1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato OpenVPN mod questions

Discussion in 'Tomato Firmware' started by lanmtl, Feb 25, 2010.

  1. lanmtl

    lanmtl Addicted to LI Member

    Hello,

    I installed the Tomato version with OpenVPN included.
    I am having trouble setting it up...
    I intend to use the client section of it as I have a subscription to an OpenVPN provider already.

    I put all the certificates etc in place but I cannot find where to put my username and password?

    Also, I would like some devices to exit the router via the VPN and other devices to exit the router via the WAN connection... How can I do that? VOIP over OpenVPN doesn't work because of the jitter, I need the PAP2 to bypass the VPN, but I still need my modem to do QoS on the whole traffic whether it goes via the VPN or not.

    How can I pull this off?
    Thanks!
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    There isn't currently a place to enter a username and password in the GUI (most OpenVPN setups don't use them). The next release should have places to enter them, but in the meantime, see this post.
    You can add the VOIP server that you connect to to the routing table, instructing it to bypass the VPN. If your internet gateway is static, then you can just add a route to the static routing table (Advanced->Routing). If it's subject to change, then adding a line to the WAN-up script (Administration->Scripts) would be better:
    Code:
    route add -host <VOIPSERVERIP> gw `nvram get wan_gateway` dev `nvram get wan_iface`
     
  3. lanmtl

    lanmtl Addicted to LI Member

    I managed to connect to the VPN provider with the post mentionned, thanks.

    However, it seems the traffic that goes through the VPN bypasses QoS altogether... Why is that? If I disconnect the VPN the QoS is applied as it should, if I activate the VPN then the QoS seems to be blinded and although it sees every connection in detail it marks it all as 'unknown' category doing no shaping in effect.
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    It is a single encrypted stream, so it just looks like random non-sense to the QoS; so, it puts it in 'unknown'. However, 'unknown' should be lower priority than VOIP, right? So, your QoS should be able to work fine in that regard.

    I have no idea if it is possible to have the QoS work on the data going in to OpenVPN (before it is encrypted). However, if it is possible, it would have to be a separate QoS system from the one that works on the WAN, since it is dealing with a different bandwidth connection.
     
  5. lanmtl

    lanmtl Addicted to LI Member

    Ah, shame. I thought that putting the OpenVPN client in the router would allow it to shape the traffic before sending it to the Internet.
    What is strange is that it sees the different connections (ie not just one connection to the VPN server IP but all the connections to usenet, www etc) but it just fails to classify them.
    This is why I didnt want to connect on the computer directly so the router could QoS the data
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Hmmm, well, maybe it is seeing everything separate then. I've never used QoS in conjunction with VPN, so just stop after my "I have no idea if it is possible" comment and forget everything I said after that.
     

Share This Page