Skip to main content

AdvancedTomato (OpenVPN Setup)

Tomato

This tutorial will walk you through configuring a router using AdvancedTomato firmware version 3.5-140.

Before starting, be sure you have downloaded the connection location you would like to use for your connection. For this guide specifically, we have used California, and the associated certificate from the collection labeled Default, be sure to decompress the file so you can access the contents.

Also, decide what DNS servers fit your needs, there are four options:

Step 1. OpenVPN Client — Basic Settings : to access the VPN settings interface, select VPN from the options on the left sidebar and in the expanded menu click the **OpenVPN Client. **By default, the Basic tab will be selected. (All of these items are highlighted in red in the image below.)

1. If you want the VPN connection to start when your router gains internet access, check the box for Start with WAN.

2. Interface Type will need to be set to TUN.

3. Protocol will be set to UDP in this guide. In most cases UDP provides better speeds than TCP. Be sure to input the port appropriate to the configuration you have chosen.

4. Server Address — the first field will require you to input the server name you want to connect to, found in the fourth line of the OpenVPN configuration file you have chosen; in this case "remote us-siliconvalley.privacy.network 1198". The text "us-california.privacy.network" is the input for the server address, and "1198" is the input for the port in the next step.

5. Input the Port number, which you can find in the dependencies table above.

6. Firewall will need to be set to Automatic.

7. Authorization Mode will need to be set to TLS.

8. The box for Username/Password Authentication will need to be checked.

9. In the Username field, input your PIA username — that is always in the format of p1234567 and cannot be replaced with any other information.

10. The Password field requires the input of the password for your PIA account, which is assigned to you, but you have the ability to customize in the client control panel.

11. Username Authen. Only will need to be unchecked.

12. Extra HMAC authorization (tls-auth) will need to be Disabled.

13. Create NAT on tunnel will need to be checked.

14. Click Save.

Step 2. OpenVPN Client — Advanced Settings : click on the Advanced tab, shown highlighted red in the image below.

1. Poll Interval should be set at 0.

2. Redirect Internet Traffic should remain unchecked.

3. Ignore Redirect Gateway (route-nopull) should remain unchecked.

4. Accept DNS configuration will need to be set to Strict.

5. For the Encryption cypher setting you will select the option specific to your preferences from the dependencies table at the top of the guide.

6. Set Compression to Adaptive.

7. TLS Renegotiation Time should be set to -1.

8. Connection retry will be set to 30.

9 Verify server certificate (tls-remote) should be unchecked.

10. The Custom Configuration section will require multiple specific lines of text; copy and paste the following into this field:

persist-key
persist-tun
tls-client
comp-lzo
dhcp-option DNS 10.0.0.241
dhcp-option DNS 10.0.0.243

11. Click Save.

Step 3. OpenVPN Client — Keys : click on the Keys tab, shown highlighted in red in the image below.

1. You will need to copy the content of the ca certificate that was downloaded with the configuration files at the beginning of the guide.

2. Open the certificate in a text editor and copy the contents into the Certificate Authority field. (Note : The contents of this must include the begin and end certificate lines as well, be sure to copy the whole thing.)

3. Client Certificate and Client Key should both remain blank. Click Save.

Step 4. Connect!

1.  In the top right corner of all tabs in the OpenVPN Client, there is a button to start or stop the VPN connection. You are now ready to connect. Click the icon that looks like a play button.

2. Once the connection is established you will see (Running) listed next to the OpenVPN Client

Authors list

First published: 15/04/2020

Last updated: Aug 26, 2020 by Joseph C