Tomato OpenVPN NAT/routing problem

Discussion in 'Tomato Firmware' started by meamens, Mar 1, 2010.

  1. meamens

    meamens Addicted to LI Member


    I hope somebody can help me here, I'm sure it'll be a simple fix when it's pointed out to me! I'm running TomatoVPN v1.27vpn3.6.4b664ba6 on a linksys WRT54GL, I'm connecting with OpenVPN to work which is running a pfSense 1.2.3-RELEASE. I have successfully configured a tunnel with NAT and besides it being rather slow (only ~140KB/s on a 20Mbps line, but that's for another time), it all works fine. I'd like to remove NAT from the tunnel so I can connect from work back to my home computers.. This is possible, isn't it? My settings are as follows :-

    Home LAN =
    Work LAN =
    VPN address pool =

    Interface type = TUN
    Protocol = UDP
    Firewall = Automatic
    Authorization Mode = TLS
    Extra HMAC = Disabled
    Create NAT on Tunnel = Ticked

    If I untick the "Create NAT on tunnel" then it tells me "Routes must be configured manually". I can no longer ping any work IP from my home PC's but I can ping which has a response time of ~1ms so is the local end of the tunnel, the Tomato however still CAN ping all hosts on 10.0.0.x. So it has to be the Tomato blocking the packets coming to my LAN fron the tunnel, now where do I set the routes?? I've gone into the advanced routing page and set a few static things in there but i can't get it right. I can't select the TUN adapter in the static routing for starters! Can someone point me in the right direction please?? This is battering my head now, any help would be much appreciated... :)

    Thank you,
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The routes need to be set on the server side so that it knows that your LAN subnet is reachable via your VPN client. No amount of fiddling on only the client router will work. That's why the firmware doesn't handle it automatically.
  3. meamens

    meamens Addicted to LI Member

    Well I've tried and tried but I just can't fathom it!! :( Funny thing is, I think the routes are automatically set by the server side when you enter the "remote network" in the box.. I've tried to attach a screenshot but the stupid attachment rules keep blocking me, but if you look at this page then in the "Remote network" box I put "", this even says it negates the need to manually enter routing information!

    I'm going to have to give up on this anyway, I've found out why it's so slow when using the VPN - as soon as I start copying files over the VPN, the CPU and RAM usage on my WRT54GL both go straight to 100% and sit there until I stop copying! So I'm going to build a stupidly overpowered pfSense box for home as well. Hopefully the VPN setup will be easier using the same software at both ends. It's a shame, I really like Tomato too but it just won't work for me on this hardware! :( Thanks for your help though Sgt...
  4. woodmouze

    woodmouze LI Guru Member

    pfSense & TomatoVPN


    I am using the same setup - and am also unable to make this work.
    If however I install an OpenVPN server on a Windows server behind the pfsense, all starts to work just fine, that is if I tick the option to redirect Internet traffic on the WRT54

    But that's not how I would like to have it :)

    pfSense is being the server ( lan)
    TomatoVPN is being the client ( lan)
    The underlying OpenVPN is running on

    What I would like to be able, is to "ping" a printer in the network of the client ( is the printer).

    I can ping it, if I enable Internet over the OpenVPN - but then all traffic is being routed over the OpenVPN - which would make it slower.
    Routes are automatically added on pfSense... not on Tomato...

    Should I add the network on Tomato ?? (tried it, but it won't come back at me with a echo reply)...
  5. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    In what way did you add it?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice