Thursday, March 19, 2009

Client-specific options

Of the new features in TomatoVPN 1.23vpn3.0000, the new client-specific options feature may be overshadowed by the more visible GUI overhaul and server status AJAX display. However, it is the feature I'm personally most excited about, so I thought I'd post to shed some light on it.

Using this option, you can have full bidirectional site-to-site TLS VPNs with no Custom Configuration or init scripts.

Selecting this option displays a table where you fill in the Common Name (from when you generated the TLS certificates), subnet (optional), and netmask (optional). If you fill in the subnet and netmask of the client, your server LAN will be able to communicate with your client LAN whenever it's connected (be sure not to choose the NAT option on the client router). Without this, you're stuck with just client->server communication.

If you also select the "Allow Client<->Client" option, another checkbox appears in the table that, when selected, allows other clients (or client LANs) to communicate with this client LAN. So, now you can have multiple sites all connected together with communication between any of them as desired.

An "allow only these clients" option is also present. With this selected, clients that aren't in the table are not allowed to connect. If you want to allow a client that doesn't have a LAN behind it (or you don't want to allow access to it), just put it in the table and leave the subnet/netmask blank.

With these options, this release removed the biggest limitation that's been present since the first release: having the VPN limited to client-initiated connections.

Feedback on this new feature is, of course, welcome and appreciated.

Sunday, March 15, 2009

1.23vpn3.0000 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:Changes from 1.23vpn2.0006
  • Split the GUI into sections
  • Added server status to the GUI (via AJAX)
  • Make client-specific options (client-config-dir) configurable via GUI.
  • service vpn[server|client][1|2] now checks if already started
    • This makes the vpnup.sh script unnecessary.
  • Re-upgraded OpenVPN to 2.1rc15 from 2.1rc13
    • The downgrade didn't seem to solve anything
  • Various code cleanups/improvements

Older releases

Older releases can be found at the following locations:
  • Build 1.23vpn2.0006 can be downloaded here.
  • Build 1.23vpn2.0005 can be downloaded here.
  • Build 1.22vpn2.0005 can be downloaded here.
  • Build 1.22vpn2.0004 can be downloaded here.
  • Build 1.22vpn2.0002 can be downloaded here. Bug in automatic firewall rules; use newer builds.
  • Build 1.21vpn2.0001 can be downloaded here.
  • Build 1.21vpn1.0017 can be downloaded here.
  • Build 1.21vpn1.0016 can be downloaded here. Bug when using tcp; use newer builds.
  • Build 1.21vpn0087 can be downloaded here.