AirVPN Tomato configuration step-by-step guide

[Baraka 32]

Let's try one, last time:

I have Toastman's build of Tomato [v1.28.7500 MIPSR2Toastman-RT K26 VPN] installed on my Asus RT-N16 router. Before signing up for AirVPN's service, I scoured the internet for an FAQ or instruction guide to setting up on a router using Tomato as its firmware. No luck. After playing around with the settings for a couple of hours, I got it right. To help others configure the AirVPN service with this fantastic router/firmware setup, I will now give step-by-step instructions complete with a couple of screenshots.

1. Make sure you triple-check that your version of Tomato supports OpenVPN or you'll be sorry. I strongly recommend Toastman's build of Tomato because of its widespread feature support and stability.

2. Under Basic->Network, configure your 3 static DNS servers. I recommend picking ones from the OpenNIC Project because many of the servers don't keep any logs, which is consistent with this service, plus they would allow your internet service to continue functioning in the event of a government-ordered root DNS server shutdown- http://wiki.opennicproject.org/Tier2
Alternately, as a distant second option, you can go with OpenDNS (not related to OpenNIC), which is the best public DNS service, using 208.67.222.222 and 208.67.220.220 as your servers.

3. Under Basic->Time, make sure that the correct time zone and server is configured.

4. Download the vanilla OpenVPN file of your choosing under "Member Area->Access without our client" after you login to the AirVPN site. Check "Embed keys/certs in .ovpn file" and take note of your port and protocol. After downloading, text edit the file and look for your IP, again noting it (near the top after "remote").

5. For the actual configuration, please see the following two screenshots of the Basic and Advanced OpenVPN Client Configuration:

 

Under Basic, sub in your own correct protocol, IP and port in place of what I have in my own config.

In the Advanced Custom Configuration text box, the options are as follows:

resolv-retry infinite
ns-cert-type server
comp-lzo
verb 3

6. Under Keys, you'll need to again text edit your .ovpn config file and copy the matching keys and certificates to the text boxes in your router config. Everything between <ca></ca> should be copied and pasted into the Certificate Authority box. Everything between <cert></cert> should NOT be copied. Instead, you should just copy the actual certificate which starts with "-----BEGIN CERTIFICATE-----" and finishes with "-----END CERTIFICATE-----". Include both in the Client Certificate text box. Lastly, everything between <key></key> should be copied into the Client Key box. If you have a Static Key box, ignore it and it'll disappear after you save your settings and startup your VPN.

7. Save all settings.

8. Under Status, click Start Now and count for 30 seconds. Then do a traceroute to your favorite website or IP to verify that you're now being routed through AirVPN instead of your ISP's network.

Please write back to let me know that my guide is working for you. After all, I could have gotten something wrong here in my instructions to you. Just one, quick note: I have AirVPN configured on Client 2 because I have another VPN configured on Client 1. (It's awesome that you can actually switch from one VPN to another on-the-fly in Tomato.) I will be fully transitioning to AirVPN over the next few months. Just in case you were wondering.

[Baraka 32]

Why does my guide keep on disappearing?!? Really, really, REALLY frustrating after trying to make a simple post for the past 3 hours.

[Staff 9972]

Why does my guide keep on disappearing?!? Really, really, REALLY frustrating after trying to make a simple post for the past 3 hours.

Hello!

It does not disappear, on the contrary thank you very much for the very nice guide!

It can be read by anyone here:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=2&id=6652&Itemid=142#6652

Each time you edit it a moderator must approve it again, this may be the reason for which after an editing you can't see it for a little while. Some delay for the approval was due to the advertising of the image hoster reported in the screenshots (ads are forbidden in the forum) but it was decided to publish it anyway.

We will also evaluate to put it in the "Enter" pages for Tomato. Also, apparently Tomato works better than DD-WRT.

Thank you again.

Kind regards

[Baraka 32]

Ok. Thank you for the explanation.

I'm sorry that there are any ads with my two screenshots, but that was the only non-foreign site that I could find which would let me post public pics without registering. Please feel free to copy the images to this site, so you can avoid that problem. Even better, you can get rid of the thumbnail images (hotlinking is not allowed by the current host) and include the full images directly in the guide.

I used DD-WRT for more than a year. Although it's very well designed and contains countless options, allowing for very complicated configurations usually reserved for expensive enterprise switching equipment, the wireless drivers are lousy. The guy who originally came up with Tomato wanted the functionality of DD-WRT, but the configuration ease of your average firmware. When he abandoned his project, it was taken up by several different people, Toastman being one of them.

Because there is no ideological barrier preventing Tomato from using the best wireless drivers available (DD-WRT is completely open source, including the wireless drivers), I think it's the best firmware out there. I don't say this lightly, either, because I believe very strongly in open source software and have a year and a half's worth of experience in comparing DD-WRT and Tomato. Unless you're running a complex LAN, virtual interfaces, and/or a wired-only setup, Tomato wins hands down.

One more thing: as far as the OpenVPN implementation goes, I've heard all sorts of things about DD-WRT. Some reports say that Buffalo routers, which make use of the Atheros chipset, are notoriously troublesome for some VPN configs. And after using two Buffalo routers running DD-WRT for over a year, I believe them. Although I can't speak personally to a VPN config on Buffalo/DD-WRT, since I never used one at the time, these were probably the flakiest routers I've ever used in my life.

p.s. Atheros-based routers CANNOT run Tomato, only the native OEM firmware and DD-WRT. Tomato only works with Broadcom-based routers. AFAIK, the Asus RT-N16 is the #1 router in the world for running Tomato. I did my homework before buying and couldn't be more pleased with my decision.

Each time you edit it a moderator must approve it again, this may be the reason for which after an editing you can't see it for a little while. Some delay for the approval was due to the advertising of the image hoster reported in the screenshots (ads are forbidden in the forum) but it was decided to publish it anyway.

We will also evaluate to put it in the "Enter" pages for Tomato. Also, apparently Tomato works better than DD-WRT.

Thank you again.

Kind regards

[Baraka 32]

If you plan on introducing this guide on your Enter page, here's a good graphic you can play with and use:

http://img.gawkerassets.com/img/17w29wndv11e1jpg/original.jpg

[TiredAndHappy 0]

Thanks a lot!

Worked for me with tomato-ND-1.28.7633-Toastman-IPT-ND-SmallVPN on Buffalo WHR-G54S

[Baraka 32]

Fantastic! I'm really happy I could save you a bunch of time because of my guide. Hopefully another couple of people can confirm here that my guide works, too. Then it can be officially adopted by this site off of the Enter page. That would be so cool.

Thanks a lot!

Worked for me with tomato-ND-1.28.7633-Toastman-IPT-ND-SmallVPN on Buffalo WHR-G54S

[Baraka 32]

Toastman's Tomato firmware can be found here-
http://toastmanfirmware.yolasite.com/

The actual firmware is archived here-
http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html

The newest VPN build for the Asus RT-N16 router has a filename of tomato-K26-1.28.7501MIPSR2Toastman-RT-VPN.trx

An installation guide for Asus routers is here-
http://tomatousb.org/tut:installing-on-asus-rt-n16

Follow the 30-30-30 reset instructions here (the Telnet method is simple and excellent)-
http://www.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30

Installation really isn't very difficult. Just remember to unplug every cable from your router- except for the cable interfacing with your computer, and the the one running to your AC adapter- before flashing it with the new firmware.

[Staff 9972]

Fantastic! I'm really happy I could save you a bunch of time because of my guide. Hopefully another couple of people can confirm here that my guide works, too. Then it can be officially adopted by this site off of the Enter page. That would be so cool.

Hello!

It is in the "Enter" page now (with an inessential modification), thank you! Check the expiration date of your account.

Kind regards

[Baraka 32]

Thank you so much! I'm only too happy to help, but greatly appreciate the credit in the guide and the extension in my subscription. Using Tomato on a supported router is the best and simplest configuration for running a VPN. My hope is that a lot more people start adopting it. That way you'll get FAR fewer complaints about DNS leaks and running multiple computers over the VPN

[Ernst89 11]

I can confirm it works for IPv4. Speed wasn't great on a ASUS rt-n16, a superficial test looked to be in the region of 10Mb/s.

However IPv6 seemed to bypass it.

Thanks

[ringtin 3]

Hi there,

I used your guide as a general 'confidence booster' to load AsusWRT-Merlin 3.0.0.4.266.23 onto my new (for Christmas) Asus rt-n66u router and although the difference between Toastman and Merlin firmwares are substantial, they apparently both use the Tomato VPN module.

My results are total stability and that great feeling of being anonymous, no matter what computer or wireless device I use in the house. I haven't had a single reset or dropout in almost a month of running.

On a side note, most credit must go to AirVPN for the best VPN service I've found in several years of anonymous use. I started out with a year at the redoubtable anonymizer.com service, spent another couple of years with HMA Pro, and Astrill services, and none of them compare to AirVPN. I just hope that the AirVPN superiority doesn't lead to overcrowding and overloading like seems to be so common in online VPN services.

Great job guys. Much appreciated.

[unn4m3d 2]

Hey guys, 

i want to buy a Router thats supports OpenVPN and I think it is going to be the Asus RT-N16. My Setup is going to be the following:

 

Fritzbox 7270 (which is connected to the ISP, DSL 6Mbit) --> RT-N16 (VPN Tunnel via AirVPN) --> Clients (LAN+WLAN)

 

I just don't know if Port-Forwarding is still possible under those circumstances? Any ideas ore recommendations?

[Baraka 32]

Although I can't comment on that particular config (I don't know the Fritzbox), if you're using Toastman's Tomato then there are plenty of port forwarding options included in the firmware.

[unn4m3d 2]

I bought the Linksys E3000 on eBay yesterday, great deal.

 

I will give feedback in here when everything is set up.

 

Which build of Toastmans Tomato is the most stable?

[Baraka 32]

Which build of Toastmans Tomato is the most stable?

 

You can try the one I'm using (see above), or use the latest version. Actually, it would be good to hear some feedback on the latest version, since my guide hasn't been tested with it yet.

 

FYI, Toastman's builds of Tomato are the most stable. That's why I chose it over other builds of Tomato.

[hang10z 0]

Any Chance there is an alternative copy or location of those screenshots??  They are too small to read.

[Staff 9972]

Any Chance there is an alternative copy or location of those screenshots??  They are too small to read.

 

Hello!

 

You're right, something happened on the image hosting service (we see that the images were not uploaded on our servers, but they were just fine some time ago... something went wrong when we migrated to the new system).  As a temporary, quick work-around, refer to the pictures here:

http://www.pixhost.org/show/3984/15431130_1-tomato_config_basic.png

http://www.pixhost.org/show/3984/15431131_2-tomato_config_adv.png

 

or to the guide in the "Enter" menu https://airvpn.org/tomato

 

to get the parameters you miss for the configuration. Feel free to contact us for any doubt in any field.

 

EDIT: the pics in the original post have been fixed.

 

Kind regards

[Xiocus 9]

This worked like a charm!!...

 

I just got a new ASUS RT-N15U flashed with Shibby K26USB-1.28.RT-N5x-MIPSR2-109-Big-VPN, it is connected WAN to LAN to my ISP router modern, I did follow your steps and everything it is working perfectly. Now I got 2 wireless, one though the ASUS with AirVPN connection and the second one straight to my ISP router.

 

I just got a little trouble that I'm trying to figure out... Port forwarding "Not reachable on server IP over the external port XXXXX, tcp protocol. Error : 111 - Connection refused" that is the report form the AirVPN Client Area. This was/is working fine if I use the OpenVPN client, even through the 2 routers but, not when I start the client on Tomato. I will keep working on this enigma.

 

Thanks for the guide Baraka!!... You made my life much more easier!!

[Staff 9972]

@Xiocus

 

Hello,

 

you need to setup a basic DNAT on your router (just a few additional iptables rules), please see here:

https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables

 

Kind regards

[Xiocus 9]

  What a five star support you are guys!!!

[Royee 10]

Hi total newbie here,  only been using AirVPN for a few weeks now but feel a whole heap safer just some questions if I may ask 

 

1.  Is this a guide to put AirVPN into a suitable router,  so one does not need to run it manually each time I switch on the pc ?

 

2.  I assume I am protected ALWAYs then under Airvpn+my router,  as long as I am paying subscription to AirVPN ?

 

3. If I get a router,  can I get one that will work for BT ADSL/Fiber optic and also Virgin BB,  that way if in future which ever broadband provider I go with its already sorted and VPN enabled,  any recommendations on which one ?  Or shall I go for that Asus model mentioned since that is a router only it appears?

 

Thanks!

Keep up the great work and thanks for the guide

[Staff 9972]

Hello!

 

1. Yes: https://airvpn.org/tomato and https://airvpn.org/ddwrt You can anyway run OpenVPN automatically at your system startup, you don't need to launch it manually.

 

2. Your question is somehow unclear, can you please elaborate and explain what you mean with protection?

 

Kind regards

[Royee 10]

Oh protection as in secure under AirVPNs high level encryption....

 

Anyone got any suggestions on a decent All in one router that maybe is fiber/bt/virgin compatible also ?

[Staff 9972]

Hello!

 

In this case the answer is yes, as long as your system is connected.

 

We always need to clarify because "protection" is sometimes meant by Windows users as protection against malware. AirVPN is not an antimalware tool and should never be used as such.

 

Kind regards