TomatoVPN - Am I missing something....

Discussion in 'Tomato Firmware' started by paped, Jul 4, 2010.

  1. paped

    paped LI Guru Member

    ....probably obvious!

    OK what I am trying to do is replicate the OpenVPN set-up I had on a 24x7 running PC on TomatoVPN.... This did...

    1) Allowed me to connect (mainly for testing) via the local wireless/LAN and set-up a tunnel (on the same LAN that the router is on) but I cannot get this working with TomatoVPN I need to be on my 3G dongle to connect. If I try to connect from my LAN I just get a TLS timeout error following by a TLS Handshake failed line, followed by "SIGUSR1[soft,ping-restart] received, client-instance restarting" line in my Tomato log file? 3G/external IP connects OK - but please see further issue below.

    2) When I connect route all traffic from the client via the VPN for both internet and LAN endpoints. When I connect (externally) to TomatoVPN either by TUN or TAP methods the router says connected, my client (Ubuntu,Gnome Network manager) says I'm connected but I cannot get to anywhere on my LAN or internet - not even to the routers web admin page. Google just says "looking up...." in my browser then times out. Its as if it has no DNS but I am pushing the DNS details to the client by what's in the log file on the router. As it is sending 'PUSH_REPLY,dhcp-option DOMAIN abcabc,dhcp-option WINS,dhcp-option DNS,route-gateway,redirect-gateway'. For TUN I use the subnet of, for TAP I use a range from higher up in my 192.168.0.x subnet that I use on my router as if I use DHCP or any range other than the 192.168.0.x range the TAP connection fails.... so I assume this is correct? I also have everything ticked on the advanced page except "Allow only these clients" which should allow what I want to do and give the same options that I had in my PC's server.conf. However all I get in the log file is a number of "Authenticate/Decrypt packet error: packet HMAC authentication failed" errors followed by a number of "read UDPv4 [ECONNREFUSED]: Connection refused (code=146)" errors and then the "inactivity timeout" and "SIGUSR1[soft,ping-restart] received, client-instance restarting" error which seem to disconnect the client?

    I know the certs are OK as they are my original ones that I have been using with OpenVPN for more that 18 months....

    So I am totally baffled why this does not seem to work, hence after nights of checking forum etc I am thinking that I must somehow be missing something somewhere.... so any help or pointers in the right direction would be greatly appreciated.
  2. Dagger

    Dagger Networkin' Nut Member

    Running OpenVPN on a LAN Host is a bit different than running OpenVPN on the LAN Router. Because TomatoVPN runs on the router, I think the GUI makes certain assumptions and uses them to build the server config file and also adjust the firewall/routing tables. Which is the right thing to do because I don't know why you would want to connect to a VPN server on your local network in the first place. That's like taking a bath and calling it skinny-dipping.

    It's been noted several times that you should make every effort to have your client and your server in different subnets/networks. This is why it is recommended that you change your home network from the common network to something less common like This way, if you find yourself at a coffee shop somewhere and their network is you won't have any trouble connecting to your home network.

    Other than that... we'd have to see your config files to be able to tell more...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice