What is OpenVPN?
Think of your router as the middle man between the networks that you’re connecting to.
Typically, VPN software and hardware cost a lot of money to implement.
Of course, OpenVPN won’t work right out of the box.
It takes a little bit of tweaking and configuring to get it just right.
For more information about OpenVPN, visit the officialWhat Is OpenVPN?page.
To find out if your router is compatible with TomatoUSB check out theirBuild Typespage.
Download VPN under theKernel 2.4 (stable)section.
Save the .rar file to your setup.
You’ll need a program to extract the .rar file.
We suggest using WinRAR since it’s free to try and easy to use.
it’s possible for you to download yourself a copy of the free version on theirwebsite.
After installing WinRAR, right choose the file you downloaded and click Extract Here.
You should then see two files called CHANGELOG and tomato-NDUSB-1.28.8754-vpn3.6.trx.
You’ll be prompted for a username and password.
The defaults for a Linksys WRT54GL are “admin” and “admin”.
opt for Administration tab at the top.
Next, click Firmware Upgrade as seen below.
pick the Browse button and navigate to the extracted TomatoUSB VPN files.
choose the tomato-NDUSB-1.28.8754-vpn3.6.trx file, and hit the Upgrade button in the web interface.
Your router will start installing TomatoUSB VPN, and should take less than a minute to complete.
Then jot down ipconfig –renew.
The IP address to the right of Default Gateway… is your router’s IP address.
Note: After installing Tomato go to Administration > Configuration and select “Erase all NVRAM…”.
We assume that if you installed Tomato, you know the IP address of your router.
If you’re not sure, then it’s probably set to the default of 192.168.1.1.
After, jot down in your username and password.
To preserve your configuration, navigate to Administration > Configuration and hit the Backup button.
This will prompt you to save the .cfg file to your box.
Now it’s time to upgrade Tomato to TomatoUSB VPN.
Click Upgrade in the left column and snag the Choose File button.
Navigate to the files we extracted earlier and choose the tomato-NDUSB-1.28.8754-vpn3.6.trx file.
Then smack the upgrade button.
You’ll be asked to confirm the upgrade; just click OK.
Your router will begin uploading the new firmware and will restart within a minute.
It may have the same or a different IP address after it restarts.
In our case, the router configuration was still the same therefore our IP address was still the same.
Then pop in ipconfig –renew.
The IP address to the right of Default Gateway… is your router’s address.
Browse for the .cfg file you saved to your system earlier and hit the Restore button.
Keep this web app window open; We’ll be coming back to it shortly.
Now let’s head over to OpenVPN’sDownloadspage and download the OpenVPN Windows Installer.
In this guide, we’ll be using the second latest version of OpenVPN called 2.1.4.
The latest version (2.2.0) has abugin it that would make this process even more complicated.
Save the openvpn-2.1.4-install .exe file to your gear.
Navigate to the OpenVPN file we just downloaded and double click it.
This will begin the installation of OpenVPN on your rig.
Run through the installer with all the defaults checked.
choose the Install button.
Creating the Certificates and Keys
nudge the Windows Start button and navigate under Accessories.
You’ll see the Command Prompt program.
Right select it and click Run as administrator.
bang out cd c:\Program Files\OpenVPN\easy-rsa if you’re running 32-bit Windows 7.
Now key in init-config and hit Enter to copy two files called vars.bat and openssl.cnf into the easy-rsa folder.
Keep your command prompt up as we’ll be coming back to it shortly.
Click Edit to open it up in Notepad.
Alternatively, we recommend opening this file with Notepad++ as it formats the text in the file much better.
you might download Notepad++ from theirhomepage.
The bottom portion of the file is what we are concerned with.
Starting at line 31, change the KEY_COUNTRY value, KEY_PROVINCE value, etc.
to your country, province, etc.
Do not change this value if you’re running 32-bit Windows 7.
Your file should look similar to ours below (with your respective values, of course).
Save the file by overwriting it once you’re done editing.
Go back to your command prompt and key in vars and hit Enter.
Then key in clean-all and hit Enter.
Finally, key in build-ca and hit Enter.
you could enter anything in this parameter (i.e.
Just ensure you enter something.
Now we’re going to build a key for a client.
In the same command prompt pop in build-key client1.
you could change “client1” to anything you’d like (i.e.
Just be sure to enter the same name as the Common Name when prompted.
For example, when you trigger the command build-key Acer-Laptop, your Common Name should be “Acer-Laptop”.
However, at the end you will be asked to sign the certificate and to commit.
jot down “y” for both and click Enter.
Also, don’t worry if you received the “unable to write ‘random state’” error.
I’ve noticed that your certificates still get made without a problem.
This command will output two files (a Client1 Key and a Client1 Certificate) in the easy-rsa/keys folder.
The last certificate we’ll be generating is the server key.
In the same command prompt, punch in build-key-server server.
As always, be sure to enter the same name as the Common Name when prompted.
For example, when you initiate the command build-key-server HowToGeek-Server, your Common Name should be “HowToGeek-Server”.
Hit Enter and run through all the defaults except Common Name.
At the end, key in “y” to sign the certificate and commit.
This command will output two files (a Server Key and a Server Certificate) in the easy-rsa/keys folder.
Now we have to generate the Diffie Hellman parameters.
you could read more about Diffie Hellman on RSA’s website.
In the same command prompt key in build-dh.
This command will output one file (dh1024.pem) in the easy-rsa/keys folder.
Use this service if your ISP issues you a dynamic external IP address every so often.
If you have a static external IP address, skip down to the next step.
We suggest usingDynDNS.com, a service that allows you to point a hostname (i.e.
howtogeek.dyndns.org) to a dynamic IP address.
Sign up for ahostnameand point it to your publicIP address.
Now back to configuring OpenVPN.
In this folder you will find three sample configuration files; we’re only concerned with the client.ovpn file.
Right tap on client.ovpn and open it with Notepad or Notepad++.
Leave the port number to 1194 as it is the standard OpenVPN port.
Save this as new file .ovpn file in the OpenVPN/config folder.
Open up a net net app and navigate to your router.
poke the VPN Tunneling menu in the left sidebar.
see to it Server1 and Basic are selected, too.
Set up your tweaks exactly as they appear below.
The tunnel mode will put your external clients on a different online grid than the internal online grid.
So definitely change Interface punch in to TAP instead.
Next, poke the Advanced tab next to Basic.
Just like before, verify your prefs are exactly as they appear below.
Our last step is pasting the keys and certificates we originally created.
Open up the Keys tab next to Advanced.
Paste the contents in the corresponding boxes as seen below.
Click Save and then click Start Now.
Before we test our VPN connection, there’s one more thing we have to check inside of Tomato.
Click Basic in the left hand column and then Time.
Be sure that the Router Time is correct and Time Zone displays your current time zone.
Set the NTP Time Server to your country.
Then navigate to C:\Program Files\OpenVPN\config which is where we’ll be pasting our files.
Navigate to C:\Program Files (x86)\OpenVPN\easy-rsa\keys again and copy ca.crt, client1.crt, and client1.key.
Paste these files in the client’s config folder.
Finally, we need to copy one more file over.
Paste this file in the client’s config folder also.
Right punch the OpenVPN GUI file and click Run as administrator.
Note that you must always run OpenVPN as an administrator in order for it to work properly.
To permanently set the file to always run as administrator, right smack the file and click Properties.
Under the Compatibility tab check Run this program as an administrator.
The OpenVPN GUI icon will appear next to the clock in the taskbar.
Right poke the icon and click Connect.
A dialog box will pop up displaying a connection log.
And that’s it!
You now have a secured connection between your server and client’s internet using OpenVPN and TomatoUSB.
