Will the OpenVPN version of tomato do this??

Discussion in 'Tomato Firmware' started by rizsher, Jul 9, 2008.

  1. rizsher

    rizsher Network Guru Member

    I have a friend living in the Middle East trying to get VoIP to work, not easy and the incumbent monopoly has blocked everything. Using a VoIp provider that allows VPN connection, we've managed to get a softphone on his PC to work and successfully make and receive calls. The instructions on the website are:

    Download OpenVPN 2.0.9 from OpenVPN web site. Download prebuilt Windows installer or source distribution for Linux/Unix and Mac OS X platforms and compile it yourself.
    Create file C:\Program Files\OpenVPN\config\openvpn.ovpn (/etc/openvpn/openvpn.conf on UNIX platforms) with the following data:

    Lots of line of the file content follows, most important of which is

    # SSL/TLS parms.
    # See the server config file for more
    # description. It's best to use
    # a separate .crt/.key file pair
    # for each client. A single ca
    # file can be used for all clients.
    ca ca.crt
    cert ACCOUNT.crt
    key ACCOUNT.key

    In the configuration file replace ACCOUNT in key file names with your 10-digit long account number. Login into your account to request a temporary key files (valid for 2 weeks), or purchase a 1 year key. Put the files to the same directory where openvpn.ovpn file is located.
    Start OpenVPN client with command "openvpn --config openvpn.ovpn". The client will print several lines on the screen, the last line should be "Initialization Sequence Completed". If you get this line, you're 99% done!
    Check the connection. From another command prompt window run "ping", you should get responses from the server.
    Install Xten softphone, configure it as shown on Configuration page, but in "Domain" field enter "" Enjoy SIP calls worldwide over blocked network:)
    The VPN will provide an access to our SIP server only and nothing else, you will not be able to access other SIP providers over our VPN link.

    Now that we know it works, he is looking at using a hardphone (phone or ATA) connected directly to the router to free himself from a PC mic and speaker.

    Before I ask him to invest in a new modem and router, I want to be sure the VPN mod of tomato can acheive the same that he did on the PC, e.g would we be able to copy the key files over to the router?.

    I would appreciate if one of the gurus can answer this. Once confirmed, I can start trial and error to get it working.

  2. occamsrazor

    occamsrazor Network Guru Member


    I'm a bit unclear about exactly what you are trying to do. What exactly are you trying to vpn TO and FROM? It sounds like you want his router to be an OpenVPN client for the VOIP provider, is that right?
    I've only experience in using the Tomato router as a VPN server, I didn't realise it could act as a client too, I'm not sure. I also use VOIP in the Middle East via a Linksys SPA-3102 ATA connected to the Tomato router, but not over VPN as my country doesn't do blocking. I only use the OpenVPN for remote access to my home network. I don't know much about those particular config options but otherwise I'm happy to offer any help I can give.
    On a side note, can I ask which is the SIP provider that offers VPN?


  3. rizsher

    rizsher Network Guru Member

    Thanks for that Ben, you've clarified the terminology for me.

    I would like to be able to use the tomato router as a VPN client for the VoIP provider, thereby being able to use any ATA device connected to the router to connect to the IP Phone service thru VPN.

    Now that I thik about it, I guess if it were possible, ALL the traffic would go thru the provider's VPN server, which may not work as they may be blocking everything except SIP traffic.

    Hope someone else can shed some more light on this.

    Thanks again.
  4. occamsrazor

    occamsrazor Network Guru Member

    I'm not sure about using Tomato as an OpenVPN client. You might want to post on the "Tomato Mod v1.19.1464 with OpenVPN" thread as this is where all the people with OpenVPN experience hang out.
    If you could get it to work as client, I would imagine there would be some way to route all SIP traffic or all traffic to the VOIP providers IP via the VPN tunnel, whilst leaving normal traffic outside. I guess it could be done with iptables, but I have no idea how one would do this. Regards, Ben
  5. occamsrazor

    occamsrazor Network Guru Member

    You say his country is "blocking everything". I use www.pbxes.com as a virtual pbx for my multiple SIP providers - they all get registered to pbxes, then I register my home device to pbxes. It works great once you've got it setup and is free.

    Why am I saying this? One of the very handy features of pbxes is that you can connect to it via a wide range of ports - not just 5060. The full range is:

    53, 69, 80, 135, 161, 443, 500, 1433, 1701, 1812, 3389, 4500, 5061, 5900, 16999, 26999 and 36999

    Another virtual pbx you could try is www.voxalot.com which supports connections on 80, 2060, 3060, 4060 and 5060 and 443. They are easier to setup than pbxes but not as full-featured.

    Providers almost never block 80 or 443, so if this works you wouldn't even need Tomato or the OpenVPN.


  6. rizsher

    rizsher Network Guru Member


    The country in question is the UAE, and they don't employ simple port blocking, they use pattern matching s/ware to block any kind of VoIP, even skype doesn't work!!!.

    thanks for the pointers though, I'll get my friend to look into it, pretty sure even the websites would be blocked by Etisalat!!!.

  7. occamsrazor

    occamsrazor Network Guru Member

    Ah yes, UAE has some very nasty blocking going on. I was there last year and they were blocking a very large range of websites - including almost all the VOIP news websites I frequent. In fact, it's one of the reasons why I use Tomato+OpenVPN. When I am there I can just OpenVPN to my router back home and have unblocked internet. I didn't try any VOIP over the VPN there though am afraid.


  8. humba

    humba Network Guru Member

    You can most definitely use a tomato router with VPN as OpenVPN client and thus establish a transparent site to site VPN. Using with default routes you could route all traffic through the tunnel (all including VoIP of course) and thus bypass any blocks the ISP has in place.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice