Tomato v1.28 & OpenVPN Quirks

Discussion in 'Tomato Firmware' started by Bosnoval, Oct 29, 2010.

  1. Bosnoval

    Bosnoval Networkin' Nut Member

    I've recently been checking out the Tomato firmware after having used DD-WRT for the past couple of years. I've been pretty impressed thus-far with everything, especially the USB features, but I've been having some quirky problems with OpenVPN. I just wanted to spell things out to see if anyone might could point out any obvious issue.

    To start, we're talking about this setup:

    Router: Netgear WNR3500L
    Firmware: Tomato v1.28.9052 MIPSR2-beta23 K26 USB vpn3.6
    ISP: AT&T DSL (Motorola 2210-02 modem in bridged mode)

    Being the newb that I am, my first configuration of OpenVPN was inspired after noticing the "HOWTO" link under the VPN configuration page. It discussed easy-rsa and generating my own certificates. I created everything just as the site instructs but the moment I hit the "Start Now" button to start the service, my router always halts/crashes (internet crashes, web admin disconnects, usb shares drop and even SSH won't respond). I end up having to power cycle the router with each attempt. I tried countless different server configurations (found via Google searches), all with port forwarding & DDNS configured, but every configuration I tried using certificates caused the router to crash. ...I never even got the server service to start, so I didn't even bother with a client.

    So, to test my observations I opted out of certificates and went for a static key instead. I used the first "how to" site I found as a guide and the server at least started for the first time. However, it seems that even the static OpenVPN has its issues. Often when trying to connect it fails and I'm forced to login to the router to check the VPN status. It always claims the same thing, the "Server is not running or status could not be read". Now, this is despite the fact that it had been running the last time I checked and having the "Start with WAN" option enabled. I have no idea how it gets disconnected but I always have to manually use "Start Now" to re-start the service and then things work again.

    SOO, what is up with certificate based OpenVPN crashes and why won't a static key OpenVPN server stay running? My only guesses had to do with cpu utilization and faulty certificates but I extensively tried options to address both issues; nothing seemed to help. Is anyone else having the same issues?

    Example Certificate Config:

    Example Static Config:
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Most likely, your NVRAM is corrupted and you should erase it (thorough) and reconfigure manually.

    FYI: The HOWTO link in the VPN configuration changes based on the key method being used, so it would have directed you to a static key tutorial as well.
  3. Bosnoval

    Bosnoval Networkin' Nut Member

    Hmm, this is a fresh install and I was pretty mindful of NVRAM issues during the install. In fact, I pretty much followed this writeup below to the letter for that reason (in addition to checking the NVRAM erase option in the GUI each time it was offered).

    I suppose it's possible though. As far as the static VPN HOWTO is concerned, I did eventually find that. I just meant I stumbled upon the certificate method first since that's how it's defaulted in Tomato. Honestly, I'd probably prefer the certificate method too, it's just that I was never able to get it running. I'm glad I toyed with both though just for a better understanding of each. I just wish it had actually worked!
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Did you erase (thorough) the NVRAM after your firmware upgrade? It is recommended to do so. Unpredictable, unexplainable errors seem to sometimes pop up if you don't.
  5. Bosnoval

    Bosnoval Networkin' Nut Member


    By the way you're stating that I assume you're asking if I specifically used Tomato's interface to do a:

    Tomato -> Admin -> Config -> "Erase all data in NVRAM memory (thorough)"

    to reset the router. Specifically, I did not. However, I did perform a 30/30/30 reset after each flash, in addition to using DD-WRT's equivalent. DD-WRT offers this as an optional flag/setting when flashing a firmware.

    I assume this is Tomato doing something like a "mtd -r erase nvram". This is going to take some time to test, resetting and retrying all the VPN connections. So, I'll have to let you know.

    Thanks for the help so far though!
  6. Bosnoval

    Bosnoval Networkin' Nut Member

  7. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I was just wondering if you did any kind of nvram clear after the upgrade. I mentioned "thorough" so that if you went off to do it now, you'd do the most comprehensive method.

    Whatever you're running into is probably specific to the build you're using. One possibility is that there isn't enough NVRAM space available. Could you telnet/ssh to the router and perform an "nvram show" to see how much space is free?
  8. Bosnoval

    Bosnoval Networkin' Nut Member

    "811 entries, 19402 bytes used, 13366 bytes free."
  9. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Well, you have plenty of NVRAM, so that's not it. Sorry, but I'm out of ideas. It's likely a problem specific to the build you're using... :-(
  10. Bosnoval

    Bosnoval Networkin' Nut Member

    No problem, thanks for trying to help out! I’m out of ideas myself. I guess I’ll just wait around for another release update and hope for the best.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice