A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Setting Up a VPN Server on a Tomato Router, Part 2

Setting Up a VPN Server on a Tomato Router, Part 2

By Eric Geier (Send Email)
Posted Feb 11, 2011


In the previous installment, we upgraded a wireless router with the TomatoVPN firmware and started preparing to use its VPN server. This provides an economical and secure way for remote users to access your network or connect multiple offices together. In this part, we'll configure the VPN server and clients, and then test it out.

Configuring the VPN server

Tomato Router is one way to bypass expensive equipment to give users secure remote access or connect offices. Learn how to configure the VPN server and clients as well as how to best test it out.

Now you have everything to configure the VPN server on the TomatoVPN router. Connect to the router and bring up the web-based control panel. Then click VPN Tunneling > Server(see Figure 1). Here are the settings for our configuration:

  • Start with WAN: Checked
  • Interface Type: TAP
  • Protocol: UDP
  • Port: 1194
  • Firewall: Automatic
  • Authorization Mode: TLS
  • Extra HMAC authorization: Disabled

Configuring the VPN server
Configuring the VPN server

For the Client Address Pool, uncheck it and make sure the IP address range is in the same subnet as the router. For example, if you changed the router to 192.168.50.1, put 192.168.50.50 to 192.168.50.55. That would support six simultaneous VPN clients. Simply increase the range if you are going to have more clients. Just don't conflict with the range reserved for local users, for example 192.168.50.100 to 192.168.50.149, or change the range.

Click Save to keep the changes.

Then, click the Advanced tab (see Figure 2). For Compression, select Disabled. If you want all Internet traffic of clients to flow through the VPN, such as to secure traffic on public networks, check Direct clients to redirect Internet traffic. To allow VPN clients to access each other's shared resources, check Manage Client-Specific Options and Allow Client<->Client. Otherwise, VPN clients can access the shared resources of only those computers directly connected to the local network of the TomatoVPN router hosting the server. When you're done, click Save to keep the changes.


Tomato Router Advanced tab
Tomato Router Advanced tab

Now click the Keys tab (see Figure 3)and populate the fields by copying in the contents of the following files you just created in the easy-rsakeys directory:

  • Certificate Authority - ca.crt
  • Server Certificate - server.crt
  • Server Key - server.key
  • Diffie Hellman parameters - dh1024.pem

Tomato Router Keys Tab
Tomato Router Keys Tab

Open each file in Notepad to view and copy the contents. Some files you can right-click, select Open With, and choose Notepad. Some you may have to Open and then choose Notepad as the program.

For the Server Certificate, don't include first part of file. Similar to the others, start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

When you're done, click Save.

Page 1 of 2

Thanks for your registration, follow us on our social networks to keep up-to-date