Looking to set up a virtual private network (VPN)? You don’t have to buy expensive equipment to set up a VPN to give users secure remote access or connect offices together. Small and midisze businesses especially can take advantage of lower-cost alternatives.
Building a VPN? Tomato Router is one way to bypass expensive equipment to give users secure remote access or connect offices.
Microsoft gives you VPN server and client functionality right in Windows; however, the feature-set is limited, and only Vista versions and later offer good security. One alternative we’re going to discuss is installing aftermarket firmware on a wireless router loaded with the free OpenVPN server and client. We already covered this with the DD-WRT firmware. Now, we’ll look at the Tomato firmware, using the TomatoVPN variant.
Get a Compatible Router
You can’t use the Tomato firmware on just any wireless router. Make sure you have (or get) one that’s compatible. Vendors with supported routers include Linksys, Buffalo, and Asus. To check your specific model and version, refer to the Tomato FAQ.
Once you’ve verified your router is compatible, download and install the firmware.
This tutorial is written using the 1.27vpn3.6 release of TomatoVPN, which uses the OpenVPN 2.1.1 server and client. Then on a PC, I’ll use OpenVPN 2.1.4 for creating SSL certificates and for VPN client functionality on PCs.
Initial Login
Start by connecting to the TomatoVPN router and logging into the web-based control panel. Open your browser and enter the default IP address of 192.168.1.1. Then, login with the default username and password, which are both “admin”.
Before playing with the VPN features, be sure to configure the basics so you’re secure: wireless settings (including WPA or WPA2 security) and the router’s password for the control panel.
Change the Router’s Subnet and IP
Since VPN connections link networks together, you must be careful with the subnet and IP addressing so there aren’t any conflicts. The TomatoVPN default IP of 192.168.1.1 is one of the most common among all routers, and it and will likely cause a problem. Use something that’s not a common default, such as 192.168.50.1. If you have multiple offices, assign each to a different IP/subnet, such as 192.168.51.1 and 192.168.52.1.
To change the TomatoVPN router, connect and bring up the web-based control panel by entering the IP address (192.168.1.1) into a web browser. Then click Basic > Network (see Figure 1). Change the Router IP Address, such as 192.168.50.1 and adjust the IP Address Range accordingly, such as 192.168.50.100 – 192.168.50.149. Then click Save.
Figure 1 The Tomato VPN Router |
Now you must use the new IP to login to the TomatoVPN control panel.
Signup and Configure a Dynamic DNS Service
If the Internet connection where you want to set up the VPN server uses a dynamic or changing IP address rather than a static one, you should use a dynamic DNS service. Otherwise, you’ll have to manually keep track of the Internet connection’s IP and update it on clients when it changes.
Sign up for a dynamic DNS service, such as from No-IP. Then, on the TomatoVPN router, click Basic > DDNS, and input the details for the service. Your router will automatically update your hostname to point to your current IP address. You’ll input your hostname on the client VPN configuration rather than the IP address.