About Tomato Firmware
Tomato is a small, lean and simple replacement firmware for Linksys' WRT54G/GL/GS, Buffalo WHR-G54S/WHR-HP-G54 and other Broadcom-based routers.
Official website: http://www.polarcloud.com/tomato.
- Make sure you triple-check that your version of Tomato supports OpenVPN or you'll be sorry. I strongly recommend Toastman's build of Tomato because of its widespread feature support and stability.
- Under Basic->Network, configure your 3 static DNS servers. If you wish to use the AirVPN DNS set 10.4.0.1 as first DNS IP address. The Air DNS will enable you to access internal Air services, geo-routing services and bypass ICE/ICANN USA censorship (more information here).
About the others, I recommend picking ones from the OpenNIC Project because many of the servers don't keep any logs, which is consistent with the Air service, plus they would allow your internet service to continue functioning in the event of a government-ordered root DNS server shutdown- https://servers.opennic.org/
- Under Basic->Time, make sure that the correct time zone and server is configured.
- Download the OpenVPN (.ovpn) file of your choosing under "Client Area -> Config Generator" after you log in the AirVPN site. In the Configuration Generator make sure to tick "Advanced Mode" and "Separate certs/keys from .ovpn files".
In order to determine the IP address of the server you wish to connect to, please resolve "servername.airservers.org". For example, for Acrux resolve "acrux.airservers.org". Find the server names by looking at Status page.
- For the actual configuration, please see the following two screenshots of the Basic and Advanced OpenVPN Client Configuration:
Under Basic, sub in your own correct protocol, IP and port in place of what I have in my own config.
In the Advanced Custom Configuration text box, the options are as follows:
resolv-retry infinite remote-cert-tls server comp-lzo verb 3
- Under Keys, you'll need to again text edit your user.key, user.crt, ca.crt and ta.key files, copy the matching keys and certificates and paste them into the text boxes in your router config.
- ta.key is the Static Key
- ca.crt is the Certificate Authority certificate (in some older builds, "Server certificate")
- user.crt is the Client Certificate
- user.key is the Client Key
- About certificates files (user.crt and ca.crt) content, just copy and paste from "-----BEGIN CERTIFICATE-----" (included) up to "-----END CERTIFICATE-----" (included).
- Save all settings.
- Under Status, click Start Now and count for 30 seconds. Go to https://airvpn.org and at the bottom of the screen it should show you are connected or visit https://ipleak.net for check.
- Toastman's build of Tomato [v1.28.7500 MIPSR2Toastman-RT K26 VPN] on Asus RT-N16 router.
- Tomato-ND-1.28.7633-Toastman-IPT-ND-SmallVPN on Buffalo WHR-G54S
For any comment or feedback, you can find the discussion here.
Thanks to Baraka for this article.