Monday, June 1, 2009

1.25vpn3.3 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:
Notable changes from 1.23vpn3.2
  • Moved to Tomato 1.25 baseline
  • AES cipher available! (Thanks fyellin!)
  • GUI option for redirecting internet traffic over tunnel
    • Options available for client and for server
  • GUI option to push DNS directives to clients
  • GUI option for client to accept DNS options from server
  • OpenVPN upgraded to 2.1rc16
  • Various code cleanups/improvements

19 comments:

  1. just upgraded my two routers at server and client sides. Redirect Internet traffic works wonderfully.

    ReplyDelete
  2. Cant wait to get home and give this a shot,one question is there anything out there for WAP's? other than the flakey DDWRT firwares thanks.

    ReplyDelete
  3. which one should I DL the "ND" or non "ND" thanks

    ReplyDelete
  4. @madneon:
    I'm not sure what's out there for simple access points. You'll have to do some searching for your particular model.
    To determine if you can run the ND (updated broadcom wireless driver) version, see this thread at the forums

    ReplyDelete
  5. I can't start the VPN service, my first time on this firmware.
    Can someone give me a suggestion?

    Here is what I found on log file.

    Jun 8 11:32:06 router user.info kernel: device tun21 entered promiscuous mode
    Jun 8 11:32:07 router daemon.notice openvpn[21484]: OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009
    Jun 8 11:32:07 router daemon.warn openvpn[21484]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Jun 8 11:32:07 router daemon.err openvpn[21484]: Cannot load DH parameters from dh.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line
    Jun 8 11:32:07 router daemon.notice openvpn[21484]: Exiting
    Jun 8 11:32:07 router user.info init[1]: VPN_LOG_ERROR: 719: Starting VPN instance failed...

    ReplyDelete
  6. @ZeroCoolZ:
    Looks like you haven't filled in all the fields in the Keys tab.
    If you continue to have trouble please post to the forums (link in the header block).

    ReplyDelete
  7. Could please anyone confirm if this firmware has USB support? I need it for my wl-500gP v2.

    ReplyDelete
  8. @thezerox:
    It does not have USB support. However, there are builds that include my changes plus USB support. For instance, see here.

    ReplyDelete
  9. I'm having DHCP problems with this build. I was having no such problems with 1.23. The error is this from the logs:

    udhcpc[295]: Sending renew...
    udhcpc[295]: Lease lost, entering init state
    udhcpc[295]: Sending discover...
    udhcpc[295]: Sending select for xx.xxx.xxx.xxx...
    udhcpc[295]: Sending select for ...
    udhcpc[295]: Sending select for ...
    udhcpc[295]: Sending discover...
    udhcpc[295]: Sending discover...

    The router never gets an IP. My ISP is Charter.

    ReplyDelete
  10. I have a bug report. If you disable compression, it writes "comp-lzo no" into the config file. This seems to be incorrect, as compression comes on anyway. I think the comp-lzo line needs to be left off entirely if no compression is to be used.

    ReplyDelete
  11. @Ryan:
    Not according to the OpenVPN manual. The values can be "yes", "no", or "adaptive".

    ReplyDelete
  12. @Keith
    It looks like you're right. However, when I use the GUI to select the no option, in the config file it is "comp-lzo no", yet compression is still on. I've been playing with it, and there doesn't seem to be a way to get it to connect to a non-compression openvpn server. (If you try it connects but the packets never make it, probably because the client is compressing them and the server isn't decompressing, so the checksums fail horribly.) Even with comp-lzo no in the config, the /var/log/messages has a log line that indicates that the compression code is initializing and in use. The sample OpenVPN config file that comes with the package just uses "comp-lzo" with no option to turn it on, and comments out the line to turn it off. I'm wondering if the config parser doesn't do what it ought to and just turns on compression as soon as it sees comp-lzo?

    ReplyDelete
  13. @Ryan:
    comp-lzo with no second parameter is the same as "comp-lzo adaptive". You might try that.
    Here's something else to try:
    1. Start the client
    2. SSH/telnet to the router
    3. Run "killall vpnclient1"
    4. Edit /etc/openvpn/client1/config.ovpn to get rid of the comp-lzo line
    5. Run "/etc/openvpn/vpnclient1 --cd /etc/openvpn/client1 --config config.ovpn"
    6. See if everything works
    This will just confirm whether this is really the problem.

    ReplyDelete
  14. Is it possible to turn on the SES led(s) when the tunnel is connectet or traffic is running ?

    ReplyDelete
  15. @harry:
    Should be. How you would accomplish it depends on if you're talking about the server or client, TLS or Static-Key, etc. Post to the forum and we should be able to figure something out.

    ReplyDelete
  16. Openvpn is still at rc15 version, though release notes say rc16?

    Sat Aug 1 17:00:25 2009 OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009

    ReplyDelete
  17. @Joost:
    It really is rc16. A string just didn't get updated. I'll make sure it reports itself correctly in the next release.

    ReplyDelete
  18. Can someone help me to map the following configuration file from an OpenVPN client Service provider to the menu options of TomatoVPN, and how to pass a userid and password. Thank you.

    client
    dev tap
    proto udp
    remote nowvpn.net 443
    redirect-gateway def1
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca nowvpn_ca.crt
    tls-auth nowvpn-ta.key 1
    auth-user-pass
    ns-cert-type server
    tls-remote nowvpn_s
    tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
    cupher BF-CBC
    comp-lzo
    verb 3

    ReplyDelete