Hello!
My goal is to set up a secure, encrypted VPN connection between a client (a Windows laptop connected to an unsecure public WiFi) and a server (my home router) so that I can access the internet securely throught my ISP. I want all the traffic and services to go trhough the VPN tunnel (for maximum security), I don't need access to my home LAN, just to the internet.
What I did so far:
1. I have installed and set the latest Tomato (Shibby) firmware on my router (Linksys E1200).
2. I have also installed the latest OpenVPN release in Windows and set it to always run as administrator.
3. I followed the HowToGeek.com tutorial "Connect to Your Home Network From Anywhere with OpenVPN and Tomato" and set everything up but it didn't work the way I desired and I had to make quite some changes to finally make it work properly.
4. Now my VPN connection works but some things seem off: if I put a check in the box at "Direct Clients to redirect Internet traffic" in the Tomato VPN Server setup my client can connect but can not access the internet. Is that normal? I think I did something wrong.
5. The Tomato VPN server only has 4 entries for the keys so I can't use the server.opvn (server.conf) to fine-tune the server part of the VPN connection (and so I can't enter the push "redirect-gateway def1" to the server). I only have the "redirect-gateway def1" line in the client config file but it seems to make all the traffic go through the tunnel, as wanted.
6. There's anoter problem with Diffie Hellman feature. If I include the line "dh dh1024.pem" in the client configuration file OpenVPN won't connect. I have to delete the DH line in order to be able to connect (even though I have pasted the DH file into it's field on the Tomato VPN server). I don't know why that is so and would like to make it work properly?
7. This is how the basic part of my Tomato VPN server setup looks like, should I change something to make it more secure or is it allright for my intended use (described as my goal)? Also if I change the protocol from UDP to TCP it won't connect, is that usual?
This is my current client config file that seems to work:
client
dev tun
proto udp
remote x.x.x.x 1194 # x.x.x.x represents the public IP on the server part.
resolv-retry infinite
nobind
persist-key
persist-tun
redirect-gateway def1 # Without this it won't direct everything through the tunnel.
ns-cert-type server
ca ca.crt
cert client1.crt
key client1.key
cipher AES-128-CBC
comp-lzo
verb 3
- dh dh1024.pem - As said, if I remove the hash OpenVPN won't connect.
To reach my goal, what should I change? I will go back to point 3. and do it all over so that I learn to set it up properly, clean and efficient. What should I change in the Tomato VPN server setup? What in the client config file? And what when making the keys and certificates and other things?
Thank you!