I am currently trying to set up my N16 router as a bit of a specialized anonymous VPN device. What I would like to do is set up two vlans, and have anything connected to one of the vlans go through the vpn to the internet, everything else should go to the internet as normal. Is this possible? Does anyone else have a senario like this working that can share their config
Date: 23 Aug 2010 15:17
Number of posts: 6
RSS: New posts
I'm confused about client vs. server settings in tomatousb's interface… All of the examples I've found for OpenVPN configuration illustrate connecting LAN-side workstations or roaming laptops [as clients] -> to -> tomato-as-[VPNsvr]-gateway.
But what I'm looking for is a concise depiction of OpenVPN settings connecting my tomatousb router -> to -> my provider's OpenVPN server, to effectively anonymize & secure my entire LAN (1 workstation, 1 nas, 1 laptop + LAN guests) behind the router-as-[singular]-client… ala Witopia's Cloakbox.
I tried mimicking the illustrated settings on Witopia's wiki pages for the cloakbox but my equipment fails to make the connection to the provider's servers. Researching, I found 2 threads on the internet discussing just this configuration wherein assorted folks reported both success and failure. However, both discussions failed to illuminate the logic behind their results.
I searched further hoping to find some guru's succinct yet detailed explanation of this alternative VPN configuration but have yet to find it. Perhaps teddy or sgt.pepper will read this and assist…?
Thx, in advance!
Here is a good tutorial to configure vpn client on Tomato.
You must adapt settings to your personnal case.
In particular on the following points:
-TAP ou TUN interface
-Compression enabled or not
-If your vpn provider doesn't use a login/password but only certs, then do not consider the login/password configuration.
-If your provider only uses one ca.crt and login/password, it works also.
If Custom Configuration, you can usually copy/paste the openvpn conf file you can grab from your provider, but just think about removing the lines concerning the certs, and add "auth-user-pass /tmp/openvpn-auth.conf"
I personnaly have this in my Admin>Scripts>Firewall section of Tomato:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERA
(replace tun0 by tap0 if necesary).
Don't know if it's mandatory with Tomato and Firewall set to Automatic in VPN client configuration, but…
For the two VLAN configuration, I don't have the skills to help you.
Okay this topic is what im looking for because i need only my mediapc access through VPN for watching hulu. Is VPN-client & 2 VLAN easier to setup in DD-WRT gui? I need this functionality very much.
I've gotten tomatoUSB to connect to an OpenVPN Server and connections goes withouit any issue the tap11 on tomato gets 192.168.0.11 from DHCP server on the servers DHCPd but I can't ping from the client to the server nor the other way around.
Tried these iptables rules with no luck, any help is greatly appreciated.
iptables -I FORWARD -i br0 -o tap11 -j ACCEPT
iptables -I FORWARD -i tap11 -o br0 -j ACCEPT
iptables -I INPUT -i tap11 -j REJECT
iptables -t nat -A POSTROUTING -o tap11 -j MASQUERADE
In the meantime I can connect froma Windows XP box OpenVPN client and everything works out of the box.
Here's what I've setup on Tomato GUI
root@wifiap:/tmp/etc/openvpn/client1# cat config.ovpn
- Automatically generated configuration
remote not.for.your.ears 941
tls-auth static.key 1
- Custom Configuration
keepalive 10 120