question about correct vpn configuration for use with tomato router

[mikolajsobczak 1]

Hello,

 

I was setting up my Tomato router with airvpn as a ovpn client.

and i looked at the tutorial for tomato router on this website: https://airvpn.org/tomato/

the page describes the following:

 

In the Advanced Custom Configuration text box, the options are as follows:

resolv-retry infinitens-cert-type servercomp-lzoverb 3

 

 

but when i go to the config generator page: https://airvpn.org/generator/

and select router, server, protocol and port number i want. (i choose for TCP on port 443)

and choose for the option: "Separate keys/certs from .ovpn file"

and download the files and open it, i see that in the file is used the following Advanced Custom Configuration options:

 

resolv-retry infinite
nobind
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3

 

 

Now i'm not sure about what would be the best or the correct options of these 2 to fill in my router at the Advanced Custom Configuration field.?

or could it be possible that the tomato tutorial on the airvpn website is outdated at the moment? i don't know.

 

at the moment i have use the options from the file that i got from the config generator, but i'm not sure if this is the best choice?

i would be happy if somebody could explain me, or tell me which one of these 2 different options would be the best for using ovpn with tcp

 

 

thank you very much,

a happy client

[Staff 9750]

Hello!
 
The difference is in the "nobind" directive, because the correct cipher is already set in the graphical configuration page.
 
 

 

--bind Bind to local address and port. This is the default unless any of --proto tcp-client , --http-proxy or --socks-proxy are used.                     --nobind Do not bind to local address and port. The IP stack will allocate a dynamic port for returning packets. Since the value of the dynamic port could not be known in advance by a peer, this option is only suitable for peers which will be initiating connections by using the --remote option.

Therefore there's no difference if you declare nobind or not in a Tomato router when connecting in TCP mode.

Kind regards

 

[mikolajsobczak 1]

okay, thank you.

 

but what about the ciper option? (cipher AES-256-CBC)

 

 

and how about user certificate, there is no need to enter the 2 hashes from inside the certificate? only the code from certificate?

[Staff 9750]

okay, thank you.

 

but what about the ciper option? (cipher AES-256-CBC)

 

 

Hello!

 

See our previous answer.

 

and how about user certificate, there is no need to enter the 2 hashes from inside the certificate? only the code from certificate?

 

It's unclear what you mean. You need to paste the whole certificate, from "----- BEGIN CERTIFICATE" up to "END CERTIFICATE -----"

 

You have to paste both the ca.crt and the user.crt certificates, as well as the user.key

 

Kind regards

[mikolajsobczak 1]

Hello, what i mean is that in there is inside the user certificate a lot more then only: "----- BEGIN CERTIFICATE" up to "END CERTIFICATE -----"

 

and it starts with things like these:

 

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:

 

  Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
 

 

  X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier:
 

 

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature
    Signature Algorithm: sha1WithRSAEncryption
 

 

(i did not copy the full text to paste above here, maybe there is some critical info inside it)

but i hope you have now an understanding of what i did mean?

[Staff 9750]

Hello,

 

you need to paste from "----- BEGIN CERTIFICATE" up to "END CERTIFICATE -----"

 

Kind regards