1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[WIP][howto]Configuring TomatoUSB_VPN for VPN provider

Discussion in 'Tomato Firmware' started by windozer, Apr 27, 2011.

  1. windozer

    windozer Networkin' Nut Member

    The goal is to walk through configuring TomatoUSB as an OpenVPN client to any of the VPN providers you're using. The GUI for VPN client in Tomato already has the most basic settings required to connect to most OpenVPN servers. So all we need to do is modify those basic settings by looking at our VPN provider's setting, plug-in/paste some info like certificates username/password etc. The rest of the config from our VPN provider we won't use. This is how it's done in most cases and let's keep it simple like that (for now) : )

    Many VPN provider sites offer a preconfigured OpenVPN for Windows from their site which can be run after installation; you only need to enter the VPN username & password. If you have it then connect from your pc so that you can access vpn temporarily until the router is setup. If you did so then do yourself a favor and right click the systray OpenVPN icon, point to connection-name and choose log. Then stare at it for 5 minutes.
    Here's what my log looks like after a successful connection:
    Code:
    Wed Apr 27 08:53:53 2011 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 12 2009
    Wed Apr 27 08:53:53 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Apr 27 08:53:53 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Wed Apr 27 08:53:53 2011 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
    Wed Apr 27 08:53:53 2011 LZO compression initialized
    Wed Apr 27 08:53:53 2011 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Apr 27 08:53:53 2011 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Apr 27 08:53:53 2011 Fragmentation MTU parms [ L:1578 D:1300 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
    Wed Apr 27 08:53:53 2011 Local Options hash (VER=V4): '9a22532e'
    Wed Apr 27 08:53:53 2011 Expected Remote Options hash (VER=V4): 'e2a912d8'
    Wed Apr 27 08:53:53 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Wed Apr 27 08:53:53 2011 [B][COLOR="Purple"]UDPv4 link[/COLOR][/B] local (bound): [undef]:1194
    Wed Apr 27 08:53:53 2011 [COLOR="Purple"][B]UDPv4 link[/B][/COLOR] remote: 208.43.121.76:1194
    Wed Apr 27 08:53:54 2011 TLS: Initial packet from 208.43.121.76:1194, sid=ad2aae64 e163acff
    Wed Apr 27 08:53:55 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myhost.mydomain
    Wed Apr 27 08:53:55 2011 VERIFY OK: [B][COLOR="Purple"]nsCertType=SERVER[/COLOR][/B]
    Wed Apr 27 08:53:55 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain
    Wed Apr 27 08:53:56 2011 Data Channel [COLOR="Purple"][B]Encrypt: Cipher 'BF-CBC'[/B][/COLOR] initialized with 128 bit key
    Wed Apr 27 08:53:56 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for [COLOR="Purple"][B]HMAC[/B][/COLOR] authentication
    Wed Apr 27 08:53:56 2011 Data Channel [B][COLOR="Purple"]Decrypt: Cipher 'BF-CBC'[/COLOR][/B] initialized with 128 bit key
    Wed Apr 27 08:53:56 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for [B][COLOR="Purple"]HMAC[/COLOR][/B] authentication
    Wed Apr 27 08:53:56 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Wed Apr 27 08:53:56 2011 [server] Peer Connection Initiated with 208.43.121.76:1194
    Wed Apr 27 08:53:58 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Wed Apr 27 08:53:58 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.0.80.11,dhcp-option DNS 10.0.80.12,show-net-up,route-gateway 10.10.10.1,ping 10,ping-restart 60,ifconfig 10.10.10.3 255.255.255.0'
    Wed Apr 27 08:53:58 2011 OPTIONS IMPORT: timers and/or timeouts modified
    Wed Apr 27 08:53:58 2011 OPTIONS IMPORT: --ifconfig/up options modified
    Wed Apr 27 08:53:58 2011 OPTIONS IMPORT: route options modified
    Wed Apr 27 08:53:58 2011 OPTIONS IMPORT: route-related options modified
    Wed Apr 27 08:53:58 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Wed Apr 27 08:53:58 2011 ROUTE default_gateway=192.168.1.1
    Wed Apr 27 08:53:58 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{491A9ACD-706F-42D5-A7FC-98A7260A5C5E}.tap
    Wed Apr 27 08:53:58 2011 TAP-Win32 Driver Version 9.6 
    Wed Apr 27 08:53:58 2011 TAP-Win32 MTU=1500
    Wed Apr 27 08:53:58 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.10.3/255.255.255.0 on interface {491A9ACD-706F-42D5-A7FC-98A7260A5C5E} [DHCP-serv: 10.10.10.0, lease-time: 31536000]
    [B][COLOR="SeaGreen"]Wed Apr 27 08:53:58 2011 Successful ARP Flush on interface [27] {491A9ACD-706F-42D5-A7FC-98A7260A5C5E}[/COLOR][/B]
    Wed Apr 27 08:54:00 2011 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
    Wed Apr 27 08:54:00 2011 C:\WINDOWS\system32\route.exe ADD 208.43.121.76 MASK 255.255.255.255 192.168.1.1
     OK!
    Wed Apr 27 08:54:00 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.10.10.1
     OK!
    Wed Apr 27 08:54:00 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.10.10.1
     OK!
    SYSTEM ROUTING TABLE
    0.0.0.0 0.0.0.0 192.168.1.1 p=0 i=11 t=4 pr=3 a=713 h=0 m=31/0/0/0/0
    0.0.0.0 0.0.0.0 5.0.0.1 p=0 i=20 t=4 pr=3 a=713 h=0 m=9256/0/0/0/0
    0.0.0.0 128.0.0.0 10.10.10.1 p=0 i=27 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
    5.0.0.0 255.0.0.0 5.146.9.49 p=0 i=20 t=3 pr=3 a=713 h=0 m=9256/0/0/0/0
    5.146.9.49 255.255.255.255 5.146.9.49 p=0 i=20 t=3 pr=3 a=713 h=0 m=9256/0/0/0/0
    5.255.255.255 255.255.255.255 5.146.9.49 p=0 i=20 t=3 pr=3 a=713 h=0 m=9256/0/0/0/0
    10.10.10.0 255.255.255.0 10.10.10.3 p=0 i=27 t=3 pr=3 a=1 h=0 m=286/0/0/0/0
    10.10.10.3 255.255.255.255 10.10.10.3 p=0 i=27 t=3 pr=3 a=1 h=0 m=286/0/0/0/0
    10.10.10.255 255.255.255.255 10.10.10.3 p=0 i=27 t=3 pr=3 a=1 h=0 m=286/0/0/0/0
    127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=75890 h=0 m=306/0/0/0/0
    127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=75890 h=0 m=306/0/0/0/0
    127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=75890 h=0 m=306/0/0/0/0
    128.0.0.0 128.0.0.0 10.10.10.1 p=0 i=27 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
    192.168.1.0 255.255.255.0 192.168.1.9 p=0 i=11 t=3 pr=3 a=707 h=0 m=286/0/0/0/0
    192.168.1.9 255.255.255.255 192.168.1.9 p=0 i=11 t=3 pr=3 a=707 h=0 m=286/0/0/0/0
    192.168.1.255 255.255.255.255 192.168.1.9 p=0 i=11 t=3 pr=3 a=707 h=0 m=286/0/0/0/0
    192.168.29.0 255.255.255.0 192.168.29.1 p=0 i=29 t=3 pr=3 a=709 h=0 m=276/0/0/0/0
    192.168.29.1 255.255.255.255 192.168.29.1 p=0 i=29 t=3 pr=3 a=709 h=0 m=276/0/0/0/0
    192.168.29.255 255.255.255.255 192.168.29.1 p=0 i=29 t=3 pr=3 a=709 h=0 m=276/0/0/0/0
    192.168.227.0 255.255.255.0 192.168.227.1 p=0 i=31 t=3 pr=3 a=709 h=0 m=276/0/0/0/0
    192.168.227.1 255.255.255.255 192.168.227.1 p=0 i=31 t=3 pr=3 a=709 h=0 m=276/0/0/0/0
    192.168.227.255 255.255.255.255 192.168.227.1 p=0 i=31 t=3 pr=3 a=709 h=0 m=276/0/0/0/0
    208.43.121.76 255.255.255.255 192.168.1.1 p=0 i=11 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
    224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=75890 h=0 m=306/0/0/0/0
    224.0.0.0 240.0.0.0 192.168.1.9 p=0 i=11 t=3 pr=3 a=713 h=0 m=286/0/0/0/0
    224.0.0.0 240.0.0.0 192.168.29.1 p=0 i=29 t=3 pr=3 a=713 h=0 m=276/0/0/0/0
    224.0.0.0 240.0.0.0 192.168.227.1 p=0 i=31 t=3 pr=3 a=713 h=0 m=276/0/0/0/0
    224.0.0.0 240.0.0.0 10.10.10.3 p=0 i=27 t=3 pr=3 a=713 h=0 m=286/0/0/0/0
    224.0.0.0 240.0.0.0 5.146.9.49 p=0 i=20 t=3 pr=3 a=713 h=0 m=9256/0/0/0/0
    255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=75890 h=0 m=306/0/0/0/0
    255.255.255.255 255.255.255.255 192.168.1.9 p=0 i=11 t=3 pr=3 a=713 h=0 m=286/0/0/0/0
    255.255.255.255 255.255.255.255 192.168.29.1 p=0 i=29 t=3 pr=3 a=713 h=0 m=276/0/0/0/0
    255.255.255.255 255.255.255.255 192.168.227.1 p=0 i=31 t=3 pr=3 a=713 h=0 m=276/0/0/0/0
    255.255.255.255 255.255.255.255 10.10.10.3 p=0 i=27 t=3 pr=3 a=713 h=0 m=286/0/0/0/0
    255.255.255.255 255.255.255.255 5.146.9.49 p=0 i=20 t=3 pr=3 a=713 h=0 m=9256/0/0/0/0
    SYSTEM ADAPTER LIST
    TAP-Win32 Adapter V9
      Index = 27
      GUID = {491A9ACD-706F-42D5-A7FC-98A7260A5C5E}
      IP = 10.10.10.3/255.255.255.0 
      MAC = 00:ff:49:1a:9a:cd
      GATEWAY = 0.0.0.0/255.255.255.255 
      DHCP SERV = 10.10.10.0/255.255.255.255 
      DHCP LEASE OBTAINED = Wed Apr 27 08:53:59 2011
      DHCP LEASE EXPIRES  = Thu Apr 26 08:53:59 2012
      DNS SERV = 10.0.80.11/255.255.255.255 10.0.80.12/255.255.255.255 
    Realtek PCIe GBE Family Controller
      Index = 11
      GUID = {E02CE310-D2F4-41B6-BC6F-C2B4E17C7AC9}
      IP = 192.168.1.9/255.255.255.0 
      MAC = 00:24:1d:d5:c1:9b
      GATEWAY = 192.168.1.1/255.255.255.255 
      DNS SERV = 192.168.1.1/255.255.255.255 
    Hamachi Network Interface
      Index = 20
      GUID = {90CAEB5D-87DF-4E86-BF0E-1AF2A6154E22}
      IP = 5.146.9.49/255.0.0.0 
      MAC = 00:23:c3:05:84:3b
      GATEWAY = 5.0.0.1/255.255.255.255 
      DHCP SERV = 5.0.0.1/255.255.255.255 
      DHCP LEASE OBTAINED = Wed Apr 27 08:42:22 2011
      DHCP LEASE EXPIRES  = Thu Apr 26 08:42:22 2012
      DNS SERV =  
    VMware Virtual Ethernet Adapter for VMnet1
      Index = 29
      GUID = {8C4F8C14-C6E5-4FE6-AC4A-5FEF860F9511}
      IP = 192.168.29.1/255.255.255.0 
      MAC = 00:50:56:c0:00:01
      GATEWAY = 0.0.0.0/255.255.255.255 
      DNS SERV =  
    VMware Virtual Ethernet Adapter for VMnet8
      Index = 31
      GUID = {C63A52BD-3197-4599-AFE8-22A83D4C5865}
      IP = 192.168.227.1/255.255.255.0 
      MAC = 00:50:56:c0:00:08
      GATEWAY = 0.0.0.0/255.255.255.255 
      DNS SERV =  
    [COLOR="SeaGreen"][B]Wed Apr 27 08:54:00 2011 Initialization Sequence Completed[/B][/COLOR]
    
    Moving on to the main subject of using openvpn and TomatoUSB_VPN...

    A You will need the following things before configuring the router:
    1. Router flashed with TomatoUSB VPN. Preferably freshly reset and simply configured to connect to the internet.
      Something to try if connection don't work out as expected.
    2. Linux (or windows) OpenVPN config files from VPN provider.
      Usually just linux config can be downloaded from the website. Once I had to install OpenVPN for windows downloaded from the VPN website, go to C:\Program Files (x86)\OpenVPN\config to get it.
    3. Simple text editor like notepad2 or metapad that can read unix format text.

    B VPN Tunneling>Client>Client1>Basic page
    Open the main config file which ends in .conf or .ovpn for linux and windows resectively. Fill in whatever you can identify between the setup page and config file and let the rest remain default.

    VPN Tunneling>Client>Client1>Advanced
    VPN Tunneling>Client>Client1>Keys
    Administration>Scripts>Init

    WIP - taking screenshots to do some of the talking, and write the rest of the guide after work.
     
  2. windozer

    windozer Networkin' Nut Member

    Parked
     

Share This Page