VPN for rookies - Any primer?

Discussion in 'Tomato Firmware' started by RixNox, Jan 25, 2013.

  1. RixNox

    RixNox Serious Server Member

    After having successfully installed Toastman [Firmware v1.28.7501 MIPSR2Toastman-RT K26 USB VPN] on my Asus RT-N16, I was wondering how to approach VPN to allow ONE-to-LAN connections, if possible. I see Tomato offers OpenVPN as an option.

    Basically I'd like to allow remote connections through Asus/Tomato to the computers connected wirelessly to the Asus. (mostly to configure Tomato remotly & access computers behind Tomato using either Microsoft's Remote Desktop or Teamviewer) .

    At the moment the Asus is running in AP mode, no NAT, no firewall, just because Internet connection is provided by a WISP offering connectivity through a Mikrotik router (with NAT & Firewall enabled, probably requiring port mapping to the Tomato AP):

    Internet-->Mikrotik (NAT + Firewall enabled)->Tomato (AP mode, no NAT, no Firewall)->WIFI->PCs

    Is this a safe scenario?
    How to configure correctly the Tomato AP?

  2. gfunkdave

    gfunkdave LI Guru Member

    Safe for what? The Defense Dept? Probably not. :) But for a home user, yes, it's fine.

    You'd need to configure a mapped port (UDP 1194 for a routed OpenVpn connection). If you Google "openvpn howto" you'll find the OpenVPN tutorial and how-to-set-up document on OpenVPN's site. If Tomato isn't routing your connection, I *think* OpenVPN will still work...but maybe not. And of course you'd need to install the OpenVPN client on each remote computer.
  3. philess

    philess Networkin' Nut Member

    I can recommend this guide for you:


    Was very easy to follow even for a total noob like myself, and it was working right away.
    What is taking the most time is generating the certificates, but it´s all very well explained.
    If you only want to access the Tomato thats the default, if you want to access other computers that
    are connected to Tomato, you must enable "Allow Client<->Client". But actually i am not 100%
    sure if that only applies to VPN-Client<->VPN-Client or in general too (VPN-Client<->LAN-Client).
    Just try it yourself. If that failes, you can just add a route to certain LAN devices that you want to access.
  4. RixNox

    RixNox Serious Server Member

    Great help, thanks guys
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice