TomatoUSB

Hello!

My goal is to set up a secure, encrypted VPN connection between a client (a Windows laptop connected to an unsecure public WiFi) and a server (my home router) so that I can access the internet securely throught my ISP. I want all the traffic and services to go trhough the VPN tunnel (for maximum security), I don't need access to my home LAN, just to the internet.

What I did so far:

1. I have installed and set the latest Tomato (Shibby) firmware on my router (Linksys E1200).

2. I have also installed the latest OpenVPN release in Windows and set it to always run as administrator.

3. I followed the HowToGeek.com tutorial "Connect to Your Home Network From Anywhere with OpenVPN and Tomato" and set everything up but it didn't work the way I desired and I had to make quite some changes to finally make it work properly.

4. Now my VPN connection works but some things seem off: if I put a check in the box at "Direct Clients to redirect Internet traffic" in the Tomato VPN Server setup my client can connect but can not access the internet. Is that normal? I think I did something wrong.

5. The Tomato VPN server only has 4 entries for the keys so I can't use the server.opvn (server.conf) to fine-tune the server part of the VPN connection (and so I can't enter the push "redirect-gateway def1" to the server). I only have the "redirect-gateway def1" line in the client config file but it seems to make all the traffic go through the tunnel, as wanted.

6. There's anoter problem with Diffie Hellman feature. If I include the line "dh dh1024.pem" in the client configuration file OpenVPN won't connect. I have to delete the DH line in order to be able to connect (even though I have pasted the DH file into it's field on the Tomato VPN server). I don't know why that is so and would like to make it work properly?

7. This is how the basic part of my Tomato VPN server setup looks like, should I change something to make it more secure or is it allright for my intended use (described as my goal)? Also if I change the protocol from UDP to TCP it won't connect, is that usual?

This is my current client config file that seems to work:

client
dev tun
proto udp
remote x.x.x.x 1194 # x.x.x.x represents the public IP on the server part.
resolv-retry infinite
nobind
persist-key
persist-tun
redirect-gateway def1 # Without this it won't direct everything through the tunnel.
ns-cert-type server
ca ca.crt
cert client1.crt
key client1.key
cipher AES-128-CBC
comp-lzo
verb 3

1. dh dh1024.pem - As said, if I remove the hash OpenVPN won't connect.

To reach my goal, what should I change? I will go back to point 3. and do it all over so that I learn to set it up properly, clean and efficient. What should I change in the Tomato VPN server setup? What in the client config file? And what when making the keys and certificates and other things?

Thank you!

Anyone, please? :)

Hey Belzemos
I had to figure it out too few months ago for the same reason as you. I needed a secure line to the internet, so this is my setting:

Basic tab:
Start with wan: ON
Interface type: TUN
Protocol: UDP
Port: 1194
Firewall: automatic
Authorization: TLS
Extra authorization: Disabled
VPN subnet/mask: 10.11.12.0 255.255.255.0

Advanced tab:
Push LAN to clients: OFF
Direct clients to redirect Internet traffic: ON
Respond to DNS: OFF
Encryption: default
Compression: Adaptive
TLS regengotiation time: -1
Manage client specific options: ON
Allow client<->client: OFF
Allow only these clients: OFF

Keys:
Your generated keys - all 4 boxes are filled

My ovpn config
client
dev tun
proto udp
remote #your.ip.address# 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca #your CA certificate.crt#
cert #your client certificate.crt#
key #your client key#
ns-cert-type server
comp-lzo
verb 3
float

I think you don't need the redirect-gateway def1 statement because the server already tells its clients to redirect all the communication to the secured tunnel
You don't need DH parameters for the client, only server needs it.