OpenVPN on TomatoUSB/Advanced Tomato Routers

This OpenVPN tutorial was created using Advanced Tomato (highly recommended) but it is similar to TomatoUSB v. 1.28 by shibby. If you have a different release and require our help, let us know.

  1. Log into Tomato web UI
  2. Open VPN > OpenVPN Client
  3. Under Client 1 > Basic tab, add the following settings:

Start with WAN: Check if you want the VPN to connect automatically on router restart
Interface Type: TUN
Protocol: UDP
Server Address: nl1.vpn.ac (choose from status page or use alternative addresses if you are in China)
Port: 88 or 12200, 26000 (same ports work with TCP)
Firewall: Automatic
Authorization mode: TLS
Username/Password Authentication: checked

insert your VPN user and pass

Username Authen. Only: checked
Extra HMAC authorization (tls-auth): outgoing (1)
Create NAT on tunnel: checked

Screenshot of Basic tab with correct settings

  1. Open the Advanced tab:

Poll Interval: 0
Redirect Internet traffic: checked
Accept DNS configuration: Exclusive
Encryption cipher: AES-128-CBC
Compression: Enabled
TLS Renegotiation Time: -1
Connection retry: 30
Verify server certificate (tls-remote): unchecked
Custom configuration:

persist-key
persist-tun
pull
nobind
tls-client
remote-cert-tls server
auth sha256
mute-replay-warnings
persist-remote-ip

Screenshot of Advanced tab with correct settings

  1. Open the Keys tab:

Static Key:

-----BEGIN OpenVPN Static key V1-----
5bb417a376709d2a5456718f34fe4b3e
e8de0596548c5afd6fcde25d882c1249
b122d52365257aa33708527fda8e8ac5
f57180703ba8e2fc4e5c94da0e575cd5
cc5b2a3793476165ae748f97975b24bc
844ce6491356a51295c73be20ed420f6
96d650d9b79f058985a9c4ca144a80ac
1b09e08acb2cc59d75038c36bd342520
57638184a321ce5a384ae9bbc33d4c8d
b451b0dcef194d7af2b0cdd435dc13c6
f7d924f43bc802868899e4cda6aa2491
1a93652fa918c6d293913af4c528c02a
1c10d9d1d8c7863b24b86ddb916b6d1e
dbe7a30dd5b98b18bd2269fa8bf73667
47231a3cb919fb4a022d8d15dc089171
cbc26f694a35faadfe2dddbe6ae31847
-----END OpenVPN Static key V1-----

Certificate Authority:

-----BEGIN CERTIFICATE-----
MIIFrTCCA5WgAwIBAgIJAMfrpz3DQ4KwMA0GCSqGSIb3DQEBDQUAMG0xCzAJBgNV
BAYTAlJPMQwwCgYDVQQIDANCVUMxDzANBgNVBAoMBlZQTi5BQzESMBAGA1UECwwJ
VlBOLkFDIENBMQ8wDQYDVQQDDAZWUE4uQUMxGjAYBgkqhkiG9w0BCQEWC2luZm9A
dnBuLmFjMB4XDTE0MDEwNTE0MzQ1OVoXDTI0MDEwMzE0MzQ1OVowbTELMAkGA1UE
BhMCUk8xDDAKBgNVBAgMA0JVQzEPMA0GA1UECgwGVlBOLkFDMRIwEAYDVQQLDAlW
UE4uQUMgQ0ExDzANBgNVBAMMBlZQTi5BQzEaMBgGCSqGSIb3DQEJARYLaW5mb0B2
cG4uYWMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD3RaYVmIrg4l8E
jCWrphE11AxfECRqQA2hzRX0b6ki7XokfLyWj52TYkalN5BjODtVSr9WzAWnYS1i
fnQkOh17XZ/MM7Pi5qv/8DNyWtOJiUXwezVcCOvxxw5aOKwZJCYwIxkKFeXO01gu
UpGwiFCwuJKNcSo8jvx0idc3iJTx0QKL7oVPSkCDwSWz/YX865zD46f4km++8zq7
GrGtu7Bq/SGeZDwck0mmQobtaS8D5t7PzQUv+6M11bjmeYi4xmGovv+YeGVoll3h
PSMZNGQmBPfa4pLZ00Cdbv7aRQSW75i3cAMICSqkDy9zm2WugfIu0M8KUEwUVgQw
tjQtQVWZQafR+WBMnGmeVmZwFMnZ0QL5DN1k35/2mL26q23YnYyn9GUaGNy1SBsf
eOUqcoxOapuftms7fTiTws2Q0j6b1oolnRDpdzkSxxZI0b/jdcSAZyF06z9MGYZy
lpaTpxiCSh9YjyCFHGMbtp17pBhZbZDSX2hGUHo8/mAk3m27dzvgNbbOC91hKxTz
9OAlMjdJaT4jVRdmIjyJQdS8x7UZETEeqSl5UmpVwhr8jXhAAXdev3wd0dvRVH+e
fzNhbWIQNHfQlzsewpieMhK+L8PboliYGCkW6yiMdKwRBuDCAR2m9CGH/ifv/wWc
Pzw0wBJbT/bZS/PwXZ5rkVBkaW2eUwIDAQABo1AwTjAdBgNVHQ4EFgQUCGhu32oA
LHFhVJ5Mnb3TOHmxBFcwHwYDVR0jBBgwFoAUCGhu32oALHFhVJ5Mnb3TOHmxBFcw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEA9PEImzfclPXsVAt8GTlI
0+ByIdPz+dbJejXexApovZ/+ko8k2qfI+y9yYgrQQOkjTI/QuZIPgGXQlLgiKaHA
b+p/6E9XDPhcflEC0p9vsUcNs3WUyOZcwAp/ifnNb0D8CV24rLouTECraGFCWgY+
7hahG1J1k9uN1rsqQRxZRB5Jt4IOTdwsoOqfTco2Q3gPbfdlP5L+cqjE1jEw/l8N
J8tZEHhU00zIc1FtDs10tCI785P2mgwiUCV/6zpAAYvnUl6LrYnJQNjIEuOWvhTJ
p1jmxuyNE03ZdtBq5bIa6WtV/Fwpr/QrVghnyf0M7vXM4KpZUdXOLwz3pr4SYjJl
4VDPui0VGykcEGtKl0HfNxWsphFT4r3XCJKslpJ/g7RVY9tDdFp3X0/CA8qIVmlv
ugT5eAJHGM5k58fM440qXA/SRrew66eso9OfMfjRaqnwlo08TRosKgvzfvAzA1MO
chg9ZSnsYJdfasSu+HJ+D1WIcquq56S8qeiNHNip79ShyqsM616995Acsn/HODNb
wZH80mMRp6NgaFNe/hU0ar01zKw8lJkx7DcI5kjxVZVtn4OE7m34lr9KxZwLB495
D+2FMZaHf+gS6U5p57/0uAebhgz0Ar5vI8IXqV1qoHgbaPhJ5lZHGM+M0FwQcC3s
K/oPdbjZvDh3X9jnhHcBIBg=
-----END CERTIFICATE-----

Screenshot of Keys tab with correct settings

Click Save in the bottom-right corner, then click Start now.

Important notes:

Tomato ROMs use a built-in script to assign the VPN DNS once connected. It is mandatory to be set to Exclusive in the Advanced tab > Accept DNS Settings.

To view the connection logs, open Administration > Debugging > Download Logs.


Other tutorials: