Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Tomato 1.28

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
mustardman
Posts: 12
Joined: Sun May 03, 2015 10:25 am

Tomato 1.28

Post by mustardman » Sun May 03, 2015 10:33 am

Recently discovered this community of sausage lovers and decided to try on some cryptostorm for myself.
Naturally it doesn't work. I realize this is my fault and that I do not know what I am doing. Help please :ugeek:

The settings are the same as this guide viewtopic.php?t=6097
with the exception that compression is set to none and the server I'm trying to connect to is:

linux-uscentral.cryptostorm.ch port 443

and my advanced configuration is

Code: Select all

ns-cert-type server
auth SHA512
auth-user-pass /etc/pass.txt
replay-window 128 30
txqueuelen 686
sndbuf size 1655368
rcvbuf size 1655368
verb 15
hand-window 37
allow-pull-fqdn
mssfix 1400
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
tls-client
key-method 2





Code: Select all

May  3 00:31:30 RT-C86000ABBFFC user.info kernel: tun: Universal TUN/TAP device driver, 1.6
May  3 00:31:30 RT-C86000ABBFFC user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1279]: OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 24 2015
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1279]: library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
May  3 00:31:30 RT-C86000ABBFFC daemon.warn openvpn[1279]: WARNING: file '/etc/pass.txt' is group or others accessible
May  3 00:31:30 RT-C86000ABBFFC daemon.warn openvpn[1279]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1279]: LZO compression initialized
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1279]: Control Channel MTU parms [ L:1602 D:138 EF:38 EB:0 ET:0 EL:0 ]
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1279]: Socket Buffers: R=[112640->112640] S=[112640->112640]
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1279]: Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 link local: [undef]
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 link remote: [AF_INET]198.204.245.2:443
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 1
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 WRITE [14] to [AF_INET]198.204.245.2:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=e7f22517 bdf2aeb8 [ ] pid=0 DATA 
May  3 00:31:30 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 write returned 14
May  3 00:31:31 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:32 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:32 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 1
May  3 00:31:32 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 WRITE [14] to [AF_INET]198.204.245.2:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=e7f22517 bdf2aeb8 [ ] pid=0 DATA 
May  3 00:31:32 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 write returned 14
May  3 00:31:33 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned -1
May  3 00:31:34 RT-C86000ABBFFC daemon.err openvpn[1287]: event_wait : Interrupted system call (code=4)
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: OpenVPN STATISTICS
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: Updated,Sun May  3 00:31:34 2015
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: TUN/TAP read bytes,0
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: TUN/TAP write bytes,0
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: TCP/UDP read bytes,0
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: TCP/UDP write bytes,28
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: Auth read bytes,0
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: pre-compress bytes,0
May  3 00:31:34 RT-C86000ABBFFC daemon.notice openvpn[1287]: END
May  3 00:31:35 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:36 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:36 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 1
May  3 00:31:36 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 WRITE [14] to [AF_INET]198.204.245.2:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=e7f22517 bdf2aeb8 [ ] pid=0 DATA 
May  3 00:31:36 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 write returned 14
May  3 00:31:37 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:38 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:39 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:40 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:42 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:43 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:44 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:44 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 1
May  3 00:31:44 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 WRITE [14] to [AF_INET]198.204.245.2:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=e7f22517 bdf2aeb8 [ ] pid=0 DATA 
May  3 00:31:44 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 write returned 14
May  3 00:31:45 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:46 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:48 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:49 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:50 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:51 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:53 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:54 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:55 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:56 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:58 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:31:59 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:00 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:00 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 1
May  3 00:32:00 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 WRITE [14] to [AF_INET]198.204.245.2:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=e7f22517 bdf2aeb8 [ ] pid=0 DATA 
May  3 00:32:00 RT-C86000ABBFFC daemon.notice openvpn[1287]: UDPv4 write returned 14
May  3 00:32:01 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:02 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:04 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:05 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:06 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:07 RT-C86000ABBFFC daemon.notice openvpn[1287]:  event_wait returned 0
May  3 00:32:07 RT-C86000ABBFFC daemon.err openvpn[1287]: TLS Error: TLS key negotiation failed to occur within 37 seconds (check your network connectivity)
May  3 00:32:07 RT-C86000ABBFFC daemon.err openvpn[1287]: TLS Error: TLS handshake failed
May  3 00:32:07 RT-C86000ABBFFC daemon.notice openvpn[1287]: TCP/UDP: Closing socket
May  3 00:32:07 RT-C86000ABBFFC daemon.notice openvpn[1287]: SIGUSR1[soft,tls-error] received, process restarting
May  3 00:32:07 RT-C86000ABBFFC daemon.notice openvpn[1287]: Restart pause, 2 second(s)
*I'm using an init script to echo my sha1 converted token directly to a text file in /etc, which clears on reboots.

User avatar

Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

Re: Tomato 1.28

Post by Tealc » Sun May 03, 2015 3:54 pm

You don't have the CA certificate in the conf.
The only thing you have to enter here is the CA certificate from Cryptostorm.

That is it, with these settings you should be able to get a working Cryptostorm enabled Tomato router.
If I was you I would do something like the one bellow, this is actually for my configuration with OpenVPN in OpenWRT, you would need to find out via terminal what's the correct openvpn directory, I do know that in the tutorial above you would enter that conf in the GUI but I've seen a lot of errors coming from that:
cat >> /etc/openvpn/TrustedRoot.pem << EOF
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK
FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx
ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG
CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3
MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR
QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM
aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx
FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt
aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu
mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v
vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS
Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm
+vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA
cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z
L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw
USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI
TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5
cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy
eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv
cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay
IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/
inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH
o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ
gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn
X03mQP3ssBs2YRNR5hR5cMdC
-----END CERTIFICATE-----
EOF


Guest

Re: Tomato 1.28

Post by Guest » Sun May 03, 2015 6:48 pm

Doo tooo! uhuu!


Image


Topic Author
mustardman
Posts: 12
Joined: Sun May 03, 2015 10:25 am

Re: Tomato 1.28

Post by mustardman » Sun May 03, 2015 6:49 pm

Edit: I understand what you are trying to say. I don't have direct access to that folder, not even by going in via ssh.


Topic Author
mustardman
Posts: 12
Joined: Sun May 03, 2015 10:25 am

Re: Tomato 1.28

Post by mustardman » Sun May 03, 2015 7:18 pm

I managed to put the file in etc instead of the vpn folder and then added
ca /etc/TrustedRoot.pem
to the config, I am presuming it's ca instead of cert because this is a root certificate, right?


Topic Author
mustardman
Posts: 12
Joined: Sun May 03, 2015 10:25 am

Re: Tomato 1.28

Post by mustardman » Sun May 03, 2015 7:20 pm

Its still timing out at 37 seconds

User avatar

Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

Re: Tomato 1.28

Post by Tealc » Sun May 03, 2015 7:22 pm

mustardman wrote:I managed to put the file in etc instead of the vpn folder and then added
ca /etc/TrustedRoot.pem
to the config, I am presuming it's ca instead of cert because this is a root certificate, right?
Yeah besides putting the file and telling the config where the file is you should really put it in the conf it-self like with any conf from Linux section.

Did you tried another node just to be sure? Did you checked if your token is valid? Did you reboot the system?

The strange part with your logs is that it can't even tell the tun interface to put the IP up.... are you sure that openvpn has tun/tap devices?
Because with my OpenVPN config for OpenWRT I have to manually create the tun0 interface...

Besides this I really can't help you any further since Tomato isn't my expertise, sorry, I'm putting this up on the CS twitter account, someone will come by to properly answer you


Topic Author
mustardman
Posts: 12
Joined: Sun May 03, 2015 10:25 am

Re: Tomato 1.28

Post by mustardman » Sun May 03, 2015 7:23 pm

What does
echo 93b66e7059176bbfa418061c5cba87dd >> /etc/config/openvpn.key

do? All I have my echo doing is echoing my token, not the 9-d string.

User avatar

Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

Re: Tomato 1.28

Post by Tealc » Sun May 03, 2015 7:30 pm

mustardman wrote:What does
echo 93b66e7059176bbfa418061c5cba87dd >> /etc/config/openvpn.key

do? All I have my echo doing is echoing my token, not the 9-d string.
Yeah normally you should have your hashed token and that number that constitutes a password (at least for OpenVPN)

(login.auth is your openvpn.key)

In terminal with openwrt I do like this:

Code: Select all

cd /etc/openvpn

cat >> /etc/openvpn/login.auth << EOF
HASHED_TOKEN
93b66e7059176bbfa418061c5cba87dd
EOF

chmod 400 /etc/openvpn/login.auth

cat >> /etc/openvpn/cs.ovpn << EOF
client
dev tun
resolv-retry 16
nobind
float
persist-key
persist-tun
comp-lzo no
txqueuelen 686
sndbuf size 1655368
rcvbuf size 1655368
down-pre
allow-pull-fqdn
hand-window 37
mssfix 1400
auth-user-pass login.auth
ca ca.crt
<ca>
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK
FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx
ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG
CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3
MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR
QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM
aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx
FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt
aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu
mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v
vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS
Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm
+vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA
cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z
L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw
USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI
TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5
cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy
eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv
cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay
IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/
inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH
o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ
gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn
X03mQP3ssBs2YRNR5hR5cMdC
-----END CERTIFICATE-----
</ca>
ns-cert-type server
auth SHA512
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
replay-window 128 30
tls-client
verb 0
mute 3
EOF


Topic Author
mustardman
Posts: 12
Joined: Sun May 03, 2015 10:25 am

Re: Tomato 1.28

Post by mustardman » Sun May 03, 2015 7:41 pm

Yes, that is what you do. Wonderful. Your performance is simply superb. Extra-Ordinary.
Except that I am NOT running OPENWRT and it is useless to tell me what you do because that will not help here.
Please become 20 years younger. I don't have the ability to ssh in and directly write to files, the firmware is read only.
I can either put the config in the web interface or echo it to a file in ram(temporary) space and then link to it in the conf
in the web interface.


Topic Author
mustardman
Posts: 12
Joined: Sun May 03, 2015 10:25 am

Re: Tomato 1.28

Post by mustardman » Sun May 03, 2015 8:19 pm

I got it working by changing my NAT from MASQUERADE to SNAT and changing my conf to

Code: Select all

resolv-retry infinite
nobind
float
sndbuf size 1655368
rcvbuf size 1655368
allow-pull-fqdn

ns-cert-type server
auth SHA512
ca /etc/TrustedRoot.pem
auth-user-pass /etc/pass.txt
replay-window 128 30
txqueuelen 686
verb 15
hand-window 37
mssfix 1400
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
tls-client
key-method 2
auth-retry nointeract
Thanks for the help!

User avatar

Tealc
ForumHelper
Posts: 238
Joined: Tue Jan 28, 2014 12:38 am

Re: Tomato 1.28

Post by Tealc » Sun May 03, 2015 10:49 pm

mustardman wrote:Yes, that is what you do. Wonderful. Your performance is simply superb. Extra-Ordinary.
Except that I am NOT running OPENWRT and it is useless to tell me what you do because that will not help here.
Please become 20 years younger. I don't have the ability to ssh in and directly write to files, the firmware is read only.
I can either put the config in the web interface or echo it to a file in ram(temporary) space and then link to it in the conf
in the web interface.
From the beginning I told you that I didn't know the tomato router software I was only trying to tell you so you could compare since OpenVPN is still OpenVPN no matter where it's installed.

But yeah nice you got it working, huray for your hard work and all others person's that answered to this topic to help you out.

Post Reply