Tomato Mod v1.19.1464 with OpenVPN/Tomato Mod v1.21.TEST-v5 with OpenVPN-GUI,SDMMC,IP/MAC

Discussion in 'Tomato Firmware' started by roadkill, Jun 4, 2007.

  1. janosik47

    janosik47 Addicted to LI Member

    sorry, can't help any more at this stage :( I used to play with Tomato VPN mod some time (2007) ago but what I have done is just follow the thread's suggestions plus some minor modifications (like moving to the TCP from UDP as the client was behind a proxy) and works really fine ... just read the whole thread carefully ...
  2. tatoosh

    tatoosh Addicted to LI Member

  3. Troy

    Troy Addicted to LI Member

    I am having trouble with the v5 test build.

    A stock tomato has no problem finding the IP/DHCP of the cable modem when installed,

    on the other hand this version, in the first reboot, managed to get the IP, but could not renew the DHCP, and after I released/renewed it even lost the IP.

    Installing back the stock tomato got everything back working just fine.

    any help please?

    router linksys WRTGL
  4. sefs

    sefs LI Guru Member

    Is this mod still maintained? It was last updated in 2008 I see.

  5. ernstblaauw

    ernstblaauw Addicted to LI Member

    Hi, I see you have sftp incorporated in this mod. I would really love to use sftp with the latest Tomato. Can you help me how to patch the current Tomato for sftp?
  6. kamatschka

    kamatschka Network Guru Member

    I cant really wait anymore ... maaan ..
    I am looking for a latest Tomato Mod with SDHC,VPN, and FTP/HTTP Server ... DD-WRT is way to slow. So.. I will be really happy when you will release your Mod of the 1.28 Version of tomato.


    Happy New Year... :)
  7. baldrickturnip

    baldrickturnip LI Guru Member

  8. hrts

    hrts LI Guru Member

    DynDNS client while WAN is disabled

    One question about DynDNS on 1.19 version: how can I detect (detect is the key word!) and pass to DynDNS client the external IP (public one) if my router has WAN interface disabled?

    Current config follows:
    1. Provider - Cable TV. My friend owns the connection.
    2. Provider's Cable modem
    3. My friend's router - WDS enabled toward my router (long distance between houses, no cable solution between us). IP 1
    4. My primary router WRT54GL Tomato OpenVPN 1.19 - WDS enabled; transmit power set to 200mW in order to catch/retransmit with minimum packet loss my friend's signal - (THANK YOU for this power setting feature! It saved my life!). WAN interfase set to disabloed - not used at all!. DynDNS, OpenDNS & OpenVPN clients started (tested for 2 years: formerly running over FTTH). WiFi security allowing only WDS MAC addresses, no AP connection allowed in order to use the full bandwidth for WDS transport. IP 2
    5. Cable link with 3rd router: Asus WL530g - WAN pot connected to a LAN port from WRT54GL. IP 3. WAN Gateway pointing to my friend's router (IP 1). On Asus I am using a different channel and SSID from WDS setup in order to reduce the noise and interference with the WDS. Asus does a NAT from WAN IP domain to a different Domain in order to reduce the number of packets transported over WDS (my house communication between equipments remains in ASUS LAN).

    I have the problem on Lynksys router (with WDS enabled) to catch correctly the external IP address of my friend router (IP dynamic). I need to find this IP in order to pass it to LinkSys/Tomato DynDNS client and register it to NO-IP service if I want to find my OpenVPN box in the Internet...

    Any solution for this crazy setup? My friend's router does not have DynDNS capabilities ( Siemens Router).

    PS: great job with this firmware: I am using since it was launched and never had to reboot my router while I was on fiber. Nowadays, with CableTV provider and this crazy config, I have the first "issue" - more than acceptable if you ask me.
  9. rhester72

    rhester72 Network Guru Member

    Write a script to parse it by periodically querying something like, comparing the result to last known/cache, and hitting to update if changed (or less than 28 days)?

    I used to have a script I wrote for OpenWRT that did precisely this (and even parsed the full set of error codes from's amazing that you can create a full dynamic DNS client with nothing more than bash!), I'll see if I can dig it up.

  10. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Also, you could just use the "Use External IP Address Checker" option on the DDNS page.
  11. hrts

    hrts LI Guru Member

    "Use External IP Address Checker"

    "Use External IP Address Checker" is the one I'm using with no success.
    NO-IP web interface (and nslookup) returns some old WAN IP (currently WAN interface being disabled). It appears that client does not work at all while WAN is disabled. How can I trick the client to work?

    Sorry for not mentioning that before.

    How can I create the script? I am not that good with bash scripts :(

    PS: Open DNS works because "This service determines the IP address using its own method." How can I grab the IP from OpenDNS client and pass it to DynDNS?
  12. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    "Use External IP Address Checker" should already be doing exactly what you want. There is code throughout specifically to handle the case when the WAN is disabled.For NO-IP, it simply does a wget to and uses the value it sees there. Visit that site and see if the expected value is shown. If you check "Force next update" in the GUI and save, does it show an error under "Last Result"?
  13. hrts

    hrts LI Guru Member

    1. Forcing next update does not return any error message, nor success:
    Last IP Address -
    Last Result -

    2. wget returns the external IP correctly (the one that I see on WAN interface on my friend's router).
    3. From Tomato Box: Tools/Ping I get 5 responses out of 5 for - so the box can reach correctly the DynDNS server

    In system log there is no information about the attempt. In fact in the log there are only the sys time update entries. (I assumed that router connects fine to internet because it gets the time updated). Is there any way to make DynDNS service verbose? Or to put it in another way: how can I check that "Force Next Update" did run since it leaves no trace in log? I do have ssh/wcp access to the box and I do know how to copy a log file from the box (I am doing this for openvpn log files in order to monitor the accesses to my home network).

    What is the option Admin/Debugging -> "Enable DDNS output to /tmp/mdu-* " doing? If I enable it will it help me to trace the DDNS errors?

    NO-IP website displays now the last manual update I performed 3 days ago.
    Bottom line: DynDNS service seems that it does not work at all; not a single error reported.
  14. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Yes, that option could help debug the issue. It should create logs at /tmp/mdu-noip.txt.

    Also, did you erase NVRAM after upgrading your firmware? Not doing so can cause a lot of unexplainable behavior.
  15. Aquafire

    Aquafire LI Guru Member

    Hello All,

    Trying to connect to my home router(WRTSL54GS) running this firmware through my office proxy server. The server and client are configured for static key access, without any cipher.

    First I tried without the proxy server (direct connection) and it was fine and able to connect on the default port 1194.

    But when I try going through the office proxy, I get the following messages in the log

    Looks like even the VPN access is blocked via the proxy server. Any ideas how to make it work and bypass it, afterall that was the whole objective of the exercise. :confused:

    Thanks in advance
  16. i1135t

    i1135t Network Guru Member

    Sorry to bring up an old thread, but SgtPepper and I tried working on a solution in the past by trying to setup an OpenVPN TUN connection through DNS port 53 (UDP) since that is ALWAYS open. The thread is located here. Now that I think about it, can IPTABLES be used to redirect outbound through port 53 since we could redirect inbound packets to a different port that the VPN server is running on, say 1194? It would look something like this:

    Incoming connection(53-UDP) ==> WAN-in (iptable PREROUTING for DNAT or REDIRECT to OpenVPN 1194-UDP) ==> OpenVPN handshake says TLS happens at port 1194 ==> WAN-out (iptable POSTROUTING for ?? redirecting outbound packets destined for 1194-UDP to redirect to port 53-UDP outbound) ==> Outbound handshake back to source at port 53-UDP

    Can this be done with a few iptable rules? I'd like to test this but unsure on how to create the iptable rules as I am no expert in it. The purpose of this was to try and bypass hotspot authentication, purely for educational purposes. Chime in if this makes any sense.
  17. kanishka

    kanishka Networkin' Nut Member

    do you guy know how to bridge the VPN connection with the LAN ports ?
  18. roadkill

    roadkill Super Moderator Staff Member Member

    Hi Guys,
    I haven't been here a while... also I moved my equipment to OpenWRT since no Tomato updates for a long long time...
    I can provide some limited support / newer test builds, although most of my enhancements were reproduced in SgtPepper's Build

