New VPN Setup

Discussion in 'Tomato Firmware' started by rodroy, Sep 30, 2010.

  1. rodroy

    rodroy Networkin' Nut Member

    Hi All:

    I am hoping to get help for setting up my 1st VPN. The goal is to allow a remote worker to VPN into my LAN in order to access files on a NAS drive and an ACT! database on one of my local PC's. The remote worker would be running a local copy of ACT! but accessing the shared multiuser ACT! database over the VPN, at least in a perfect world anyways...

    FYI... My LAN has internet access via an AT&T DSL and the remote worker via cable internet.

    Any help is appreciated!

  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The default settings should be a good start. Just generate the certificates (there's a link on the keys tab to a how-to), and a configuration file for your remote worker ( should need very little editing).
  3. rodroy

    rodroy Networkin' Nut Member

    Wow! Ummm... this is a kind of an advanced answer... I'm a rookie at this! Any suggestions on VPN's for dummies?
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    1. Install OpenVPN on a PC
    2. On the Keys tab in the TomatoVPN GUI, follow the HOWTO link.
    3. Follow the instructions
    4. Open the resulting files, and paste their contents into the Keys tab in the GUI
    5. Follow the link in my earlier post
    6. Copy/paste the example file into a client.ovpn file
    7. Replace my-server-1 with the IP address or DNS name of your TomatoVPN router
    8. Give the client client.crt, client.key, ca.crt, and client.ovpn files to your remote worker
    9. Install OpenVPN on his computer
    10. Open the client.ovpn file
  5. rodroy

    rodroy Networkin' Nut Member

    Now this I can do! Thanks a million SgtPepperKSU!!!
  6. rodroy

    rodroy Networkin' Nut Member

    It appears that I don't have a "Keys" tab.
  7. rodroy

    rodroy Networkin' Nut Member

    Running Tomato 1.28.
  8. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Oh, I assumed you were running TomatoVPN, or one of the other mods that include the changes from TomatoVPN. If you want to have a VPN server running on your router, you'll need to install firmware that supports it. Regular Tomato does not.
  9. jwdaigle

    jwdaigle Addicted to LI Member

    I guess asked another way, is there an "Idiots Guide to setting up a VERY simple Site to site OpenVPN link"? I have TomatoVPN running at two locations, and I want to do a simple site to site VPN, but cannot seem to figure out exactly how it works.

    LAN is 10.100.10.x,

    LAN is 10.102.10.x,

    I want to be able to see 10.102 systems on 10.100 LAN, and to see 10.100 systems on 10.102 systems.

    Settings on OpenVPN1:
    Under Server/Basic: TUN, UDP, 2659, Automatic, Static Key, . I used defaults on Server/Advanced.
    On Keys/Static Key I typed in "Testing123!".

    Settings on OpenVPN2:
    Under Client/Basic: TUN, UDP,, Automatic, Static Key, Create NAT on tunnel is enabled, Used defaults on Client/Advanced.
    On Keys/Static Key I typed "Testing123!".

    Should this work? :) Do I at least have the concepts correct? I will move to using certificates once this "Hello world" example works for me....

    And by "work", I am expecting that on, I can ping and so on and so on. Also, the reverse is true? Anywhere on the client LAN I can ping anything on the server LAN?

    Thank you very much for any help,

  10. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    This is not the same question asked another way. It's a separate question altogether. If this response is not sufficient, please start a new thread so as not to hijack this one.
    This won't work. You'll need a real key (see the howto link on the keys tab).
    This bit will keep your server LAN from seeing the client LAN. To get that to work, you'll either need to set up routes manually (if you stick with Static Key) or switch to TLS and use the client-specific options (this would be the best way to implement what you want).
  11. jwdaigle

    jwdaigle Addicted to LI Member

    My apologies - I will open a new thread if the need arises.

  12. Lwstestclone

    Lwstestclone Networkin' Nut Member

    I am having issues as well that are more than likely my fault. OPening a new thread for this one.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice