I will assume that you have a router that is tomato/dd-wrt/openwrt enabled, with a variation of the firmware installed, that way it is very easy to flash to the tomato openvpn enabled firmware. Your best friend to this information is google.
First download the firmware.
http://tomatovpn.keithmoyer.com/
you can download the binaries, and the latest update is 1.25vpn3.3 release as of this article.
Then go to your tomato router and flash it with the firmware from the Administration Screen.
Notice that I am already using the OpenVpn Modded Tomato, I have attached that screen so users can really see what they are doing.
After you have loaded the firmware and rebooted the router you will see the VPN Tunneling Option in your menu. What you need now is to download openVpn and generate a key, a good tutorial would be to read the materials in Openvpn's main page.
Click on the VPN tunneling option in your router menu. And you will be presented with the following screen
Then you can select the following
Interface Type:TAP
Protocol:UDP
Port:1195
Firewall Custom
Authorization Mode:Static Key
Ignore advanced and goto keys, and you will reach the following screen
Insert the key with the static key you have generated in your copy of OpenVpn. Remember not to share this key with anyone.
Then you should go to your firewall and forward the port 1195 to your router's IP address. In my case, I forward external UDP port 1195 local port 1195 at my router's IP address which is 192.168.1.1
If you do not have static ip with your ISP, it is easier if you configure a DDNS host. You can join free service in either Dyndns.org or no-ip.com. Then you can connect from anywhere to your
xxx.dyndns.org
After that you should configure your local config file for openvpn and save the settings to a configuration file, in our example we name it connect.ovpn.
# Use the following to have your client computer send all traffic through your router
# (remote gateway)
remote replace this with your server's address or xxx.dyndns.org
port 1195
dev tap
secret static.key
proto udp
comp-lzo
route-gateway 192.168.1.1
redirect-gateway
float
Then place your static key in a file in the same directory as your connect.ovpn, make sure the name of the file is "static.key".
You can now connect to your host by right-clicking on your connect.ovpn and select connect option
46 comments:
Great post; quick question. My router does not indicate that the OPENVPN service is running. I get this: "Server is not running or status could not be read." on the status page. Any ideas?
John
Hey you could try to connect from within your network first, make sure that it's not the port forwarding that's having the problem. So you can nail down the problem one by one.
such simple instructions, very easy read! question - do you know if such a config could be used to circumvent the great firewall of china? i know they block facebook and twitter most of the time.
thanks!
Short answer, yes. However you need to setup your openvpn server outside of China. This is more of a openvpn question rather than with tomato. Openvpn opens a tunnel between yourself and your server, thus people cannot read when they are forwarding the traffic for you. Since you have a key, this setup can access all your facebook and twitter from China with no problem. Even Cnn, and most of your mongolia, Taiwan sites. I hope I haven't typed enough keywords for the Chinese to block me.
your configs worked perfectly. all i had to do was force the TAP interface metric to something lower than my internet interface. dropped it to 10, and all traffic got throw over the openvpn. even skyping through it!
Hi,
I've tried this HOW-TO and I'm really new to this.
What I can't get to work is the config file. I've tried to create one in a text editor and then I've put the file into my bin folder. Am I doing this wrong? Cause I can't right-click on the file and select connect.
Thanks in advance!
Hi,
have you try tinc with tomato?
i think it is a nice part of software.
Greeting
dieter
Are the firewall changes on the router or your PC? The router firewall does not control routing, it is a different tab.
Great overall instructions!
Hey glad to know that people are getting this to work. Thanks for your comments.
Dieter,
I haven't tried Tinc,I will take a look. Thanks
Works perfect inside my lan. I will have to test this when i'm on the road :)
thank you
I didn't manage to make a connection using the firewall:Custom Setting. I don't know what went wrong.
However i changed Firewall: Automatic
and didn't use a port forward of the port to the internal address of the router.
This did work on my computer. Great news .. great post :)
Dear Author blog.johnso.org !
Rather the helpful information
Thanks for the feedback. I found that the openvpn client works depending on the network you connect from. I can connect from anywhere except my work network.
Can anyone recommend the well-priced Remote Desktop software for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: [url=http://www.n-able.com] N-able N-central remote control
[/url] ? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!
It looks like this tutorial is for connecting a computer to the tomato VPN server and access resources behind this router. Is there a tutorial on how to do a site-to-site VPN connection using two 2 tomato VPN routers? I like to have a persistent 24/7 VPN connection between my home and office so I can use rsync to sync two file servers -- one at work and one at home.
no matter what i do, i get a series of messages that say "invalid ip adress" when i try to save my settings. i've tried various settings and have not been able to save the settings i input.
I am currently running tomato v1.27.8742 on a wl520gu if it helps.
Which part of the instruction are you stuck at?
John
I would get to the last step of the server setup on my tomato router. When I clicked save, that is when I revieved the ip adress is invalid error. I played arround with it all last night and to get I to save my settings, I had to fill in every blank for the setup of server 1 and server 2.
I seem to have a new problem now though. I have th settings saved, but when I click the start button, nothing happens.
Is this a bug, or is it simpily user error?
Thanks for the help.
In order for me to get it to work on my system, I had to leave it at the default port, and set the firewall to automatic.
A few questions and I've read through the threads, and I'm still struggling to get this to work.
1) are the firewall/portforwarding changes done in tomato or on the pc client? I believe the answer is in tomato, and all that needs to be done on the pc is to create a firewall exception.
2)is the external server addess the wan ip address of the modem, or the gateway address between the modem and the router. (Configuration is that my tomato router sits behind my cable modem).
thanks.
I played around with this this evening as was able to get it to work.
- ip address is external
- port forwarding is done on tomato on the router
- firewall rules are on the PC
Glad you got it to work
Just an update to my last post:
When:
- ip address is external
- port forwarding is done on tomato on the router
- firewall rules are on the PC
I can connect through local LAN, but cannot connect over WAN.
When I change the settings so that
- firewall setting in tomato are automatic
- remove the portforwarding rules in tomato
I am able to connect through VPN both through LAN and WAN.
Great post! THANKS!!!!
I had to change the firewall settings on router to Automatic to be able to connect through WAN.
Thank you BATMANTAS for the idea.
I have a naive question: Does setting up a local VPN like this make you anonymous to your own ISP? My hunch is no, but I'm having trouble finding confirmation.
Thanks!
@Ihstiv you are correct, if you create a private VPN in your home network the IP address that you use to go out will be the same. Another way is to use your friend or family internet to install the VPN server. Connect to it and you will be seen as the same IP as your friend or family's IP.
It doesn't work with windows 7 :( i tried it, it's green, but when i try there was the old ip address, not my routers.. :(
If someone could help it would be GREATLY appreciated ... I've followed the guide as best I could (I'm using a FreeBSD server so it was a little different, but the server isn't the issue) but I'm having a problem and I've scoured google for about an hour now and can't seem to find a fix ...
I've got the authorization mode set to 'static key', and I put the 'client.key' I generated on the server while following into the Keys box, starting with the "-----BEGIN RSA PRIVATE KEY-----" line and ending with "-----END RSA PRIVATE KEY-----", but when I try to start the VPN it fails and I get the following in my /tmp/var/log/messages -
Jun 17 16:27:06 unknown daemon.err openvpn[1077]: Insufficient key material or header text not found found in file 'static.key' (0/128/256 bytes found/min/max)
It's seems like the key isn't making it from nvram to the file when it tries to start up ... if I knew where it was creating the temp file I'd just write the key there myself, but I have no idea ... if anyone knows how I can fix this it would make me extremely happy ...
Thanks
Polaris75,
Open up static.key file with a regular text editor, copy :
-----BEGIN OpenVPN Static key V1-----
........................
............................
.....................
-----END OpenVPN Static key V1-----
(including ---BEGIN and ---END lines)
and paste it into "VPN Tunneling\Server -> Keys" on the router. The only problem I had was the firewall. I had to set it to "Auto".
And you will need your "static.key" file to be in "OpenVPN\config" folder.
I don't understand this step:
>Then you should go to your firewall and forward the port 1195 to your router's IP address. In my case, I forward external UDP port 1195 local port 1195 at my router's IP address which is 192.168.1.1
Do you mean port forwarding? And isn't the VPN server residing on the router anyway? What exactly is being forwarded?
Help please. I can connect to my router but can't ping anything.
@Istvan if you have setup everything in the router and you try to connect in Vista and Windows 7, I found that you have to run it as administrator, otherwise you won't be able to connect. What does the log say when you connect?
@Shak
You are setting it up on the router, but you still have to forward the ports, some users have success with firewall setting in tomato set to automatic, and remove the port forwarding in the firewall router.
Thanks Batmandas
what changes should I make to the config file for bridge mode?
I got stuck at generate OpenVPN keys. I wasn't sure what to install and how to generate a key
Great step by step tutorial. It worked out really fine. Thanks.
US VPN
Great step by step instructions and if this can circumvent the firewall in China it must be a powerful piece of software. http://www.proxynetworks.com
Thanks for sharing this information. I'm still studying how Tomato works with OpenVPN.
chicago colocation
Hi,
I’ve been trying to set up a OpenVPN server plus a client(flashvpn http://www.bestvpnservice.com/flashvpn/), and I could connect them (with the server not being the router but an actual PC with ubuntu server), and the services would start just ok, but I have a problem. The client (Windows7) can ping the server through the VPN, no problem, but the server seems to not be that successful. I’ve been playing with static routes and iptables with not much success I must add.
Since this is an OpenVPN thread, does anyone might have a clue about what’s going on?
All help is appreciated :)
Stay anonymous online by getting Ivacy VPN for just 0.99 USD.
Nice knowledge gaining article. This post is really the best on this valuable topic. 如何翻墙
Great job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. VPN推荐
I am definitely enjoying your website. You definitely have some great insight and great stories. vpn软件
Post a Comment