OpenVPN setup question.

Discussion in 'Tomato Firmware' started by tiberius72, Jul 29, 2009.

  1. tiberius72

    tiberius72 Addicted to LI Member

    Firstly I am new to Tomato and OpenVPN. So pls pardon the dumb questions

    Here is what I need to do.

    I need to setup an OpenVPN server on Tomato so I can access the internet via another country. My reason is so when I travel I can watch my BBC iplayer programs from my brother's house. The BBC use geo-ip type stuff to see where you are. I did think of setting up a proxy server but those can be hacked and the service provider will frown upon it.

    To keep things simple for him (my brother) and not so simple for me (or us). I need to place the router (Asus 520Gu) behind his Belkin. His Belkin is an ADSL router with an RJ11 socket - so it is doing the authentication type work with the broadband provider. I know I need to do some port forwarding to get to the router externally. Thats not a problem. I need the tomato router to let me surf the web with a UK IP address not another country's IP. There will no machines for me to access once I connect through the VPN, I just need to surf the web from the UK (via OpenVPN of course).

    Will this work ??

    If so should I connect the tomato router to the Belkin via its WAN port ? also do I need to use a cross over cable or is a regular one fine.

    Any help would be appreciated..


  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Should work fine, though using a Tomatoed router as the VPN endpoints may limit the bandwidth to levels unsuitable for streaming video.

    Yes, connect the Tomato router's WAN port to a LAN port on the Belkin router with a regular ethernet cable.
  3. tiberius72

    tiberius72 Addicted to LI Member

    I didn't think I would get the one and only SgtPepper replying to my thread... I feel honored :biggrin:

    Thanks for the heads up on the streaming video. My main reason is to download and then watch later. But streaming was something I had in mind at a later date. What kind of speeds do you think the router will allow ?

    Perhaps I am better off using a Windows Home Server. I will still give this a try.

    I was think of using the "Quick and dirty VPN server HOWTO!!" from Delta 221

    Are there any other guides that might be better ?
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I don't know. I've never benchmarked it. But, the relatively slow router CPU will almost certainly be your bottleneck. You'll just have to see if it's suitable for your use.
    Just follow the OpenVPN HowTo for generating certificates and copy them to the Web GUI. After that, there shouldn't be much to set up. Look through the tabs and if there is something that you know you'll want different, change it. If you don't know what it does, you probably don't need to change it from the defaults.
  5. gawd0wns

    gawd0wns Network Guru Member

    I agree with your choice in TomatoVPN. I would recommend you look into setting up a TAP connection, with UDP, and with lzo encryption disabled. I am not sure how fast we can download with TomatoVPN, since my internet connection is slow.

    Your maximum upload speed will be the maximum rate at which you can download when you are away. You will also have to consider the maximum download speed of where you are going, whether it is greater than or less than what you get at home. I don't think you will notice anything as long as your upload rate is less than 350-400 KB/s, though I am just guessing. Maybe you can test it before you go away, and share it with us :).

    One of the fastest ciphers is Blowfish (BF-CBC), which is still considered secure... Though I don't know how many supercomputers the Chinese government employs to help in their internet snooping (yikes!)
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I'd suggest TUN though, unless you have a specific need for TAP, as it is lower overhead (better performance) and easier setup.
  7. fyellin

    fyellin LI Guru Member

    99% of the time I agree with SgtPepperKSU. However he has made TAP incredibly easy to use, also. And though it may have higher overhead, it means that my laptop is almost literally on my home network when I travel. My servers, disks, and printers are right there.
  8. gawd0wns

    gawd0wns Network Guru Member

    I didn't know it had higher overhead, how much are we talking bytes wise?

    In my experience, TAP worked much more seamlessly, like fyellin mentioned, you get a LAN ip and have access to everything because you connect as a part of the LAN. Your setup might require otherwise. Be sure to have everything tested and up and running before you leave.

    Some words of advice, which will save you A LOT of trouble: Change your LAN subnet to something obscure like 192.168.162.*, IT MUST be different from the LAN address range you are connecting from.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice