Jump to content
Not connected, Your IP: 3.17.181.181
Sign in to follow this  
mikolajsobczak

question about correct vpn configuration for use with tomato router

Recommended Posts

Hello,

 

I was setting up my Tomato router with airvpn as a ovpn client.

and i looked at the tutorial for tomato router on this website: https://airvpn.org/tomato/

the page describes the following:

 

In the Advanced Custom Configuration text box, the options are as follows:

resolv-retry infinitens-cert-type servercomp-lzoverb 3

 

 

but when i go to the config generator page: https://airvpn.org/generator/

and select router, server, protocol and port number i want. (i choose for TCP on port 443)

and choose for the option: "Separate keys/certs from .ovpn file"

and download the files and open it, i see that in the file is used the following Advanced Custom Configuration options:

 

resolv-retry infinite
nobind
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3

 

 

Now i'm not sure about what would be the best or the correct options of these 2 to fill in my router at the Advanced Custom Configuration field.?

or could it be possible that the tomato tutorial on the airvpn website is outdated at the moment? i don't know.

 

at the moment i have use the options from the file that i got from the config generator, but i'm not sure if this is the best choice?

i would be happy if somebody could explain me, or tell me which one of these 2 different options would be the best for using ovpn with tcp

 

 

thank you very much,

a happy client

Share this post


Link to post

Hello!
 
The difference is in the "nobind" directive, because the correct cipher is already set in the graphical configuration page.
 
 

 

--bind Bind to local address and port. This is the default unless any of --proto tcp-client , --http-proxy or --socks-proxy are used.                     --nobind Do not bind to local address and port. The IP stack will allocate a dynamic port for returning packets. Since the value of the dynamic port could not be known in advance by a peer, this option is only suitable for peers which will be initiating connections by using the --remote option.

Therefore there's no difference if you declare nobind or not in a Tomato router when connecting in TCP mode.

Kind regards

 

Share this post


Link to post

okay, thank you.

 

but what about the ciper option? (cipher AES-256-CBC)

 

 

and how about user certificate, there is no need to enter the 2 hashes from inside the certificate? only the code from certificate?

Share this post


Link to post

okay, thank you.

 

but what about the ciper option? (cipher AES-256-CBC)

 

 

Hello!

 

See our previous answer.

 

and how about user certificate, there is no need to enter the 2 hashes from inside the certificate? only the code from certificate?

 

It's unclear what you mean. You need to paste the whole certificate, from "----- BEGIN CERTIFICATE" up to "END CERTIFICATE -----"

 

You have to paste both the ca.crt and the user.crt certificates, as well as the user.key

 

Kind regards

Share this post


Link to post

Hello, what i mean is that in there is inside the user certificate a lot more then only: "----- BEGIN CERTIFICATE" up to "END CERTIFICATE -----"

 

and it starts with things like these:

 

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:

 

  Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
 

 

  X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier:
 

 

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature
    Signature Algorithm: sha1WithRSAEncryption
 

 

(i did not copy the full text to paste above here, maybe there is some critical info inside it)

but i hope you have now an understanding of what i did mean?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...