Updated Tomato Setup For Newer Branches, Including Tomatousb
I'm running Tomato Firmware v1.28.7498 MIPSR2-Toastman-VLAN-RT K26 USB VPN-NOCAT, so YMMV, but I believe all currently-maintained versions of Tomato (particularly TomatoUSB) will match my interface so long as they have VPN support at all.
- Click VPN Tunneling menu, then OpenVPN Client submenu
- Choose the Client 1 tab and then Basic tab below
- Check Start with WAN if you want to auto-connect whenever your router is online/starts up
- Set Interface Type to TUN
- Set Protocol to UDP
- Set the Server Address/Port to us-east.privateinternetaccess.com (or whichever server you prefer) and port to 1194
- Set the Firewall to Automatic
- Set Authorization Mode to TLS
- Check Username/Password Authentication
- Enter Your Username/Password in the boxes that newly appear below the check box
- Ensure that the Username Authen. Only box is unchecked
- Uncheck Extra HMAC authorization
- Check Create NAT on tunnel
- Click on the Advanced tab
- Set Poll Interval to 0
- Uncheck Redirect Internet Traffic
- Set Accept DNS configuration to Strict
- Set Encryption cipher to Use Default
- Set Compression to Adaptive
- Set TLS Renegotiation Time to 0
- Leave Connection retry as 30
- Uncheck Verify server certificate (tls-remote)
- In the Custom Configuration textbox, input the following:
- persist-key
- persist-tun
- tls-client
- comp-lzo
- verb 1
- Click on the Keys tab
- Paste the contents of ca.crt found in OpenVPN Config Files, into the Certificate Authority text area
- Press the Save button before the Start Now button
Comments
Can you please let me have instruction for it
have use uk-london.privateinternetaccess.com instead of us-east.privateinternetaccess.com
port 1194 and everything as per instruction
Many thanks
I have open up
Content modification of Keys & Certificates. and paste CA.crt ontent in Certificate Authority text area.
store it as a local machine??
At first I didn't have some of those options. Then realized I didn't have the vpn bin flashed, once that was installed it all worked perfect on the first try!
Thanks!!!
And the latest Shibby firmware is still using a Heartbleed susceptible version of OpenSSL in the OpenVPN client and server. The latest stable compile of the Shibby firmware for the WRT54G* series routers uses OpenSSL 1.01c and needs 1.01g to be secure from the heartbleed bug. Until they release new firmware, we are stuck with useless routers.
Here is a link to the thread where this is discussed.
https://www.privateinternetaccess.com/forum/index.php?p=/discussion/2882/how-to-test-your-router-for-the-heartbleed-bug#Item_1
If you want to get a router that is newer and can handle the mathematics, I suggest either the Asus RT-AC68U or the Netgear Nighthawk AC1900. But each is currently around $200 and I am unsure if they have firmware with the fixed OpenSSL available.
http://www.flashrouters.com/blog/tag/two-vpn-clients-on-tomato/
I installed shibby's AIO and try to config the VPN using this post.
The vpn router is ethernet bridged after another router that is ethernet bridged.
I think i do something wrong with the CA.CERT.
How do I copy this to the tab on shibby tomato?
Now, i copy it manually with ctrl c - ctrl v and leave a blank line between each field
i have the next text than, it looks exactly like this
what am i doing wrong?
V3
00E00 eb 6a 32 44 76 25 25 eb
sha1RSA
sha1
E = [email protected]
CN = Private Internet Access CA
O = Private Internet Access
L = Columbus
S = OH
C = US
00Ezaterdag 00E21 00Eaugustus 00E2010 20:25:54
00Edinsdag 00E18 00Eaugustus 00E2020 20:25:54
E = [email protected]
CN = Private Internet Access CA
O = Private Internet Access
L = Columbus
S = OH
C = US30 81 89 02 81 81 00 e9 55 96 41 dc c5 f3 79 1c 0b 30 a6 bc 86 ec 03 7d 0a f7 2f 57 37
17 bd 21 28 f7 5a 80 97 f2 04 f0 7d 24 9c a6 64 20 08 5e ff 3d e6 87 3d 2d f7 57 41 1e 1e 72 7e ac 2b 5e 51 a2 ca 29 69 95 50 7d b5 f6 68 86 f7 22 90 61 77 1b a1 45 0b d8 f8 d0 62 8f d3 f7 76 d8 97 d1 da f2 6d e3 fe 49 29 10 65 41 cf 70 96 5b 30 1d 91 a6 3d 58 9d 41 b5 34 62 0a 19 97 4d 1b 03 24 af 91 7f ee d7 4d 39 02 03 01 00 01
97 ca b0 63 6b 7e 18 dd 29 6b fc 1f ab e6 0e 0e cc 60 55 09
Sleutel-id=97 ca b0 63 6b 7e 18 dd 29 6b fc 1f ab e6 0e 0e cc 60 55 09
Certificaatverlener:
Mapadres:
[email protected]
CN=Private Internet Access CA
O=Private Internet Access
L=Columbus
S=OH
C=US
Serienummer van certificaat=00 eb 6a 32 44 76 25 25 eb
Subjecttype=CA
Beperking voor padlengte=Geen
sha1
00Eb1 30 d3 6c 0f 51 74 bb 6e 81 23 77 50 1b 35 a8 f7 10 c8 bb
I just set it up according to this guide, and it seems to have gotten entered correctly, since it Started fine, but as soon as it starts, I lose internet connectivity.
I could understand if it just ran slower, but it breaks all connectivity.
I double checked I had it all set according to the above. Any suggestions on how to troubleshoot?
Also, no, I cannot ping 8.8.8.8, the request times out.
I changed the password I'm entering in tomato back to the original password provided to me by PIA, and after saving, then starting, I can browse the internet, but not thru their service. whatsmyip shows my ISP provided IP address.
I'd post pictures of my setup, but i don't seem to be able to add pictures here.
"Jan 1 06:08:27 unknown daemon.err openvpn[5023]: RESOLVE: Cannot resolve host address: us-east.privateinternetaccess.com: Name or service not known"
My router is setup in switched mode; IE, my att gateway connects to one switch port instead of the internet port.
Any ideas?
1. Start with open VPN config file. (US Midwest.ovpn)
2. Update the basic & advanced settings to match the above settings
3. Click "Content Modification & Keys" and copy & paste the ca.crt contents under the Certificate Authority area.
4. Copy / Paste the following in custom configuration:
persist-key
persist-tun
tls-client
comp-lzo
verb 1
Apply, then turn on the client by toggling the service state.
Enjoy VPN on entire router!
Now to figure out how to limit the VPN just to particular machines...
tomato-K26-1.28.RT-N5x-MIPSR2-121-Max.trx. (see instructions here: http://tech.surveypoint.com/posts/tomato-firmware-install-on-asus-rt-n10p-router/).1. I followed the steps above, but I seem to be stuck. I keep getting "WARNING: No server certificate verification method has been enabled." which I guess makes sense because "Verify server certificate (tls-remote)" is unchecked. How do I enable the service certificate verification?
Jan 28 00:27:27 unknown
daemon.notice openvpn[12364]: OpenVPN 2.3.6 arm-unknown-linux-gnu [SSL
(OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2014
Jan 28 00:27:27 unknown
daemon.notice openvpn[12364]: library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO
2.08
Jan 28 00:27:27 unknown daemon.warn
openvpn[12364]: WARNING: No server certificate verification method has been
enabled. See http://openvpn.net/howto.html#mitm
for more info.
Jan 28 00:27:27 unknown daemon.warn
openvpn[12364]: NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
Jan 28 00:27:27 unknown
daemon.notice openvpn[12369]: UDPv4 link local: [undef]
Jan 28 00:27:27 unknown
daemon.notice openvpn[12369]: UDPv4 link remote: [AF_INET]104.207.136.125:1194
Jan 28 00:27:28 unknown daemon.warn
openvpn[12369]: WARNING: this configuration may cache passwords in memory --
use the auth-nocache option to prevent this
Jan 28 00:27:28 unknown
daemon.notice openvpn[12369]: [Private Internet Access] Peer Connection
Initiated with [AF_INET]104.207.136.125:1194
Jan 28 00:27:30 unknown
daemon.notice openvpn[12369]: AUTH: Received control message: AUTH_FAILED
Jan 28 00:27:30 unknown
daemon.notice openvpn[12369]: SIGTERM[soft,auth-failure] received, process
exiting