Your location: Your IP: Your status:ProtectedUnprotected · To the tests »

OpenVPN on a router with Tomato by Shibby

Tomato by Shibby: Change password | OpenVPN on a router with Tomato by Shibby
Log into the router interface. If you haven’t done so already, you should change the default password under Administration > Admin Access.
Administration > TomatoAnon: Deactivate TomatoAnon if you don't want it | OpenVPN on a router with Tomato by Shibby
By default the Tomato firmware uses a script called TomatoAnon which will send certain information back to the developer for feedback. This information includes:
  • Router model
  • Tomato version
  • Build type
  • Uptime
The information is submitted anonymously but if you want to not send back anything you can opt-out by going to Administration -> TomatoAnon and choose Yes, I do and want to make a choice and then No, I definitely wont enable it.
Basic > Networking: Configure DNS | OpenVPN on a router with Tomato by Shibby

To configure DNS go to Basic -> Networking. You have two choices: If you only wanted to use the Internet while the router is connected to VPN, you can use Perfect Privacy name servers. You can find the DNS IP addresses on the DNS nameserver page in the download section.

If you want to have Internet connectivity without VPN you should use publicly available name servers. You can use either Google’s DNS or any servers from the OpenNIC project. When connected to VPN all DNS requests will go through the VPN tunnel so they are anonymized.

Enter the name servers as shown in the screenshot on the left, in this example we are using Google’s name servers 8.8.8.8 and 8.8.4.4.

Basic -> IPv6: Enable IPv6 | OpenVPN on a router with Tomato by Shibby
In order for OpenVPN to work you need to activate IPv6. Under Basic > IPv6 change the IPv6 Service Type to 6rd from DHCPv4 (Option 212).
VPN Tunneling > OpenVPN Client: Set options as shown | OpenVPN on a router with Tomato by Shibby

To configure the VPN connection, go to VPN Tunneling > OpenVPN Client. Under the Basic tab set the options as shown in the picture on the left. For Username and Password use your Perfect Privacy username and password.

If you activate the checkbox Start with WAN, the router will automatically establish the VPN connection on boot.

Advanced: Set options as shown | OpenVPN on a router with Tomato by Shibby
Under the Advanced tab set the options as shown in the picture on the left. Copy the text below into the Custom Configuration 
tun-mtu 1500
fragment 1300
mssfix
auth SHA512
#float
hand-window 120
inactive 604800
mute-replay-warnings
ns-cert-type server
persist-remote-ip
ping 5
ping-restart 120
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
tls-cipher TLS_CHACHA20_POLY1305_SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS_AES_256_GCM_SHA384:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4
key-direction 1
VPN Tunneling > OpenVPN Client: Keys Keys tab enter key and certificates from downloaded OpenVPN configuration file | OpenVPN on a router with Tomato by Shibby

Under the Keys tab you will need to enter the certificates and keys from the OpenVPN configuration file that you downloaded earlier. Open the *.conf file for the server you are using, in this example Amsterdam.conf.

Into Static Key copy and paste the content between the <tls-auth></tls-auth> tags from the ovpn file.

For Certificate Authority use the content between the <ca></ca> tags.

Into Client Certificate copy the content between the <cert></cert> tags and for Client Key use the content between the <key></key> tags.
Administration > Scripts > Firewall: Enable firewall protection | OpenVPN on a router with Tomato by Shibby
NOTE: This step will activate the firewall protection (Kill-Switch). If you add the firewall rules below, the Internet connection will only work if VPN is connected. If you want to use your router to access the Internet without VPN, either skip this step or remove the firewalls rules below again.

For the firewall configuration (leak protection) go to Administration > Scripts > Firewall. Insert the following lines into the window below: 

iptables --flush FORWARD
iptables -P FORWARD DROP
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE
VPN Tunneling > OpenVPN Client: Establish a VPN connection with Start Now | OpenVPN on a router with Tomato by Shibby
Now you can start the VPN connection by going to VPN Tunneling > OpenVPN Client and clicking on Start Now.
Perfect Privacy Check-IP | OpenVPN on a router with Tomato by Shibby
You can check on any device connected to the Internet via the router that the connection is working correctly by visiting our Check IP page.
VPN Tunneling > OpenVPN Client > Basic: Deactivating VPN | OpenVPN on a router with Tomato by Shibby

If you want to use the Internet without VPN go to VPN Tunneling > OpenVPN Client > Basic and deactivate the checkbox Start with WAN.

Remember that you may need to remove the firewall rules for the leak protection if you have added them previously. Also you have to use publicly available name servers instead of the ones from Perfect Privacy.

After saving click on the Stop Now button.

VPN
?!
This website uses cookies to analyze the traffic and to control our advertising. By using this site, you agree to the use of cookies. More information can be found in our privacy policy.