How to Set up a VPN Server with Tomato + OpenVPN

One of the advantages of flashing your router with Tomato or other custom firmware is that it gives you the possibility of setting up a VPN on the device. In this guide, we will go through the steps that you can follow to set up a VPN with Tomato and OpenVPN. Your router should be already running Tomato and Dynamic DNS should be configured on your router to enable incoming requests to your LAN. The OpenVPN client (which can be downloaded from https://openvpn.net ) should also be already installed on your computer.

What we are going to do is to setup your router as a Tomato VPN server, using OpenVPN static key authentication. This is the easiest way to complete a setup and it offers great speeds for your connection. It is important to keep in mind that static key is shared between the client and the server, which means that this setup only works with one VPN client. This method is ideal for those who have no previous experience setting up a VPN server. However, if you require support for multiple clients at the same time, the OpenVPN TSL/SSL method would be a better choice.

Setting up a VPN Server with Tomato using OpenVPN

1. The first thing that you need to do is to generate a key and create a profile for the computer. Once that is done, you can configure the VPN server settings in the router, copy the key and set up the VPN server. To generate the key, follow the below steps:

  • Go to Start, select OpenVPN and then Utilities.
  • Right click on “Generate a static OpenVPN key” and choose “Run as administrator”.
  • This will open the CMD prompt.
  • To generate the static key file, you can press any key. Once the file is created, the command prompt window will be closed.
  • The static key will be saved in this directory C:\Program Files\OpenVPN\config\key.txt

After that, you can open the key.txt file, click File and then Save As. The file should be renamed as “staticvpn.key” and you need to change the save type to “All Files”.
Now save the file to C:\Program Files\OpenVPN\config and set up the OpenVPN client profile.

2. The next step is to generate the client configuration profile, which will be used by the OpenVPN client to establish a connection to the VPN server. This profile lets OpenVPN know where to connect, what port and protocol should be used and more. The following steps will allow you to set up the OpenVPN client profile.

Open notepad or other text editor option. Enter the following text:

remote www.yourdomain.net *
port 1194
dev tap
secret staticvpn.key
proto udp
comp-lzo
route-gateway 192.168.1.1 **
redirect-gateway def 1
float
route-method exe
route-delay 2

* Here you should enter your domain name or public IP address.
** If the private IP of your router is not 192.168.1.1, you will need to replace thsi with the actual IP address of your router.

After you have entered the above information, click File, then Save As and change the file type to All Files.
The file should be named “My Network.ovpn”. Click Save and save the file to C:\Program Files\OpenVPN\config.
Your ‘config’ directory should display: key, My network, READ ME and staticvpn.key.

3. Now it’s time to set up your router as a Tomato VPN server. To do this, follow the below steps.

Go to VPN Tunneling and select OpenVPN Server. Select “Server 1” and “Basic”. The settings should be as follows: “Start with WAN” should be marked. In Interface Type select “TAP”. Protocol should be UDP and Port 1194. For “Firewall” select Automatic. In Authorization Mode, Static Key should be selected.
Once all the settings are correct, click save and select the “Advanced” tab.

In the Advanced tab, the settings should be:

Poll Interval: 0
Respond to DNS: Not selected
Encryption Cipher: Use Default
Compression: Adaptive
push “redirect-gateway def1” *

* This is the Custom Configuration and it should be included exactly like that.

The above command prompts the Tomato VPN server to push the device’s online traffic through the VPN. This will allow you not only to access devices within your network, but also to browse internet through your home network. The VPN server gives your device a private IP address and your public IP will show that you are connected to internet from your home, no matter where you are. Once the settings are correct, click Save.

Now click the “keys” tab and go to C:\Program Files\OpenVPN\config
Open the key.txt file. Copy the key and paste it into the text area for Static Key, then click Save.
To start the OpenVPN server, simply click Start.

4. To start the OpenVPN client, you need to go to Start, select All Programs and then OpenVPN. Right click on OpenVPN GUI and select “Run as Administrator”.

5. The final step is to connect to the Tomato VPN server. To do this, right-click the OpenVPN icon that appears in your system tray and select Connect. A status window will appear and will let you know that the initialization sequence has been completed. Once a connection has been successfully established, the icon in the task bar will turn green.