[Request/Suggestion] L2TP/IPSec for Tomato

Discussion in 'Tomato Firmware' started by zgep, Jan 11, 2010.

  1. zgep

    zgep Addicted to LI Member

    Hi there,

    I recently got myself an Android phone and that can't connect to OpenVPN servers, only PPTP and L2TP/IPSec. As PPTP is not exactly considered safe I wondered if someone would be interested in hacking together a Tomato mod with:
    - L2TP/IPSec Server (there is one named OpenSWAN for Linux, another one is called StrongSWAN afair)
    - Speedmod
    - based on Tomato 1.27

    I write this w/out knowing if this is even possible (I have no idea how complex L2TP/IPSec is to implement) or how much work it would take, but maybe someone has the time and will to do it!

    What do you think about it?


    edit: a micro-ftp server and sd-support would be quite cool to for synchronization of my firefox-bookmarks, but maybe both is a bit much to ask...
  2. occamsrazor

    occamsrazor Network Guru Member

    I am in the same situation but with an iPhone - no OpenVPN support. I believe one of the problems is getting TUN/TAP support on the device. Some people have been trying here.
    It is probably possible eventually (albeit requiring a jailbroken phone), and I would prefer an OpenVPN solution, but practically I agree that connecting to an IPSEC/PPTP server would be a whole lot easier. On the iphone the IPSEC/PPTP client is very smoothly integrated into the OS, and am guessing it's similar on Android.
    There have been previous attempts to put PPTP-Server functionality into Tomato, including some actual builds e.g. here and here - though I don't think it was ever added to an OpenVPN-enabled build, and I can't remember any IPSEC-server builds.
    Agree that IPSEC is more secure than PPTP, but seeing as more work seems to have been done already on PPTP-in-Tomato, I'd be very happy to have PPTP added to the recent OpenVPN builds.
    OpenVPN is great, I use it daily, but its availability on mobile devices seems non-existent, so I for one would welcome PPTP/IPSEC options, which e.g. would enable me to remotely and securely VNC into my home machines from my iPhone.
  3. endolith

    endolith Addicted to LI Member

    Cyanogenmod has OpenVPN built in, apparently, but I'm not sure how to use it. TunnelDroid is in the app market and apparently lets you configure it.

    I'm interested in this, too, since it's built into Android and into Windows (work laptop) and is supposed to be secure.

    Can Mozilla Weave do that?

    Yes, it's the same way.

    With something like TomatoVPN?

    Other places I've asked:
  4. endolith

    endolith Addicted to LI Member

    I think I have OpenVPN working on both the router and Android now, but it doesn't work out of the box. You have to configure it manually and I haven't a clue how to do it.

    The server seems to be working, at least. Tunneldroid lights up the green button, but I don't know if that means it's connected or what. Even if I do get it working, I don't know how to test whether everything is being encrypted or not.

    The phone config file is
    remote routerdomainname 11940
    dev tun
    secret /sdcard/openvpn/static.key

    Attached Files:

  5. smihaila

    smihaila Reformed Router Member

    Does anyone know whether the L2TP client which comes integrated into the Tomato builds (Toastman's build flavors to be more exact) is a plain/straight L2TP or it supports also IPSEC over L2TP? I am asking because there doesn't seem to be any 'preshared key' field in its config UI.

    Another interesting thing would be to have either Toastman or Shibby be able to produce a VPN type of build for the Cisco Valet M10 V2 routers. I couldn't find any unfortunately. I'd be willing to sacrifice other features like QoS or traffic graphing/monitoring, just to have an integrated OpenVPN client, if possible.

    Thank you.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice