOS enabled with great success for the past ~2 months. Thanks again.
    I noticed you have a Asus WL-500W running Kamikaze v7.09, is this the direction I should be heading as well? I have been unsuccessful at getting TomatoMod 1.19.1464 running on the WL-500G Premium v2 (and have had to fall back on that other firmware... for VPN support in spite of the inferior QOS implementation ).
    TomatoMod will install and I get to the web interface, however the actual WAN doesn't work. (Yes I changed the nvram vlan setting to no avail) I checked the logs and some CPU specific modules appear to fail early in the boot. Has anyone gotten this device to work with TomatoMod?

    -skyanvi1
     
  37. roadkill

    roadkill Super Moderator Staff Member Member

    Yes I think you should consider moving to Kamikaze..
    Tomato has better QOS implementation but it still depends on one developer and it looks like he hasn't got a lot of free time these days...
    as for hardware support I can't really do anything about it..
    -RK
     
  38. kiskakas

    kiskakas Network Guru Member

    roadkill,

    do you planning to update busybox to BusyBox 1.12.2? And do you've and ideas about the MMC mount problems? :)

    respect!

    kiskakas
     
  39. roadkill

    roadkill Super Moderator Staff Member Member

    yes I do and I'll make the mmc mod so I could better test the mmc
    anyway mmc should mount only vfat,ext2/3
    ntfs is problematic...
     
  40. kiskakas

    kiskakas Network Guru Member

    ntfs is not important :) I discovered, that tomato 1.22 is out, with the new busybox :)
     
  41. HarshReality

    HarshReality Network Guru Member

    Well.. let me know when we have another test run to check the thing and I'll give it a get go ;)
     
  42. gn3t00r

    gn3t00r Addicted to LI Member

    VPN Tunning for 1.21.beta5

    First of all, thanks for the great firmware mod. I have been tomato firmware mod since 1.16 version.

    It seems there is a length limit impose on the server certificate field. I am using 1024 bits prime number to generate my server certificate, but it won't fit in the field. Tomato complains the length is too long (limited to 1360). I try to take out CR and the BEGIN CERTIFICATE and END CERTIFICATE markers. If that do that, it will fit, but syslog indicates loading error for the certificate because it was missing those BEGIN and END markers. Any idea what workaround I can use? Thanks in advance.
     
  43. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    That's my fault. The VPN GUI code comes from my builds, and apparently set that limit too short. There is a test build in the VPN GUI that increases the limit, but that won't include the other features roadkill has included. You can get around the limit by telnet/sshing to the router and running (replacing server1 as appropriate)
    Code:
    nvram set vpn_server1_crt="<paste certificate here>"
    nvram commit
    Make sure you set up the rest of the VPN settings first, though, since any time you try to submit that form, it will complain about the length. It should be fixed in future releases.
     
  44. gn3t00r

    gn3t00r Addicted to LI Member

    SgtPepperKSU,

    Thanks for the prompt reply. Is it possible to double the fields' size limit in the next release? I personally prefer 2048 bits to generate the certificate. I think for anyone out there who is as paranoid as me will love to have that too. ;) And thanks for the quick tips/workaround. I am looking forward to your next version so I can do some more tests for you.
     
  45. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I'm actually considering removing the limit altogether, and just leave it up to the user to not put so much in there to fill up NVRAM.
     
  46. gn3t00r

    gn3t00r Addicted to LI Member

    Hi SgtPepperKSU,

    I tried your suggestion, and I get a different error.

    Code:
    Nov 20 22:28:43 gateway user.warn kernel: nvram_commit(): init
    Nov 20 22:28:44 gateway user.warn kernel: nvram_commit(): end
    Nov 20 22:29:12 gateway daemon.notice openvpn[2296]: OpenVPN 2.1_rc13 mipsel-unknown-linux-gnu [SSL] [LZO2] built on Oct 16 2008
    Nov 20 22:29:12 gateway daemon.notice openvpn[2296]: Diffie-Hellman initialized with 1024 bit key
    Nov 20 22:29:12 gateway daemon.err openvpn[2296]: Cannot load CA certificate file /etc/openvpn/server1-ca.crt path (null) (SSL_CTX_load_verify_locations) (OpenSSL)
    Nov 20 22:29:12 gateway daemon.notice openvpn[2296]: Exiting
    
    Greatly appreciated any help you can give. Thanks in advance.
     
  47. gn3t00r

    gn3t00r Addicted to LI Member

    Nevermind. Found the problem...
     
  48. gn3t00r

    gn3t00r Addicted to LI Member

    One suggestion for future/next version. Another option, in VPN Tunneling, to specify if openvpn should be restarted after the router reboot. Thanks in advance.
     
  49. ikarusx3

    ikarusx3 LI Guru Member

    sdmmc feedback:

    on WRT54GL v1.1, not working.

    when i set the dropdown to WRT54G/WRT54GL v4 or later,ext2, partition 1 (working fine in 1.14 1291) and click save, it tells me some error occured and the dropdown is back on WRT54G up to 3.1, not saving my changes....

    greetings
     
  50. GhaladReam

    GhaladReam Network Guru Member

    Sorry if this has been asked before, but this thread is really, really long... I've been thinking about setting up a VPN for remote access into my LAN. I'm currently using Victek's mod, which contains SpeedMod, TCP Vegas, and a few other enhancements. Are these features in this mod? If not, can they be added? I know a couple of features, such as IP/MAC limiter and ARP binding are in both this mod and Victek's.
     
  51. gn3t00r

    gn3t00r Addicted to LI Member

    Bug report

    Hi,

    Found a minor bug for Tomato 1.21 beta 5 with OpenVPN
    NVRam Show

    Steps
    1) Login tomato via https
    2) Click on NVRam Show

    Result:
    All link become http instead of https

    If one set to allow web access only via https without http. Aforementioned steps will causes tomato to return page without actual nvram show contents, and all the font style become default.
     
  52. humba

    humba Network Guru Member

    @GhaladReam: the VPN mods have always been built upon the vanilla tomato.. meaning you only get stock tomato features plus VPN.
    SgtPepperKSU has actually suggested that mod developers work towards a build system that would permit to build a firmware that contains all the features. I, too, hope that this will get done as I need VPN but some of the other features in other mods also interest me.
     
  53. peckec

    peckec LI Guru Member

    Hi!

    I tried this 1.21 test version today.

    DHCP for WAN is not working properly. It won't get IP address and the status stays "Renewing".

    Also mmc/sd is not working. I am using WRT54GL and if i select "WRT54G/WRT54GL v4.0 and later" and press "Save" button it switches back to "WRT54G up to 3.1". This release also lacks some fs modules (ext2,ext3 etc).

    # ls -la /lib/modules/2.4.20/kernel/fs/
    drwxr-xr-x 2 1000 1000 85 Oct 16 2008 .
    drwxr-xr-x 6 1000 1000 47 Oct 16 2008 ..
    -rw-r--r-- 1 1000 1000 266692 Oct 16 2008 cifs.o
    -rw-r--r-- 1 1000 1000 108688 Oct 16 2008 jffs2.o
    -rw-r--r-- 1 1000 1000 39372 Oct 16 2008 mmc-buffalo.o
    -rw-r--r-- 1 1000 1000 39164 Oct 16 2008 mmc-gpio2.o
    -rw-r--r-- 1 1000 1000 39372 Oct 16 2008 mmc-gpio5.o
    #

    Right now i have switched back to v1.16.1374.
     
  54. jsauve

    jsauve LI Guru Member

    I think that this kind of feature would severely bloat the firmware. Generally, the kind of Web-based console you're talking about relies on java applets. SmoothWall v3.0 has this feature, if you want it, but of course you need a full blown PC to run that. There's not a whole lot of room in the NVRAM of most routers for this kind of bulk.

    Just my 2¢.

    BTW, happy to see that this mod is moving beyond Tomato 1.19! :biggrin:
     
  55. rmarquardt

    rmarquardt Addicted to LI Member

    Hello Roadkill,

    is it possible to increase the length of the VPN client fields? (Invalid length. Please reduce the length to 1296 characters or less). Could you also add a field for the tls-auth key (HMAC signature), username and password?

    I created the files manually and got:
    My config.ovpn:
    Router, Firmware:
    Thanks.
     
  56. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I removed the length restrictions altogether in the last VPN GUI release, so if/when Roadkill incorporates that release, that won't be a problem anymore.
    There has been a tls-auth key field for a few releases now, but I'm not sure what release roadkill has incorporated.
    Assuming you're talking about the auth-user-pass directive (require clients to provide a password), I'll consider adding that capability.
    AES is not yet supported since it is not supported by the OpenSSL version in the firmware. Work is being done to update OpenSSL, but has run into a couple of snags. Once OpenSSL is updated, VPN GUI will pick up the additional ciphers available automatically.
     
  57. rmarquardt

    rmarquardt Addicted to LI Member

    Thanks for the answer. I dont like to push you and Roadkill cause your doing a great job here but any idea when the firmware with the updated OpenSSL will be avail.?
     
  58. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Sorry, no ETA. However, I should be able to start looking into it again, so hopefully not too long (but no guarantees).
     
  59. gotteo

    gotteo Guest

    who can give me a ND version with VPN

    I have download TomatoMod_ND_1.19.1464-OnlyEssentials.7z,but it can't work with VPN,who can give me a ND version with VPN? Thanks a lot!
     
  60. HarshReality

    HarshReality Network Guru Member

    Roadkill... Roadkill... Roadkill... Roadkill...

    Just reading back a few pages and now realize just how much we sound like a broken record. But, thanks for your efforts and attention despite our constant whining.

    Incidentally, what are the chances of your tweaking the SD portion to function like it does in DDWRT so we are default but can manually specify GPIO if needed rather than a drop down menu?
     
  61. roadkill

    roadkill Super Moderator Staff Member Member

    the new git repository will help with advancing Tomato and adding new features...
    I now have the SD/MMC so I can properly test it...
    patience I'll get there eventually :grin:
     
  62. kenyloveg

    kenyloveg LI Guru Member

    Hi, roadkill
    Thanks for your great MOD.
    How is the progress of Open Swan/Free Swan? Currently we already have 2 choice, while one is inconvenience (need to install dedicated client) and other is unsecure (faulty protocal). Then a IPsec VPN server would be the best?
    Hope so and have a good day.
     
  63. roadkill

    roadkill Super Moderator Staff Member Member

    Kamikaze has support for IPsec, I advise you to try that solution since I currently don't really have free time for Tomato Mod/s and most of my routers also moved to Kamikaze since it allows more customization.
     
  64. TheGIZ

    TheGIZ Network Guru Member

    So is the branch pretty much dead?

    If Roadkill is moving over to openWRT and SgtPeper is doing his thing.... have we seen then end of this development?
     
  65. BennY-

    BennY- Guest

    =(

    is there any tomato mod with working sd/mmc support for gpio2 based mods?
     
  66. dvd-guy

    dvd-guy Guest

    Anybody want to help me? My client can't seem to get an IP address from the VPN connection and instead uses the same one it gets from its Internet connection. My server settings are defaulted with only the keys filled in. My client config is below:

    client
    dev tap
    #dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name
    proto udp
    remote xxx.xxx.xxx.xxx 1194
    route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory. This should be be different for each client.
    key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key" # This file should be kept secret
    ns-cert-type server
    cipher BF-CBC # Blowfish (default) encrytion
    comp-lzo
    verb 1
     
  67. srouquette

    srouquette Network Guru Member

    I use ifconfig to get an IP from the server:
    ifconfig 192.168.1.200 255.255.255.0

    Do you need to redirect the traffic from your client through the VPN tunnel ? that's why you use route ?

    And a little advice, you should put your ca file, cert file and key file un the "config" directory, with your .ovpn file. This way, you won't have to specify the full path.
     
  68. dvd-guy

    dvd-guy Guest

  69. superchc

    superchc Addicted to LI Member

    if the Tomato Mod v1.21.TEST-v5 have snmp, it will be great!

    do you think we still have enough space to add this feature?
     
  70. 2young2die

    2young2die Guest

    Info about OpenVPN in Tomato.

    Hi All:) I'm starting to use Tomato on my WRT54GL. The structure of the catalogs is different from standard Linux distributions. Is there a guide about Tomato Linux implementation which would describe:
    - the used structure of catalogs?
    - how to eventually install new software?
    - how to add scripts at boot-up?

    As far as I know the current Tomato version doesn't have OpenVPN built inside. Where from could I download the newest Tomato Mod with OpenVPN? Is there a guide about configuring&using OpenVPN under Tomato?

    Any help will be greatly appreciated:)
     
  71. superchc

    superchc Addicted to LI Member

    well, for all the questions above, you can easily find it in this forum by search.
    actually, this thread is about openvpn in tomato, you can download what you want in the first page of the thread.
     
  72. Flambi

    Flambi Guest

    Hi All !
    I use TomatoMod 1.21 *TEST VERSION 5* for WRT54GL.
    VPN multiclient OK !
    My server setting in Init script and WanUp script.

    How make Custom script in VPN tunneling menu?
    How make the Amber LED on until VPN connection live ?
     
  73. daron

    daron Guest

    WAN DHCP doesn't work for me

    Hi @all.

    Setup:
    WRT54GL (actually original tomato 1.19) <-- wds --> WRT54GL (already 1.21 vpn mod)

    I'm trying to install 1.21 vpn mod (#1 post).

    the router will not get any dhcp adress (renewing all the time).
    if i check the log files, i'll the this:
    Code:
    Jan  1 01:00:12 ? daemon.info dnsmasq[89]: started, version 2.45 cachesize 150
    Jan  1 01:00:12 ? daemon.info dnsmasq[89]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Jan  1 01:00:12 ? daemon.info dnsmasq[89]: DHCP, IP range 192.168.66.100 -- 192.168.66.149, lease time 2d12h
    Jan  1 01:00:12 ? daemon.warn dnsmasq[89]: failed to access /etc/resolv.dnsmasq: No such file or directory
    Jan  1 01:00:12 ? daemon.info dnsmasq[89]: read /etc/hosts - 0 addresses
    Jan  1 01:00:12 ? daemon.info dnsmasq[89]: read /etc/hosts.dnsmasq - 8 addresses
    so: that means, there is no /etc/resolv.dnsmasq
    i created it with touch and did a reboot.
    the dhcp request is now working, but there is no dns avaliable

    if i do the same with the original tomato (in this case 1.19) you can see:
    Code:
    Jan  1 01:07:43  daemon.info dnsmasq[421]: started, version 2.41 cachesize 150
    Jan  1 01:07:43  daemon.info dnsmasq[421]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Jan  1 01:07:43  daemon.info dnsmasq[421]: DHCP, IP range 192.168.66.100 -- 192.168.66.149, lease time 2d12h
    Jan  1 01:07:43  daemon.warn dnsmasq[421]: no servers found in /etc/resolv.dnsmasq, will retry
    Jan  1 01:07:43  daemon.info dnsmasq[421]: read /etc/hosts - 0 addresses
    Jan  1 01:07:43  daemon.info dnsmasq[421]: read /etc/hosts.dnsmasq - 8 addresses
    Jan  1 01:07:43  cron.notice crond[424]: crond 2.3.2 dillon, started, log level 9 
    Jan  1 01:07:44  user.info init[1]: Linksys WRT54G/GS/GL
    Jan  1 01:07:46  daemon.info dnsmasq[421]: exiting on receipt of SIGTERM
    Jan  1 01:07:46  daemon.info dnsmasq[436]: started, version 2.41 cachesize 150
    Jan  1 01:07:46  daemon.info dnsmasq[436]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Jan  1 01:07:46  daemon.info dnsmasq[436]: DHCP, IP range 192.168.66.100 -- 192.168.66.149, lease time 2d12h
    Jan  1 01:07:46  daemon.info dnsmasq[436]: reading /etc/resolv.dnsmasq
    Jan  1 01:07:46  daemon.info dnsmasq[436]: using nameserver 195.202.128.2#53
    Jan  1 01:07:46  daemon.info dnsmasq[436]: using nameserver 195.202.128.3#53
    Jan  1 01:07:46  daemon.info dnsmasq[436]: using nameserver 62.40.128.2#53
    Jan  1 01:07:46  daemon.info dnsmasq[436]: read /etc/hosts - 0 addresses
    Jan  1 01:07:46  daemon.info dnsmasq[436]: read /etc/hosts.dnsmasq - 8 addresses
    Jan 26 19:14:55  user.info kernel: vlan1: add 01:00:5e:00:00:09 mcast address to master interface
    Jan 26 19:15:08  cron.warn crond[424]: time disparity of 20549887 minutes detected 
    Jan 26 19:15:42  daemon.info dnsmasq[436]: DHCPDISCOVER(br0) 00:04:20:1a:2d:12 
    Jan 26 19:15:42  daemon.info dnsmasq[436]: DHCPOFFER(br0) 192.168.66.100 00:04:20:1a:2d:12 
    Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPDISCOVER(br0) 00:04:20:1a:2d:12 
    Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPOFFER(br0) 192.168.66.100 00:04:20:1a:2d:12 
    Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPREQUEST(br0) 192.168.66.100 00:04:20:1a:2d:12 
    Jan 26 19:15:45  daemon.info dnsmasq[436]: DHCPACK(br0) 192.168.66.100 00:04:20:1a:2d:12 SCDuet
    could it be, that there is a problem with the dns whithin another network?
    cause the dns servers are
    195.202.128.2
    195.202.128.3
    62.40.128.2

    and my ip would be 81.217.134.*

    do you have any idea?
    thx in advance
     
  74. HarshReality

    HarshReality Network Guru Member

    So.. if this is dead can we get a final with the bugs out? I feel like I have been kicked in the gut :(

    P.S. RK how ya like that SDMod?
     
  75. roadkill

    roadkill Super Moderator Staff Member Member

    I will release another version with everything merged.
     
  76. HarshReality

    HarshReality Network Guru Member

    THank you, thank you, thank you :)
     
  77. besonen

    besonen LI Guru Member

    what are the differences between 'Tomato Mod v1.21 TEST-v5 with OpenVPN-GUI,SDMCC,IP/MAC' by roadkill and 'VPN build with Web GUI' by SgtPepperKSU?
     
  78. besonen

    besonen LI Guru Member

    updating from 1.19.1464

    is it a smooth process upgrading from 1.19.1464 to 1.21.TEST-v5? will i need to reconfigure/re-setup my vpn in any way?
     
  79. stroths

    stroths Addicted to LI Member

    No love for me with the mmc mounting. It would not mount my 4gb (sdhc) SD card that I had mounted with a SDHC build of tomato. Stated it had errors mounting. I understand this is an older build (october), but wanted to give you feedback in case it helps with your next version.

    unknown user.info init[1]: notice: Error mounting MMC. Check the logs to see if they contain more details about this error.


    I have a WRT54G-TM and I used the WRT54GS image since they are essentially the same (8mb flash, 32mb ram). Also tried the GL labeled firmware too just in case that was the issue. My 4GB sd is formatted as FAT32 and it opens fine in Windows.

    I would get a reboot when I would try to install the driver manually with the command below.

    insmod mmc-gpio2.o

    Here are my pinouts if it helps

    CS=7, CLK=3, DI=2, DO=4

    EDIT: Tried a FAT formatted 512MB card to see if it would work (non-SDHC). Got the same error with it.

    EDIT2: Here is a little more detail

     
  80. occamsrazor

    occamsrazor Network Guru Member

  81. mishasc

    mishasc Addicted to LI Member

    Hi boys,

    form Open VPN provider I received such config

    Code:
    remote x.x.x.x 1296
    proto udp
    ca ca.crt
    cert ovpn.crt
    key ovpn.key
    client
    dev tun
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]
    verb 4
    mute 5
    tun-mtu 1500
    fragment  1300
    mssfix 1450
    
    it's ok from my laptop.
    I have WRT54GL router with Tomato v1.19.1464

    I add this script to init

    Code:
    insmod tun.o
    sleep 5
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn
    ./myvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    sleep 5
    
    echo "
    client
    dev tap0
    proto udp
    remote x.x.x.x 1296
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    verb 4
    mute 5
    tun-mtu 1500
    fragment  1300
    mssfix 1450
    " > /tmp/client.conf
    
    echo "
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    " > /tmp/ca.crt
    
    echo "
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
    " > /tmp/client.key
    chmod 600 /tmp/client.key
    
    echo "
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    " > /tmp/client.crt
    
    ./myvpn --config client.conf
    " > /tmp/client.crt
    
    ./myvpn --config client.conf
    rule for Firewall seems correct
    Code:
    iptables -I INPUT 1 -p udp --dport 1296 -j ACCEPT

    and have such log

    Code:
    Dec 31 16:00:07 unknown user.warn kernel: Checking for 'wait' instruction...  unavailable.
    Dec 31 16:00:07 unknown user.warn kernel: POSIX conformance testing by UNIFIX
    Dec 31 16:00:07 unknown user.warn kernel: PCI: no core
    Dec 31 16:00:07 unknown user.warn kernel: PCI: Fixing up bus 0
    Dec 31 16:00:07 unknown user.info kernel: Linux NET4.0 for Linux 2.4
    Dec 31 16:00:07 unknown user.info kernel: Based upon Swansea University Computer Society NET3.039
    Dec 31 16:00:07 unknown user.warn kernel: Initializing RT netlink socket
    Dec 31 16:00:07 unknown user.warn kernel: Starting kswapd
    Dec 31 16:00:07 unknown user.info kernel: devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
    Dec 31 16:00:07 unknown user.info kernel: devfs: boot_options: 0x1
    Dec 31 16:00:07 unknown user.info kernel: squashfs: version 3.0 (2006/03/15) Phillip Lougher
    Dec 31 16:00:07 unknown user.warn kernel: pty: 256 Unix98 ptys configured
    Dec 31 16:00:07 unknown user.info kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
    Dec 31 16:00:07 unknown user.info kernel: ttyS00 at 0xb8000300 (irq = 3) is a 16550A
    Dec 31 16:00:07 unknown user.info kernel: ttyS01 at 0xb8000400 (irq = 0) is a 16550A
    Dec 31 16:00:07 unknown user.warn kernel: HDLC line discipline: version $Revision: 1.1.1.4 $, maxframe=4096
    Dec 31 16:00:07 unknown user.info kernel: N_HDLC line discipline registered.
    Dec 31 16:00:07 unknown user.info kernel: PPP generic driver version 2.4.2
    Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x400000 for the chip at 0x0
    Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x800000 for the chip at 0x0
    Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0xc00000 for the chip at 0x0
    Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1000000 for the chip at 0x0
    Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1400000 for the chip at 0x0
    Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1800000 for the chip at 0x0
    Dec 31 16:00:07 unknown user.debug kernel: Physically mapped flash: Found an alias at 0x1c00000 for the chip at 0x0
    Dec 31 16:00:07 unknown user.notice kernel:  Amd/Fujitsu Extended Query Table v1.1 at 0x0040
    Dec 31 16:00:07 unknown user.notice kernel: number of CFI chips: 1
    Dec 31 16:00:07 unknown user.notice kernel: Flash device: 0x400000 at 0x1c000000
    Dec 31 16:00:07 unknown user.notice kernel: Creating 5 MTD partitions on "Physically mapped flash":
    Dec 31 16:00:07 unknown user.notice kernel: 0x00000000-0x00040000 : "pmon"
    Dec 31 16:00:07 unknown user.notice kernel: 0x00040000-0x003f0000 : "linux"
    Dec 31 16:00:07 unknown user.notice kernel: 0x000e270c-0x00340000 : "rootfs"
    Dec 31 16:00:07 unknown user.notice kernel: 0x00340000-0x003f0000 : "jffs2"
    Dec 31 16:00:07 unknown user.notice kernel: 0x003f0000-0x00400000 : "nvram"
    Dec 31 16:00:07 unknown user.err kernel: sflash: found no supported devices
    Dec 31 16:00:07 unknown user.info kernel: NET4: Linux TCP/IP 1.0 for NET4.0
    Dec 31 16:00:07 unknown user.info kernel: IP Protocols: ICMP, UDP, TCP, IGMP
    Dec 31 16:00:07 unknown user.info kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
    Dec 31 16:00:07 unknown user.info kernel: TCP: Hash tables configured (established 1024 bind 2048)
    Dec 31 16:00:07 unknown user.info kernel: Linux IP multicast router 0.06 plus PIM-SM
    Dec 31 16:00:07 unknown user.warn kernel: ip_conntrack version 2.1 (8092 buckets, 4096 max) - 368 bytes per conntrack
    Dec 31 16:00:07 unknown user.warn kernel: ip_tables: (C) 2000-2002 Netfilter core team
    Dec 31 16:00:07 unknown user.info kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
    Dec 31 16:00:07 unknown user.info kernel: NET4: Ethernet Bridge 008 for NET4.0
    Dec 31 16:00:07 unknown user.alert kernel: 802.1Q VLAN Support v1.7 Ben Greear <greearb@candelatech.com>
    Dec 31 16:00:07 unknown user.alert kernel: All bugs added by David S. Miller <davem@redhat.com>
    Dec 31 16:00:07 unknown user.warn kernel: VFS: Mounted root (squashfs filesystem) readonly.
    Dec 31 16:00:07 unknown user.info kernel: Mounted devfs on /dev
    Dec 31 16:00:07 unknown user.info kernel: Freeing unused kernel memory: 64k freed
    Dec 31 16:00:07 unknown user.warn kernel: Algorithmics/MIPS FPU Emulator v1.5
    Dec 31 16:00:07 unknown user.warn kernel: ip_conntrack_pptp version 1.9 loaded
    Dec 31 16:00:07 unknown user.warn kernel: ip_nat_pptp version 1.5 loaded
    Dec 31 16:00:07 unknown user.warn kernel: ip_conntrack_rtsp v0.01 loading
    Dec 31 16:00:07 unknown user.warn kernel: ip_nat_rtsp v0.01 loading
    Dec 31 16:00:07 unknown user.warn kernel: eth0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.38.0
    Dec 31 16:00:07 unknown user.warn kernel: eth1: Broadcom BCM4320 802.11 Wireless Controller 3.90.38.0
    Dec 31 16:00:07 unknown user.warn kernel: tomato_ct.c [Jul  5 2008 15:21:00]
    Dec 31 16:00:07 unknown user.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
    Dec 31 16:00:07 unknown user.info kernel: vlan0: dev_set_promiscuity(master, 1)
    Dec 31 16:00:07 unknown user.info kernel: device eth0 entered promiscuous mode
    Dec 31 16:00:07 unknown user.info kernel: device vlan0 entered promiscuous mode
    Dec 31 16:00:07 unknown user.info kernel: device eth1 entered promiscuous mode
    Dec 31 16:00:07 unknown user.info kernel: br0: port 2(eth1) entering learning state
    Dec 31 16:00:07 unknown user.info kernel: learning state
    Dec 31 16:00:07 unknown user.warn kernel: vlan1: Setting MAC address to  00 22 6b 81 14 6a.
    Dec 31 16:00:07 unknown user.info kernel: br0: port 2(eth1) entering forwarding state
    Dec 31 16:00:07 unknown user.info kernel: br0: topology change detected, propagating
    Dec 31 16:00:07 unknown user.info kernel: br0: port 1(vlan0) entering forwarding state
    Dec 31 16:00:07 unknown user.info kernel: br0: topology change detected, propagating
    Dec 31 16:00:07 unknown user.info kernel: vlan1: add 01:00:5e:00:00:01 mcast address to master interface
    Dec 31 16:00:08 unknown cron.notice crond[95]: crond 2.3.2 dillon, started, log level 9 
    Dec 31 16:00:08 unknown user.info init[1]: Tomato 1.19.1464
    Dec 31 16:00:08 unknown user.info init[1]: Linksys WRT54G/GS/GL
    Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: started, version 2.41 cachesize 150
    Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
    Dec 31 16:00:08 unknown daemon.warn dnsmasq[101]: failed to access /etc/resolv.dnsmasq: No such file or directory
    Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: read /etc/hosts - 0 addresses
    Dec 31 16:00:08 unknown daemon.info dnsmasq[101]: read /etc/hosts.dnsmasq - 1 addresses
    Dec 31 16:00:09 unknown daemon.info dnsmasq[101]: exiting on receipt of SIGTERM
    Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: started, version 2.41 cachesize 150
    Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
    Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: reading /etc/resolv.dnsmasq
    Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: using nameserver 192.168.4.80#53
    Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: read /etc/hosts - 0 addresses
    Dec 31 16:00:09 unknown daemon.info dnsmasq[116]: read /etc/hosts.dnsmasq - 1 addresses
    Dec 31 16:00:12 unknown user.info kernel: device tap0 entered promiscuous mode
    Dec 31 16:00:12 unknown user.info kernel: br0: port 3(tap0) entering learning state
    Dec 31 16:00:12 unknown user.info kernel: br0: port 3(tap0) entering forwarding state
    Dec 31 16:00:12 unknown user.info kernel: br0: topology change detected, propagating
    Feb 28 12:00:20 unknown daemon.info dnsmasq[116]: exiting on receipt of SIGTERM
    Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: started, version 2.41 cachesize 150
    Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: compile time options: no-IPv6 GNU-getopt no-RTC no-ISC-leasefile no-DBus no-I18N no-TFTP
    Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
    Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: reading /etc/resolv.dnsmasq
    Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: using nameserver 192.168.4.80#53
    Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: read /etc/hosts - 0 addresses
    Feb 28 12:00:21 unknown daemon.info dnsmasq[366]: read /etc/hosts.dnsmasq - 1 addresses
    Feb 28 12:00:29 unknown cron.warn crond[95]: time disparity of 20597520 minutes detected 
     
    
    IP is still my local IP.
    What is the problem? I realy need this solution because gov block most of all traffic in our country
    Thanks
     
  82. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The provided config specified
    Code:
    dev tun
    , but you put
    Code:
    dev tap0
    That will not work. You will need to use routed (tun) mode, not bridged (tap) mode.
     
  83. mishasc

    mishasc Addicted to LI Member

    ok,
    what will be this way config for tun?

    Code:
    insmod tun.o
    sleep 5
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn
    ./myvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    sleep 5
    ???

    config file seems like this
    Code:
    echo "
    client
    dev tun
    proto udp
    remote 74.217.58.4 1296
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    ns-cert-type server
    verb 4
    mute 5
    error openvpn-error.log
    tun-mtu 1500
    fragment  1300
    mssfix 1450
    " > /tmp/client.conf
    thanks
     
  84. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Code:
    insmod tun.o
    sleep 5
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn
    ./myvpn --mktun --dev tun0
    ifconfig tun0 0.0.0.0 promisc up
    sleep 5
    Code:
    echo "
    client
    dev tun0
    proto udp
    remote 74.217.58.4 1296
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    ns-cert-type server
    verb 4
    mute 5
    error openvpn-error.log
    tun-mtu 1500
    fragment  1300
    mssfix 1450
    " > /tmp/client.conf
    Basically, just replacing tap0 with tun0. That and removing the brctl command.
     
  85. mishasc

    mishasc Addicted to LI Member

    thank you SgtPepperKSU :thumbup:

    it's ok from router side now.

    It can trace using VPN IP

    traceroute google.com
    1 10.8.3.49 198.46 228.88 209.04
    2 (x.x.x.x) 198.88 203.40 200.44 -8.60
    3 (x.x.x.x) 198.86 319.49 239.73 39.29
    4 (x.x.x.x) 198.94 199.85 199.42 -40.31
    5 sl-crs1-nyc-0-10-5-0.sprintlink.net (144.232.13.51) 199.54 199.82 199.65 0.23
    6 sl-gw35-nyc-14-0-0.sprintlink.net (144.232.13.37) 198.41 219.84 206.05 6.40
    7 sl-googl9-212975-0.sprintlink.net (144.223.74.126) 223.52 231.98 226.72 20.67
    8 209.85.255.68 231.67 360.93 305.44 78.71
    9 209.85.251.9 219.63 220.81 220.37 -85.07
    10 72.14.232.215 220.29 222.29 221.42 1.05
    11 209.85.253.137 223.34 233.82 229.55 8.13
    12 yx-in-f100.google.com (74.125.45.100) 219.81 221.78 220.86 -8.69


    but I can't use internet in laptop. I add VPN-provider DNSs to ethernet nic still no luck.

    How now I can share this account from router to my laptop? :redface:

    And really how can I add IP from (ehich I get from VPN-provider) router to my laptop for example(laptop 192.168.1.2/24 router 192.168.1.1/24)...mean something like DMZ
     
  86. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Search this forum for "redirect-gateway". You will need that directive in your client config to force all internet traffic over the VPN tunnel. I have never used this option, so I cannot speak to what parameters you should use.

    To give your laptop unrestricted (all ports) access to the VPN tunnel, add the following firewall rules.
    Code:
    iptables -A INPUT -i tun0 -j ACCEPT
    iptables -A FORWARD -i tun0 -j ACCEPT
     
  87. ramasule

    ramasule Addicted to LI Member

    Hello,
    I can connect my linksys to my sme openvpn-bridged mode vpn
    It recieves the proper ip and connects no problem.
    I checked the scripts in the router ssh and fired it up there and it connected.

    The problem I am having is that when I am connected to the vpn the clients off of the router cannot connect to anything past the router.

    This includes surfing(i have the pass all internet on) and anything else

    I tried adding the firewall script to the router and that didnt help.
    Code:
    iptables -A INPUT -i tun0 -j ACCEPT
    iptables -A FORWARD -i tun0 -j ACCEPT
    The vpn works great with clients connecting right to the server. I would like to get a router connected though for remote work locations.
    Any suggestions?
     
  88. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Code:
    iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o tun0 -j MASQUERADE
    replacing 192.168.1.0/255.255.255.0 with your subnet/netmask.

    If you were to use the VPN GUI build, this would all be done for you...
     
  89. samsara00

    samsara00 Addicted to LI Member

    Hello,
    I have the Lynksys WRT54GL and flashed it with the TomatoMod-1.21-TESTv5.

    I wanted to use VPN as a client. But when i enter everything it tells me that the certification keys are too long.
    I also tried it under Scripts -> Wan up, but it tells me "WAN UP scripts is too long"

    Configuration looks like this

    Code:
    nsmod tun.o
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn
    ./myvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up
    sleep 5
    
    echo "
    client
    dev tun
    proto udp
    remote openvpn.ivacy.com 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ivacy-keys/ivacy-ca.crt
    cert ivacy-keys/ivacy-client.crt
    key ivacy-keys/ivacy-client.key
    tls-auth ivacy-keys/ivacy-tls.key 1
    ns-cert-type server
    comp-lzo
    verb 3
    auth-user-pass
    redirect-gateway
    script-security 3
    reneg-sec 0
    " > /tmp/client.conf
    
    echo "
    -----BEGIN CERTIFICATE-----
    *key* [B]***1494 characters***[/B]
    -----END CERTIFICATE-----
    " > /tmp/ca.crt
    
    echo "
    -----BEGIN RSA PRIVATE KEY-----
    *key* [B]***1612 characters***[/B]
    -----END RSA PRIVATE KEY-----
    " > /tmp/client.key
    chmod 600 /tmp/client.key
    
    echo "
    -----BEGIN CERTIFICATE-----
    *key* [B]***1584 characters***[/B]
    -----END CERTIFICATE-----
    " > /tmp/client.crt
    
    ./myvpn --config client.conf
    what can i do?
    Thanks in advance!
     
  90. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You're placing your keys in /tmp, but telling OpenVPN that they are in /tmp/ivacy-keys/. You either need to remove "ivacy-keys" from the paths in your VPN config, or add it to the paths when you create the files.
     
  91. samsara00

    samsara00 Addicted to LI Member

    -edit-
    got it to work so far but now it says:
    Code:
    daemon.err openvpn[1124]: ERROR: could not read Auth username from stdin
    where can add the username / pass ?
    when i left out the auth-user-pass line i get this

    Code:
    Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Control Channel Authentication: using 'client1-static.key' as a OpenVPN static key file
    Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: LZO compression initialized
    Mar 10 01:13:18 pandoras daemon.notice openvpn[1239]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Mar 10 01:13:21 pandoras daemon.notice openvpn[1239]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Mar 10 01:13:21 pandoras daemon.notice openvpn[1241]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Mar 10 01:13:21 pandoras daemon.notice openvpn[1241]: UDPv4 link local: [undef]
    Mar 10 01:13:21 pandoras daemon.notice openvpn[1241]: UDPv4 link remote: 213.232.xxxx
    but when i look up my ip in the web it still shows my real ip and not the 213.232.. one (which it does when i use the openvpn windows client)
     
  92. ramasule

    ramasule Addicted to LI Member

    In case some of you havnt figured out yet sgt pepper took over for roadkill and made the gui for the openvpn build. You can find his thread here, I would encourage you to check it out.
    http://www.linksysinfo.org/forums/showthread.php?t=59416

    change the cat to echo though.
     
  93. mishasc

    mishasc Addicted to LI Member

    hello boys

    do anybody know (or use) how to start PPTP and then route all traffic + IP to LAN IP
    like DMZ function but after PPTP connection

    for example router have 192.168.1.1 will route all traffic and IP to 192.168.1.5

    ready need such configuration asap
    thanks to everybody
     
  94. tatoosh

    tatoosh Addicted to LI Member

    i tried this tutorial: http://www.linksysinfo.org/forums/showpost.php?p=302642&postcount=3

    but when i want to save the tomato config i'll always get this error:
    "WAN Up script is too long. Maximum allowed is 4096 bytes".

    I copied my certificates into and changed nothing else.
    Tried with Tomato Mod Version 1.19.

    What did i wrong?
     
  95. janosik47

    janosik47 Addicted to LI Member

    try to remove all unnecessary chars/lines, group commands into single line e.g.
    cd /tmp;openvpn --mktun --dev tap0;brctl addif br0 tap0;ifconfig tap0 0.0.0.0 promisc up
    use a text editor to measure no of characters but keep in ming that every new line adds extra char ...
    If your router has USB port or SD mod put the script into a file on USB stick/SD card and execute once the device is mounted ....
     
  96. tatoosh

    tatoosh Addicted to LI Member

    Thanks for reply.
    I use linksys WRT54G - no USB/HDD or SD Card support.
    can i copy the files with telnet?
    how to link the skript to files on the "internal" linksys storage ?
     
  97. janosik47

    janosik47 Addicted to LI Member

    if you have no SD mod then I think the best for you is to stay with the WAN up script - just try to remove all unnecessary chars to make it as short as possible ...
    If you are not able to make the script length less than 4k then you could try to enable jffs and then put it to the /jffs dir. Next you need to ensure its executed every time the router boots, for example put it to the WAN up script - actually I am not sure what is the Tomato boot sequence so it may happen that the jffs is enabled after the WAN interface is up - in that case you need to delay the initialization of the vpn
     
  98. tatoosh

    tatoosh Addicted to LI Member

    ok thx janosik47.
    i got it - with cutting the spaces - to work. i mean saving the script.
    next problem is the client.
    ill get this errors: (changed my ip)
    Code:
    Wed May 13 14:15:36 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
    Wed May 13 14:15:36 2009 WARNING: using --pull/--client and --ifconfig together is probably not what you want
    Wed May 13 14:15:36 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed May 13 14:15:36 2009 LZO compression initialized
    Wed May 13 14:15:36 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed May 13 14:15:36 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed May 13 14:15:36 2009 Local Options hash (VER=V4): 'd79ca330'
    Wed May 13 14:15:36 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Wed May 13 14:15:36 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Wed May 13 14:15:36 2009 UDPv4 link local: [undef]
    Wed May 13 14:15:36 2009 UDPv4 link remote: xx.xx.xx.xx:1194
    Wed May 13 14:15:36 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
    Wed May 13 14:15:38 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
    Wed May 13 14:15:40 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
    
     
  99. janosik47

    janosik47 Addicted to LI Member

    well not sure if I can help here
    my understanding of the following lines

    Wed May 13 14:15:36 2009 UDPv4 link local: [undef]
    Wed May 13 14:15:36 2009 UDPv4 link remote: xx.xx.xx.xx:1194
    Wed May 13 14:15:36 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
    Wed May 13 14:15:38 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

    is that you use UDP protocol - try to change to TCP
     
  100. tatoosh

    tatoosh Addicted to LI Member

    udp should work or?
    i changed the cutting areas a little bit, now it looks better (after reboot).
    but again i dont get a connection:
    Code:
    Wed May 13 14:21:47 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
    Wed May 13 14:21:47 2009 WARNING: using --pull/--client and --ifconfig together is probably not what you want
    Wed May 13 14:21:47 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed May 13 14:21:47 2009 LZO compression initialized
    Wed May 13 14:21:47 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed May 13 14:21:47 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed May 13 14:21:47 2009 Local Options hash (VER=V4): 'd79ca330'
    Wed May 13 14:21:47 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Wed May 13 14:21:47 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Wed May 13 14:21:47 2009 UDPv4 link local: [undef]
    Wed May 13 14:21:47 2009 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
    Wed May 13 14:21:47 2009 TLS: Initial packet from 192.168.7.1:1194, sid=3469891a 7240b499
    Wed May 13 14:21:48 2009 VERIFY OK: depth=1, /C=DE/ST=XXX/L=XXX/O=XXXX/CN=X7-Router/emailAddress=XXXXt@XXXXde
    Wed May 13 14:21:48 2009 VERIFY OK: nsCertType=SERVER
    Wed May 13 14:21:48 2009 VERIFY OK: depth=0, /C=DE/ST=NRW/O=XXXXX/CN=X7/emailAddress=XXXXXXXX
    
    here the logfile on client stops and nothing happens after this.
    does the vpnserver on my linksys tomato dont need the client certificates? only the root one?
     

Share This Page