How to set up PIA on Advanced Tomato - October 2017

Hi All,

After doing my block trying to get my VPN connected, I thought I would share my settings that I managed to finally get working after lots of swearing. I am using AdvancedTomato on a Netgear R7000.

I am offering a slight modification to the settings posted here which did not work for me.

You may change your port and certificate key depending on the encryption you wish to use, based off the table found here

The below guide is for AES-128-CBC encryption

  • Login to your router (usually by entering 192.168.1.1 in your browser)
  • Default username/password are both "admin" if you are logging in for the first time
  • Click VPN from the menu on the left, then OpenVPN Client submenu
  • Choose the Client 1 tab and then Basic tab below
  • Check Start with WAN if you want to auto-connect whenever your router is online/starts up
  • Set Interface Type to TUN
  • Set Protocol to UDP
  • Set the Server Address/Port to us-east.privateinternetaccess.com (or whichever server you prefer) and port to 1198
  • There is a tiny chance that entering us-east.privateinternetaccess.com (or whichever server you prefer) might not work. You can replace that web address with the actual IP address of that server. To find the IP address, open the "terminal" application in Linux/OSX or "command prompt" in Windows and type "ping " followed by the address of the server (us-east.privateinternetaccess.com in this example)This will return an IP address that you can enter in the Server Address/Port section DON'T DO THIS, eventually the servers may change addresses and your true IP will be exposed
  • Set the Firewall to Automatic
  • Set Authorization Mode to TLS
  • Check Username/Password Authentication
  • Enter Your Username/Password in the boxes that newly appear below the check box (use your actual username starting with "p", not the proxy username that starts with "x")
  • Ensure that the Username Authen. Only box is unchecked
  • Set Extra HMAC authorization to disabled
  • Check Create NAT on tunnel
  • Click on the Advanced tab
  • Set Poll Interval to 0
  • Check Ignore Redirect Gateway (route-nopull)
  • Set Accept DNS configuration to Exclusive
  • Set Encryption cipher to AES-128-CBC
  • Set Compression to Adaptive
  • Set TLS Renegotiation Time to -1
  • Leave Connection retry as 30
  • Uncheck Verify server certificate (tls-remote)
  • In the Custom Configuration textbox, input the following:
  • remote-cert-tls server
  • persist-key
  • persist-tun
  • tls-client
  • comp-lzo
  • verb 1
  • reneg-sec 0
  • Click on the Keys tab
  • Paste the contents of ca.crt found in OpenVPN Config Files, into the Certificate Authority text area (Open ca.rsa.2048.crt with notepad to find this)
  • Paste all of the characters found in that file, including "-----BEGIN CERTIFICATE-----" at the beginning and the "-----END CERTIFICATE-----" at the end
  • Press the Save button before the Start Now button
From here you can now start setting policies under the "Routing Policy" tab. You can test functionality by adding ipleak.net and seeing if you are connected to your VPN by visiting said site.

You will notice that this is only very slightly different to the original post from 2016, but to me it made the difference between not only not starting the VPN, but killing my internet altogether, and working beautifully. I hope this helps somebody because it took me AGES to figure out - Good luck!

Comments

  • edited November 3 Posts: 84
    Thanks for this! I haven't had a chance to try it myself but it's good to see more people using Tomato! :)
    Post edited by sn0wmonster on
  • im using netgear r8000 as my wifi with tomato on that router, thats is connected to my(router thats connected to internet) tplink modem routers wan port (model ac1600) i have followed your instructions, rechecked several times, no connection to web via 2nd router and no time on clock?click on overview says time= not available, i dont know if i have ip address clash because when pc is ethernet connected to 2nd router (netgear) i input 196.168.1.1 and i can connect to netgear router (tomato page) but when i remove ethernet cable and type in 192.168.1.1 via wireless i connect to homepage of tp link router. have i got a ip address clash? this is all new area but have a bit of pc savvy.
Sign In or Register to comment.