LearnTomato

Tomato router firmware tutorials

LearnTomato » Tomato VPN » How to Setup a VPN Server with Tomato VPN + OpenVPN

How to Setup a VPN Server with Tomato VPN + OpenVPN

by

In this tutorial, you’ll learn how to setup a VPN server with Tomato VPN and OpenVPN. We’ll assume that your router is already running Tomato VPN or at least a version of Tomato that has it built-in. We will also assume that you have Dynamic DNS configured on your router to allow inbound requests to your LAN via www.yourdomain.com. You should also have the OpenVPN software installed on your client computer.

In this section, we’re going to setup your router as a Tomato VPN server. We will do so using OpenVPN static key authentication. This method is the most simple to setup and provides fast connectivity. However, you should be aware that the static key is shared between the client and the server. Therefore, this method supports only one VPN client.

If this is your first time setting up a VPN server, you might want to stick around and try your skills using this method first. But if you need to support multiple clients simultaneously, you will eventually need to use the OpenVPN TLS/SSL method instead.

Generate OpenVPN Static Key

First, we’re going to generate a key and create a profile for the client machine. Then, we’ll configure the VPN server settings within the router, copy the key and ‘Start’ the VPN server. Let’s start by generating the key.

Start the OpenVPN static key keygen utility.

OpenVPN software

  1. Click ‘Start’ > OpenVPN > Utilities.
  2. Right-click on ‘Generate a static OpenVPN key’.
  3. Choose ‘Run as administrator’.

The CMD prompt will open.

Press any key to generate an encrypted key.

OpenVPN keygen

Press any key to generate the static key file. The command prompt window will close when the file has been created.

The static key will be saved in the following directory:

C:\Program Files\OpenVPN\config\key.txt.

Save the OpenVPN key file in your config directory.

OpenVPN static key file

  1. Open the key.txt file.
  2. Click ‘File’ > ‘Save As’
  3. Rename the file ‘staticvpn.key’ and change save type to ‘All Files’.
  4. Save the file to C:\Program Files\OpenVPN\config.

Setup the OpenVPN Client Profile

Now, we’ll generate the client configuration profile. This is what the OpenVPN client application will use to initiate the connection to our VPN server. It tells OpenVPN where to connect, what port to use, what protocol to use, the name of the key file, etc.

Setup the config file that OpenVPN will use to connect to your Tomato VPN server.

Client config file

  1. Open a text editor such as NotePad. Enter the text as seen in the image above. Replace www.mypublic.net with your domain name or public IP address. If your routers private IP is not 192.168.1.1, change this to whatever your routers IP address is.
  2. Click ‘File’ > ‘Save As’, then change the file type to ‘All Files’.
  3. Name the file ‘My Network.ovpn’ and click ‘Save’
  4. Save the file to C:\Program Files\OpenVPN\config.

Your ‘config’ directory should look like this:

Be sure the static key, and VPN profile file is located in the OpenVPN config folder.

OpenVPN config folder

Setup Your Router as a Tomato VPN Server

Navigate to: VPN Tunneling > OpenVPN Server

Be sure that your Tomato VPN server settings match your OpenVPN profile settings.

Tomato VPN server settings (basic)

  1. Ensure that the ‘Server 1’, and ‘Basic’ tabs are selected.
  2. Set your settings as seen in the image above.
  3. Click ‘Save’.

Go to the ‘Advanced’ tab.

The advanced options will allow Tomato VPN to secure your Internet activity at insecure public networks.

Tomato VPN server settings (advanced)

Set your settings as seen in the image above. Be sure to include the Custom Configuration text exactly as follows:

push "redirect-gateway def1"

This command tells the Tomato VPN server to push the clients web traffic through the VPN. This way, instead of just accessing devices within your network, you’re now able to browse the Internet through your home network as well.  In fact, the VPN server will issue your client device a private IP (192.168.1.x) and your public IP address will appear as if you are browsing the Internet from home –regardless of where you are connecting from!

Click the ‘Keys’ tab.

Paste the OpenVPN static key into your Tomato VPN server and click start.

Static key

  1. Navigate to: C:\Program Files\OpenVPN\config.
  2. Open the key.txt file. Copy and paste the key into the text area. Click ‘Save’ to save the key.
  3. Click ‘Start’ to start the OpenVPN server.

Start the OpenVPN client (Run as Admin).

Start the OpenVPN client software and be sure to select Run as Administrator.

OpenVPN client software

  1. Navigate to: Start > All Programs > OpenVPN
  2. Right-click on ‘OpenVPN GUI’ and choose ‘Run as Administrator’.

Connect to your Tomato VPN server

Start the OpenVPN client software and connect to your Tomato VPN server.

VPN setup complete

Right-click the OpenVPN icon in your system tray. Choose connect. The status window will open and notify you that the initialization sequence has completed. Upon a successful connection, the icon in the task bar will run green. Now that you are up and running, let’s make sure you understand what is going on behind the scenes.