In this tutorial, you’ll learn how to download, install, and setup OpenVPN with Tomato. Therefore, this tutorial assumes that your router has been flashed with a version of Tomato that supports the Tomato VPN feature.
In order for OpenVPN to work, it must be installed on both the server and the client. In our case, the VPN server is our Tomato router, and the VPN client is a laptop. Thankfully, OpenVPN comes pre-packaged with TomatoVPN firmware mods. So, for now, we only need to concern ourselves with installing it on the client device and generating some certificates and keys. We will setup the VPN Server in the next section.
With a VPN, we must have a way to reach our LAN from the WAN side. If you do not have a static public IP address, you must have Dynamic DNS enabled so that you can reach your LAN using www.yourdomain.com. Otherwise, you’ll need the public IP address of your home network. To find your public IP address, simply Google “what is my IP?”.
Backup Tomato Firmware Settings
Before we start, let’s do a backup of Tomato’s configuration settings. If something does wacky, we can restore from backup.
Login to your router and navigate to: Administration > Configuration
- Click the Backup button.
- Save the .cfg file to your computer.
If you experience difficulty and wish to abort the VPN configuration process, simply return here to restore the configuration file.
Download OpenVPN Client Software
Be sure to download the correct version for your operating system (32 bit, 64 bit).
If you are running Windows 7 and you are not sure which version you have, navigate to:
Start > Computer > Right click and choose Properties:
Install OpenVPN Client on Your Computer
Once you’ve downloaded the correct version, run the installation file.
IMPORTANT: In previous versions of OpenVPN, the install directory was based on whether or not you installed the 32-Bit or 64-Bit version.
- 32-bit: cd c:\Program Files\OpenVPN\
- 64-bit: cd c:\Program Files (x86)\OpenVPN\
This is no longer the case. Starting with version 2.3.x onward, the install directory for both versions is c:\Program Files\OpenVPN\.
Ensure that all options are selected and click ‘Next’. Be absolutely sure that everything is selected or you will not have the tools necessary to generate your certificates and keys.
Setup OpenVPN Network Interface Controller
Click ‘Install” to install the Windows TAP adapter
What this does, is installs a Software based NIC to your computer so that your VPN has it’s own network interface controller. You don’t have to do anything with it right now. I just wanted you to know that it was installed. This virtual NIC is what the OpenVPN software uses to make the tunnel connection.
Setup OpenVPN to Run as Administrator
After you install OpenVPN, you must always run it with Administrator privileges. This is very important. There are two ways to do this:
Method #1: right-click the desktop icon and choose ‘Run as Administrator’
Method#2: Right-click the OpenVPN desktop icon and choose ‘Properties’
- Click the ‘Compatibility’ tab.
- Select the check box next to ‘Run this program as an administrator. Click ‘OK’.
- Change the privilege level so that you don’t have to remember to do this each time you want to run the program.
OpenVPN is now running. You should see the icon in your task bar.
Even though OpenVPN is running on our client computer, it hasn’t created a connection –obviously, because it doesn’t know how and where to connect. Therefore, we must create a ‘client profile’ for the program to use. The client profile tells OpenVPN which security protocol to use, and where to find the certificates, keys, etc. When we’re finished creating the necessary files, we’ll copy them into the ‘config’ directory so that OpenVPN can find them.
Next, we’re going to setup two types of OpenVPN connections. The first method uses one static pre-shared key. The second method uses TLS (Transport Layer Security) and validates devices bi-directionally.