Monday, June 1, 2009

1.25vpn3.3 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:
Notable changes from 1.23vpn3.2
  • Moved to Tomato 1.25 baseline
  • AES cipher available! (Thanks fyellin!)
  • GUI option for redirecting internet traffic over tunnel
    • Options available for client and for server
  • GUI option to push DNS directives to clients
  • GUI option for client to accept DNS options from server
  • OpenVPN upgraded to 2.1rc16
  • Various code cleanups/improvements


  1. just upgraded my two routers at server and client sides. Redirect Internet traffic works wonderfully.

  2. Cant wait to get home and give this a shot,one question is there anything out there for WAP's? other than the flakey DDWRT firwares thanks.

  3. which one should I DL the "ND" or non "ND" thanks

  4. @madneon:
    I'm not sure what's out there for simple access points. You'll have to do some searching for your particular model.
    To determine if you can run the ND (updated broadcom wireless driver) version, see this thread at the forums

  5. I can't start the VPN service, my first time on this firmware.
    Can someone give me a suggestion?

    Here is what I found on log file.

    Jun 8 11:32:06 router kernel: device tun21 entered promiscuous mode
    Jun 8 11:32:07 router daemon.notice openvpn[21484]: OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009
    Jun 8 11:32:07 router daemon.warn openvpn[21484]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Jun 8 11:32:07 router daemon.err openvpn[21484]: Cannot load DH parameters from dh.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Jun 8 11:32:07 router daemon.notice openvpn[21484]: Exiting
    Jun 8 11:32:07 router init[1]: VPN_LOG_ERROR: 719: Starting VPN instance failed...

  6. @ZeroCoolZ:
    Looks like you haven't filled in all the fields in the Keys tab.
    If you continue to have trouble please post to the forums (link in the header block).

  7. Could please anyone confirm if this firmware has USB support? I need it for my wl-500gP v2.

  8. @thezerox:
    It does not have USB support. However, there are builds that include my changes plus USB support. For instance, see here.

  9. I'm having DHCP problems with this build. I was having no such problems with 1.23. The error is this from the logs:

    udhcpc[295]: Sending renew...
    udhcpc[295]: Lease lost, entering init state
    udhcpc[295]: Sending discover...
    udhcpc[295]: Sending select for
    udhcpc[295]: Sending select for ...
    udhcpc[295]: Sending select for ...
    udhcpc[295]: Sending discover...
    udhcpc[295]: Sending discover...

    The router never gets an IP. My ISP is Charter.

  10. I have a bug report. If you disable compression, it writes "comp-lzo no" into the config file. This seems to be incorrect, as compression comes on anyway. I think the comp-lzo line needs to be left off entirely if no compression is to be used.

  11. @Ryan:
    Not according to the OpenVPN manual. The values can be "yes", "no", or "adaptive".

  12. @Keith
    It looks like you're right. However, when I use the GUI to select the no option, in the config file it is "comp-lzo no", yet compression is still on. I've been playing with it, and there doesn't seem to be a way to get it to connect to a non-compression openvpn server. (If you try it connects but the packets never make it, probably because the client is compressing them and the server isn't decompressing, so the checksums fail horribly.) Even with comp-lzo no in the config, the /var/log/messages has a log line that indicates that the compression code is initializing and in use. The sample OpenVPN config file that comes with the package just uses "comp-lzo" with no option to turn it on, and comments out the line to turn it off. I'm wondering if the config parser doesn't do what it ought to and just turns on compression as soon as it sees comp-lzo?

  13. @Ryan:
    comp-lzo with no second parameter is the same as "comp-lzo adaptive". You might try that.
    Here's something else to try:
    1. Start the client
    2. SSH/telnet to the router
    3. Run "killall vpnclient1"
    4. Edit /etc/openvpn/client1/config.ovpn to get rid of the comp-lzo line
    5. Run "/etc/openvpn/vpnclient1 --cd /etc/openvpn/client1 --config config.ovpn"
    6. See if everything works
    This will just confirm whether this is really the problem.

  14. Is it possible to turn on the SES led(s) when the tunnel is connectet or traffic is running ?

  15. @harry:
    Should be. How you would accomplish it depends on if you're talking about the server or client, TLS or Static-Key, etc. Post to the forum and we should be able to figure something out.

  16. Openvpn is still at rc15 version, though release notes say rc16?

    Sat Aug 1 17:00:25 2009 OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009

  17. @Joost:
    It really is rc16. A string just didn't get updated. I'll make sure it reports itself correctly in the next release.

  18. Can someone help me to map the following configuration file from an OpenVPN client Service provider to the menu options of TomatoVPN, and how to pass a userid and password. Thank you.

    dev tap
    proto udp
    remote 443
    redirect-gateway def1
    resolv-retry infinite
    ca nowvpn_ca.crt
    tls-auth nowvpn-ta.key 1
    ns-cert-type server
    tls-remote nowvpn_s
    tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
    cupher BF-CBC
    verb 3

  19. When used on slots, the playthrough requirement for this crypto deposit bonus is 30x, together with winnings from free spins, and 60x when used on desk games and video poker. You must make a deposit of at least of|no much less than} $30 to qualify for this on line casino bonus. Bonus cash does not routinely convert into real cash, meaning have the ability to|you possibly can}'t withdraw your winnings without assembly the wagering necessities first. Wagering necessities discuss with the amount of money required to bet before in a position to|with the flexibility to|having the flexibility to} convert your bonus cash into real money. Typically it'll vary between 20x to 50x of the bonus quantity and initial deposit.