This is a log to try OpenVPN.
Router: Cisco E3000 w/ Tomato 1.28-116 K26 by Shibby
Phone: iOS 7
Computer: Windows 8.1 x64
1. Download OpenVPN at: http://openvpn.net/index.php/open-source/downloads.html
choose Windows Installer (64bit), then install with all the components.
2. Creating the Certificates and keys
Run Windows Command Prompt (cmd) as Administrator:
cd C:Program FilesOpenVPNeasy-rsa init-config
This will copy vars.bat and openssl.cnf to easy-rsa folder
Open notepad and edit vars.bat, fill the following at the end of file:
set KEY_COUNTRY= set KEY_PROVINCE= set KEY_CITY= set KEY_ORG= set KEY_EMAIL=
Save. Then type the following: (when at the 3rd command => build-ca, hit ‘Enter’ for everything except ‘Common Name Parameter’, enter something, eg: MyName)
vars clean-all build-ca
3. Now build a key for a client, I name it ‘mobile’
vars build-key mobile
Also hit ‘Enter’ for everything except ‘Common Name’ parameter, make it the same as in previous step.
Type ‘y’ for both ‘sign’ and ‘commit’ when asked.
4. Build key for server, I name it ‘Tomato’
vars build-key-server Tomato
Also hit ‘enter’ for everyhing except ‘Common Name’ parameter, make it the same as in previous step.
Type ‘y’ for both sign and commit when asked. If the procedure failed due to “TXT database update, number 2” , go to keys folder in easy-rsa, and use notepad to empty “index.txt”
5. Generate the Diffie Hellman Parameters
6. Creating the configuration files for client
in C:Program FilesOpenVPNsample-config, backup client.ovpn. Then edit it to look like the following:
client dev tun proto tcp #Get a Dynamic DNS address for the router and config it in the Router "DDNS" #section, then use it here remote xxxx.dyndns.org 1194 resolv-retry infinite nobind persist-key persist-tun #Use the name when generating client ns-cert-type server cipher AES-128-CBC comp-lzo verb 4 #There are two ways to put ca.crt, mobile.crt, mobile.key #The first way is to put all three files in the same folder as *.ovpn file, and use the following: ;ca ca.crt ;cert mobile.crt ;key mobile.key #The second way is to include everything in a single file #Copy entire --begin-- and --end--- section in those file to the corresponding sections below, include "begin" and "end" lines <ca> </ca> <cert> </cert> <key> </key>
7. Configure Tomato’s VPN: in VPN Tunneling section, OpenVPN server, I configured them as the following:
Start with WAN --> yes Interface Type --> TUN Protocol --> TCP Port --> 1194 Firewall --> Auto Authorization Mode -->TLS Extra HMAC authorization (tls-auth) -->disable VPN subnet/netmask -->10.8.0.0
Poll Interval 0 (in minutes, 0 to disable) Direct clients to redirect Internet traffic-->NO Respond to DNS -->Yes Advertise DNS to clients -->yes Encryption cipher -->AES-128-CBC Compression -->adaptive The other remain unchange
keys folder, find:
ca.crt (Certificate Authority) Tomato.crt (server certificate) Tomato.key (server key) dh1024.pem
Copy codes after —–BEGIN CERTIFICATE—– section in each files to “Keys” settings in the router
Click “Save” !!
Click “Start Now”
If there’s no problem, OpenVPN server will start running now.
8. Configure iPhone
in AppStore, download OpenVPN app
Connect it to computer and use itunes or other tools, copy:
ca.crt client.ovpn mobile.crt mobile.key
to OpenVPN folder. Open the app, add profile, Now connect it.
If there is no error, the Phone should connect to Home Network now.
My note: iOS doesn’t support TAP mode (TAP: as if a real ethernet card connects to the Home Network)
If I want the client settings to use on a laptop. I should change:
client.ovpn to TAP
Router Settings to TAP
9. If I want to use laptop as a client and connect to router, install OpenVPN on the laptop, put *.ovpn and related keys & certificates (If any) to “config” folder within OpenVPN installation folder. And start OpenVPN Gui. –> Connect
***Make sure to modify both *.ovpn and Router to TAP mode, so laptop will act as a ‘real’ computer in the Home network***
If I am using TAP, and router is configured to ipv6, from my experiment, with latest version of OpenVPN, my Laptop gets ipv6 address as well.
TAP supports many protocols include IPv6.
My laptop (Ultrabook) doesn’t have an ethernet card, only has a usb-based wireless adapter. So under Windows 8.1, the TAP-Win32 driver included in OpenVPN package has some problems in this situation. In order for TAP to function, Tap-Win32 adapter has to be DHCP for my server configurations. But the TAP adapter on my laptop automatically resets to obtain a private IP 10.127.127.1 every time after I restart my computer instead of DHCP mode.
So I wrote a command line batch file (.bat) to set it to DHCP automatically before I start openvpn_gui.
I name Tap-Win32 adapter to “My_Tap” in control panel, and create a file: OpenVPN.bat
netsh interface ip set address "My_Tap" dhcp start "" "C:Program FilesOpenVPNbinopenvpn-gui.exe"
I put the file in OpenVPN folder and put a shortcut to this batch file on the Desktop. Set it to run as Admin, and assign a nice network icon to it.
So every time I click this shortcut, it will set the adapter it DHCP and run openvpn_gui and close the command line window.
If I want to use router as a VPN client, look: http://www.strongvpn.com/setup_tomato_openvpn.shtml