  19. rs232

    rs232 Network Guru Member

    I've noticed that my tomato gets the log flooded with the foloowing code every few seconds
    Jul  3 16:08:12 36k daemon.notice openvpn[376]: Inactivity timeout (--ping-restart), restarting
    Jul  3 16:08:12 36k daemon.notice openvpn[376]: TCP/UDP: Closing socket
    Jul  3 16:08:12 36k daemon.notice openvpn[376]: Closing TUN/TAP interface
    Jul  3 16:08:12 36k daemon.notice openvpn[376]: /sbin/ifconfig tun21
    Jul  3 16:08:12 36k daemon.notice openvpn[376]: SIGUSR1[soft,ping-restart] received, process restarting
    Jul  3 16:08:12 36k daemon.notice openvpn[376]: Restart pause, 2 second(s)
    Jul  3 16:08:14 36k daemon.warn openvpn[376]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: Static Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: Static Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: TUN/TAP device tun21 opened
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: TUN/TAP TX queue length set to 100
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: /sbin/ifconfig tun21 pointopoint mtu 1500
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:4 ET:0 EL:0 ]
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: UDPv4 link local (bound): [undef]:1196
    Jul  3 16:08:14 36k daemon.notice openvpn[376]: UDPv4 link remote: [undef]
    This happens more or less every 20-30ish seconds (not always the same).
    Not sure this is a normal behaviour...
  20. Elanzer

    Elanzer Addicted to LI Member

    I've recently setup a VPN with 2 ASUS RT-N16 routers that connects 2 offices together from city to city. The goal was simply to get them all on the same workgroup for easy file sharing and such between both offices as if they were local. The VPN is setup as TAP over UDP, nothing too special for configuration - basically followed a guide on a blog.

    There's a configuration problem somewhere though, with the VPN connection active both offices bog down to snailpace intermittently, and judging by speed tests on the remote VPN client out of town, it seems that sometimes (but not always?) the VPN client is actually using the VPN server as an internet gateway, which is very bad because it strangles the upload bandwidth on the server and the download on the client - the upload and download bandwidth sometimes test almost identically to the VPN server's upload bandwidth. It doesn't seem to ALWAYS happen though, as in I can sometimes get full speed on the VPN client side without any performance issues and it's clearly not tunneling things like web browsing.

    It's my second time setting up a VPN with Tomato, the first with a site to site with 2 routers so I've probably missed a crucial setting somewhere that's utterly facepalm-worthy.

    Would changing the gateway to the local router fix the problem?
  21. rs232

    rs232 Network Guru Member

    Is there any chance to see tomatoVPN updated with tomato 1.28 core and openvpn 2.1.3?

  22. yitzhakbg

    yitzhakbg Networkin' Nut Member

    Will this work on the Dlink DIR 655?

    I'm interested in running SgtPepper's Tomato OpenVPN on either the DIR655 because of the Gigabyte LAN or the DIR615 because of their availability here.
    I'd like to know in advance what my chances are before I buy the router.
    Advice please
  23. maurer

    maurer Network Guru Member

    dir-655 or dir-615 are not broadcom based - so no tomato support at all.
    some revisions of dir-615 are supported by dd-wrt and openwrt with their own openvpn builds.
  24. hrts

    hrts LI Guru Member

    After some time my OpenVPN server does not start anymore.
    Reason: /usr/sbin/openvpn is missing.
    How can I restore it?

    All other files are there (dh.pem, server.key, etc, openvpn.conf, etc).
    I do not have a clue why that file is missing. It worked for the past 2 years.
    I am using
    Tomato Firmware v1.19.1463
    Copyright (C) 2006-2008 Jonathan Zarate

    Late edit
    I did a firmware upgrade to v1.19.1464 and now all is fine!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice