Menu PIA Support Portal
  • JOIN NOW
  • PIA Support Portal
    • How It Works
    • Network
    • Download
    • Support
    • Blog
    • My Account
    • JOIN NOW

    How can we help?

      SUPPORT PORTAL
    • Knowledgebase Read help articles
    • Guides Product documentation
    • News News & updates
    • Feedback Custom suggestions
    • Contact Us We are here to help
    • PIA WEBSITE
    • How It Works
    • Network
    • Download
    • Support
    • Blog
    • My Account



    Routers
    Download PDF

    • DD-WRT
      • DD-WRT (OpenVPN Setup)
      • DD-WRT (Missing OpenVPN Advance Config. Options)
      • DD-WRT (FlashRouter Privacy Application)
      • DD-WRT (PPTP Setup)
    • LEDE
      • LEDE (Firmware OpenVPN Setup)
    • Merlin
      • Merlin (Firmware Openvpn Setup)
    • AsusWRT
      • AsusWRT (Firmware OpenVPN Setup)
    • Tomato
      • Tomato (OpenVPN Setup)
      • Tomato (Advanced Firmware Setup)
    • pfSense
      • pfSense 2.4.3 Setup Guide
    • LibreCMC

    Tomato (Advanced Firmware Setup)

    14/03/2018 11/08/2018

    Advanced Tomato is one of the most prominent and user-friendly forks of Tomato, an open-source firmware designed to expand the functionality of select routers. Establishing an OpenVPN client connection is one of the many things Advanced Tomato is capable of.

    Basic2.JPG

    Recommended Settings

    | Port | 1198 | | Protocol | UDP | | Encryption | AES-128-CBC | | Root CA | ca.rsa.2048.crt |

    To begin, click on VPN in the sidebar of the Advanced Tomato user interface. Then, select the OpenVPN Client option. Once you’ve opened this page, you should see 5 tabs at the top of your screen.

    First, select the Basic tab.

    Basicdisconnected.JPG

    • Start with WAN: Select this option if you would like the VPN to run whenever you boot up your router*.
    • Interface type: TUN
    • Protocol: From the drop-down menu, choose between UDP or TCP. We recommend UDP as it tends to provide better speeds.
    • Server Address/Port: Choose a server from our network page and enter its hostname in the field. Next to it, enter the port that corresponds to the encryption cipher you would like to use. We recommend port 1198 as a default. You can find all of our supported encryption/auth settings here.
    • Firewall: Automatic
    • Authorization Mode: TLS
    • Username/Password Authentication: Checked
    • Username: Enter your PIA account username
    • Password: Enter your PIA account password
    • Username Authen. Only: Unchecked
    • Extra HMAC authorization (tls-auth): Disabled
    • Create NAT on tunnel: Checked

    Once you’ve entered these settings, please click Save, and then click into the Advanced tab.

    Advanced2.JPG

    • Poll Interval: 0
    • Redirect Internet traffic: Unchecked
    • Ignore Redirect Gateway (route-nopull): Unchecked
    • Accept DNS configuration: Strict
    • Encryption cipher: Select the encryption cipher you would like to use. We recommend AES-128-CBC.
    • Compression: Adaptive
    • TLS Renegotiation Time: -1
    • Connection retry: 30
    • Verify server certificate (tls-remote): Unchecked

    Custom Configuration:

    persist-key
    persist-tun
    remote-cert-tls server
    reneg-sec 0
    auth-retry interact
    

    Click Save again, and then click in to Keys

    Keys2.JPG

    To enter the certificate into its place, you will need to download the certificate that corresponds to your desired settings. Once you’ve downloaded the certificate, right click on it and open it in a text editor (such as Notepad). Copy the entire text of the certificate and paste it into the Certificate Authority field.

    Once you’ve pasted in the certificate, click Save once more.

    Now, click into the Status tab at the top of the page. To connect to the VPN, click on the small play button on the top right of the screen.

    Play.jpg

    The VPN status status should change from (Stopped) to (Running). You should now be able to view your router’s activity by refreshing the status page.

    Running.JPG

    Finally, check your connection status by visiting What’s My IP. If you are successfully connected, you’ll see “You are protected by PIA”.

    In addition to configuring an OpenVPN client connection, we recommend using PIA’s DNS in order to ensure quick DNS resolution and eliminate the possibility of DNS leaks. You can set this up this on your router by doing the following:

    DNS2.JPG

    • Go to Basic and select Network
    • Locate WAN Settings
    • DNS Server: Manual
    • Static DNS 1: 209.222.18.222
    • Static DNS 2: 209.222.18.218

    Then, Save your settings.

    *If you would like to configure multiple client profiles, leave this option unchecked as two profiles running at the same time will leave you without internet access.


    Quick Jump
    • PIA Support Portal
    • Knowledgebase
    • Guides
    • News
    • Downloads
    • Feedback
    • Contact Us
    Top

    Why

    • Hide My IP
    • Browse Anonymously
    • Public Wifi Security
    • Identity Protection
    • Internet Security
    • Internet of Things Security
    • Prevent Data Theft
    • Hide My Location
    • FaceNiff and Firesheep
    • Tor vs VPN vs Proxy
    • Free vs. Paid VPN
    • UN Recommends Encryption
    • Snooper's Charter
    • WiFi KRACK
    • Privacy from your ISP

    Service

    • How It Works
    • Buy VPN
    • VPN Encryption
    • Downloads
    • Network
    • Android VPN App
    • iOS VPN App

    Company

    • About Us
    • PIA Team
    • Jobs
    • Press Area
    • PIA In The Media
    • PIA On The Web
    • VPN Reviews
    • Companies We Support

    Resources

    • Contact Us
    • Support Portal
    • Tutorials
    • Blog
    • Whitehat Program
    • Affiliates
    • PIA Site Map

    Tools

    • DNS Leak Test
    • IPv6 Leak Test
    • Email Leak Test
    • What's my IP?

    About

    Private Internet Access is the leading VPN Service provider specializing in secure, encrypted VPN tunnels which create several layers of privacy and security providing you safety on the internet. Our service is backed by multiple gateways worldwide with access in 30+ countries, 50+ regions.

    Connect with us

    Payment Methods

    Copyright © London Trust Media, Inc. All Rights Reserved.
    • Terms Of Service
    • Privacy Policy
    • Cookies Policy
    • DMCA Policy
    • Export Control Policy

    Map data provided by OpenStreetMaps.

    PC Mag Editor’s Choice award image reprinted with permission. © 2012 Ziff Davis, Inc. All Rights Reserved.

    PC Mag quote reprinted from www.pcmag.com with permission. © 2012 Ziff Davis, Inc. All Rights Reserved.