- 1 Vapor IO Brings OpenDCRE to General Availability
- 2 VMware Takes the Wraps Off vRealize Automation and vRealize Business
- 3 Microsoft Previews Hyper-V Containers for Windows Server 2016
- 4 Mirantis Led FUEL Project Gets Installed Under OpenStack Big Tent
- 5 Red Hat Enterprise Linux 7.2 Adds Security, DR Features
Setting Up a VPN Server on a Tomato Router, Part 2 Page 2
Starting the VPN Server
You should now be all ready to start the VPN server. On any of the server tabs, hit the Start Now button. If successful, the button should change to Stop Now and you should see General Statistics on the Status tab.
Configure Clients on Computers
Tomato Router is one way to bypass expensive equipment to give users secure remote access or connect offices. Learn how to configure the VPN server and clients as well as how to best test it out.
Now you can configure client computers that you want to connect to the VPN server. Start by downloading and installing OpenVPN on each PC. Next, open Notepad and paste in the following:
remote XXX.XXX.XXX.XXX 1194
Replace the remote address at the beginning with your WAN or Internet IP address. You could alternatively use a hostname, such as from a dynamic DNS service, if your Internet connection doesn't have a static IP. Also, make sure the filenames of the client certificate and key are correct.
Save the Notepad file with an .ovpn extension to the following location: C:Program FilesOpenVPNconfig.
Now copy the CA certificate (ca.crt) and client certificate and key (i.e., client1.crt & client1.key) from the PC you created the PKI on to that same location (C:Program FilesOpenVPNconfig) on the client computer.
The client settings are set so you can connect. Click Start > All Programs > OpenVPN > OpenVPN GUI. Then right-click the OpenVPN GUI icon in the system tray and click Connect.
Configure Clients on Additional TomatoVPN Routers
If you want to connect entire offices to the VPN server, you can set up additional TomatoVPN routers at other locations. You can use the VPN client on the router so all users on the remote network will have access.
Connect to the router and bring up the web-based control panel. Then click VPN Tunneling > Client. On the Basic tab (see Figure 4), you will probably want to enable Start with WAN so the VPN client automatically starts when the router boots up. Enter the WAN or Internet IP address of the TomatoVPN router that's hosting the VPN server for the Server Address. You could alternatively use a hostname, such as from a dynamic DNS service if your Internet connection doesn't have a static IP. You can probably leave the defaults for the other settings. Click Save to keep the changes.
Click the Advanced , and for Compression, select Disabled. Then click Save.
Next, click the Keys tab and populate the fields by copying in the contents of the following files you created in the easy-rsakeys directory:
- Certificate Authority - ca.crt
- Client Certificate - i.e. client1.crt
- Client Key - i.e. client1.key
|Tomato Router Basic Tab|
For the Client Certificate, don't include first part of file. Similar to the others, start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.
When you're done, click Save. Then to connect, click Start Now. If successful, the button should change to Stop Now and you'll see the General Statistics on the Status tab.
Test It Out
Once connected, you should be able to access the network resources and shares on the local network of the TomatoVPN router hosting the server.
If you want to test your setup without going to another location, connect the TomatoVPN router hosting the VPN server from the WAN/Internet port to an Ethernet port on another router. To test a client connection on a PC, connect to the other router and configure the OpenVPN client with the WAN IP address of the TomatoVPN router. This simulates a connection from the Internet. Once you're done and want to use it via the Internet, discount the TomatoVPN router and hook it directly to the Internet modem.
Eric Geier is the founder and CEO of NoWiresSecurity, which helps businesses easily protect their Wi-Fi with enterprise-level encryption by offering an outsourced RADIUS/802.1X authentication service. He is also the author of many networking and computing books, for brands such as For Dummies and Cisco Press.