This OpenVPN tutorial was created using Advanced Tomato (highly recommended) but it is similar to TomatoUSB v. 1.28 by shibby. If you have a different release and require our help, let us know.
- Log into Tomato web UI
- Open
VPN > OpenVPN Client
- Under
Client 1 > Basic tab, add the following settings:
Start with WAN: Check if you want the VPN to connect automatically on router restart
Interface Type: TUN
Protocol: UDP
Server Address: nl1.vpn.ac (choose from status page or use alternative addresses if you are in China)
Port: 88 or 12200, 26000 (same ports work with TCP)
Firewall: Automatic
Authorization mode: TLS
Username/Password Authentication: checked
insert your VPN user and pass
Username Authen. Only: checked
Extra HMAC authorization (tls-auth): outgoing (1)
Create NAT on tunnel: checked
Screenshot of Basic tab with correct settings
- Open the
Advanced tab:
Poll Interval: 0
Redirect Internet traffic: checked
Accept DNS configuration: Exclusive
Encryption cipher: AES-128-CBC
Compression: Disabled
TLS Renegotiation Time: -1
Connection retry: 30
Verify server certificate (tls-remote): unchecked
Custom configuration:
persist-key
persist-tun
pull
nobind
tls-client
remote-cert-tls server
auth sha256
mute-replay-warnings
persist-remote-ip
Screenshot of Advanced tab with correct settings
- Open the
Keys tab:
Static Key:
-----BEGIN OpenVPN Static key V1-----
5bb417a376709d2a5456718f34fe4b3e
e8de0596548c5afd6fcde25d882c1249
b122d52365257aa33708527fda8e8ac5
f57180703ba8e2fc4e5c94da0e575cd5
cc5b2a3793476165ae748f97975b24bc
844ce6491356a51295c73be20ed420f6
96d650d9b79f058985a9c4ca144a80ac
1b09e08acb2cc59d75038c36bd342520
57638184a321ce5a384ae9bbc33d4c8d
b451b0dcef194d7af2b0cdd435dc13c6
f7d924f43bc802868899e4cda6aa2491
1a93652fa918c6d293913af4c528c02a
1c10d9d1d8c7863b24b86ddb916b6d1e
dbe7a30dd5b98b18bd2269fa8bf73667
47231a3cb919fb4a022d8d15dc089171
cbc26f694a35faadfe2dddbe6ae31847
-----END OpenVPN Static key V1-----
Certificate Authority:
-----BEGIN CERTIFICATE-----
MIIFrzCCA5egAwIBAgIJAMfrpz3DQ4KwMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
BAYTAlJPMQwwCgYDVQQIDANCVUMxDzANBgNVBAoMBlZQTi5BQzESMBAGA1UECwwJ
VlBOLkFDIENBMQ8wDQYDVQQDDAZWUE4uQUMxGjAYBgkqhkiG9w0BCQEWC2luZm9A
dnBuLmFjMCAXDTIyMTEyODIzMzUwNVoYDzIxMjIxMTA0MjMzNTA1WjBtMQswCQYD
VQQGEwJSTzEMMAoGA1UECAwDQlVDMQ8wDQYDVQQKDAZWUE4uQUMxEjAQBgNVBAsM
CVZQTi5BQyBDQTEPMA0GA1UEAwwGVlBOLkFDMRowGAYJKoZIhvcNAQkBFgtpbmZv
QHZwbi5hYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPdFphWYiuDi
XwSMJaumETXUDF8QJGpADaHNFfRvqSLteiR8vJaPnZNiRqU3kGM4O1VKv1bMBadh
LWJ+dCQ6HXtdn8wzs+Lmq//wM3Ja04mJRfB7NVwI6/HHDlo4rBkkJjAjGQoV5c7T
WC5SkbCIULC4ko1xKjyO/HSJ1zeIlPHRAovuhU9KQIPBJbP9hfzrnMPjp/iSb77z
Orsasa27sGr9IZ5kPByTSaZChu1pLwPm3s/NBS/7ozXVuOZ5iLjGYai+/5h4ZWiW
XeE9Ixk0ZCYE99riktnTQJ1u/tpFBJbvmLdwAwgJKqQPL3ObZa6B8i7QzwpQTBRW
BDC2NC1BVZlBp9H5YEycaZ5WZnAUydnRAvkM3WTfn/aYvbqrbdidjKf0ZRoY3LVI
Gx945SpyjE5qm5+2azt9OJPCzZDSPpvWiiWdEOl3ORLHFkjRv+N1xIBnIXTrP0wZ
hnKWlpOnGIJKH1iPIIUcYxu2nXukGFltkNJfaEZQejz+YCTebbt3O+A1ts4L3WEr
FPP04CUyN0lpPiNVF2YiPIlB1LzHtRkRMR6pKXlSalXCGvyNeEABd16/fB3R29FU
f55/M2FtYhA0d9CXOx7CmJ4yEr4vw9uiWJgYKRbrKIx0rBEG4MIBHab0IYf+J+//
BZw/PDTAEltP9tlL8/BdnmuRUGRpbZ5TAgMBAAGjUDBOMB0GA1UdDgQWBBQIaG7f
agAscWFUnkydvdM4ebEEVzAfBgNVHSMEGDAWgBQIaG7fagAscWFUnkydvdM4ebEE
VzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQBf+VEGKz/sf8y4ofGI
RnG8x1/ULHimDpr0qy+EU8JAqCsaFgI3T6epLjDgpZ7fcm0t1Qq3OPK0fND8B7ed
1+FCLhlDOB2S73eVIvpY3E1RC2NIQMVjeBY6KjuZz33jGbUUMM6C/lOnAZVDIMPM
tmzrTs8+N8VKHdY7NWZP0BOCqswrcWOTGOklTshz7FGwexMEclpWK8g49EwnjWIA
WqmdSA/DutKkbJSvAvkTA8/YX2GBKBZICBu825OaBVjNiVWaohbcyXpOyka8ZqG5
JYFY1bCRaoJEbxlpasweQtNba8pwXAlIEOyArC03KNu5eedtUAIL+m+EX8m32tBi
Av5oKkfkh7F9HuNLqS6MJaVS2HiuxMCy/qKwXgaMa/a0lM4Xqae8wHxoy80hgb73
teUlMQ2BXgbx5J6vvlDJXTRJlmrGFurLJP962zKGe25OENBm4h/DrHnSA2aUCBAJ
01TWoYf6Go7E2E0Za6j7wGb7PwgLjIdaqXCp/YPaxg59jq4La/xqhmQ86loOe4tP
mSaV11dCKLXmROn2OVqyIHQPQp3s5YyXMqj0XfRhAK1torXdX3GIkLNFLo3osZUK
Q16p9USawvSu+XZ0UuLsF2ZjVWTUpK/3W44Ir4IdPOCABfQJWSgP1uNPSMujjn5z
ojTHVLcWtOw59HQmLHot71o5fA==
-----END CERTIFICATE-----
Screenshot of Keys tab with correct settings
Click Save in the bottom-right corner, then click Start now.
Important notes:
Tomato ROMs use a built-in script to assign the VPN DNS once connected. It is mandatory to be set to Exclusive in the Advanced tab > Accept DNS Settings.
To view the connection logs, open Administration > Debugging > Download Logs.
