Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:Notable changes from 1.25vpn3.3
- Upgraded to OpenVPN 2.1rc19
- AES speed improvements (Thanks fyellin!)
- More "Accept DNS configuration" options (strict/exclusive)
- Add (dynamic) HOWTO links to GUI for key generation
- TLS renegotiation time setting
- WINS options pushed/accepted along with other DNS options
- Option to not push server LAN route to clients
- Option to leave comp-lzo directive out of confi altogether (now "Disable", "None" is equivalent to the old "Disable")
- Non-VPN changes (also sent to Jon for inclusion in Tomato)
- Multiple MAC addresses can share an IP for Static DHCP
- EditDNS added to Dynamic DNS providers
- Various code cleanups/improvements
Keith,
ReplyDeleteI was wondering if there is space left to squeeze a samba installation in your firmware. I am looking forward to setup a wins server on my router.
@Tiago:
ReplyDeleteI don't think I'll be adding samba, at least in the near future. Sorry. For now, it just pushes/receives the value set up in "Basic"->"Network".
@Keith:
ReplyDeleteNo problem. Thx!
Keith, thanks for your great work!
ReplyDeleteTomatoVPN is what we use at work. Over the past 2 months, it's worked flawlessly for our 6 roaming users. Looking forward to your future releases!
Is it possible to add client revoke list to open vpn )for blocked certs ?
ReplyDeleteHey,
ReplyDeleteI had the problem in the last release with compression always being on. Sorry I never got back to you with results from manually removing the comp-lzo line, I've been in the process of an international move.
The new functionality of "disable" has fixed my problem. Thanks for adding it despite my lack of responsiveness!
has anyone got this particulare firmware release with openvpn to work with ipcops zerina?
ReplyDeletecan anyone share their experiences..
thx
How can i diable ssh access without a keyfile?
ReplyDeleteIn centos i use hosts.allow file to set these switch.
can u please help me ?
at the moment both logins are working: with root / password and with keyfile
ok found it myself also in the tomato wiki.
ReplyDeletethanks savy for helping. no my router is secured ;)
oh was logged in with friends google account ^^ answer made by tatoosh.
ReplyDeletehello Keith,
ReplyDeleteat first thanks a lot for your great job building this patch. everything looks perfect, but there is one thing which i'm not sure how it works in fact - QoS over vpn tunnels. i have "unclassified" all of any connection going through vpn. only "normal" connections are classified. so, what is in real - are they really unclassified? or they're recognised in fact, but only gui or software can see them as unrecognised? did you made any test or checks regarding this issue?
br,
adam
@dezynteria:
ReplyDeleteUnfortunately, I haven't done any QoS testing. I don't use it, so I can't say for sure how/if it works.
@Keith:
ReplyDeletethanks for immediate answer! i'll try to figure something and post if got any reasonable results :) brgds!
Nice mod! Any progress on making clients on server net connect to clients on client net?
ReplyDelete@Boost:
ReplyDeleteShould work just fine. Fill out the client-specific options on the server, and uncheck the NAT box on the client. This is how I have my setup and it works great.
works very well. thx
ReplyDeleteLove it, thanks...been waiting for something like this for a while. See you in the forums...
ReplyDeleteThe last 2 releases i've had trouble when trying to log into my router.
ReplyDeletethe router functions just as it should.
but i can not log into it. i get "The Connection was reset"
after a PF, i'm still not able to get in local. but i have remote access turned on and i can get in using my external IP and port.
as i said, this issue has shown up in the last 2 releases, but never any before.
any ideas?
Thanks
@blitzbob:
ReplyDeleteHave you tried a full NVRAM erase (thorough)? That seems to clear up weird problems like that.
Is there a preferred method to erase the nvram?
ReplyDeleteI only found nvcommit in the debug menu?
Also i discovered something else that was odd.. i tried to telnet and ssh, and get access denied when trying to log into either way. but when i am able to log into via http. my log/pass works fine, yet gives accessed denied telnet/ssh.. any idea on that? thanks for the tech support.
@blitzbob:
ReplyDeleteAdministration->Configuration->Restore Default Configuration->thorough
The username for http(s) is admin (or root), but the username for ssh/telnet is root. Maybe that's the problem?
That did the trick.
ReplyDeleteThanks!!
Hey, is there any current way to block/blacklist certificates?
ReplyDelete@ielectric:
ReplyDeleteYes, just follow the OpenVPN HOWTO on the subject.
Tomato 1.26 beta and OpenVPN 2.1_rc20 is out. Any thoughts to combine these two when Tomato 1.26 final version will be released ?
ReplyDeleteThank you !
I cant get WLAN to run.
ReplyDeleteIt is set on enabled and the SSID was hidden.
I changed and also want to set bacon intervall but this won't be saved.
Whats wrong here??
Screenshot: www.abload.de/img/2009-10-08112935khft.png
@Florin:
ReplyDeleteOf course
@Max:
Did you clear NVRAM (thorough) after upgrading? If not, do that.
First - You firmware is awesome, I've used it for quite a while, and the PPTP VPNs work flawlessly. Unfortunately, a call was made for standardization (people complained), and we 'upgraded' all of our VPNs to Gigabit boxes (RVS4000/WRVS4400) and our primary firewall to generic IPsec only Gigabit VPN concentrator.
ReplyDeleteHave you had a chance to work IPsec VPN stuff into your firmware? Will you use OpenSWAN, or is there another implementation that you are looking at? I've also heard rumblings that the 2.4 kernel is insufficient for IPsec, is your kernel 2.6?
Thanks again for your hard work!
Thanks!
@Pincushion:
ReplyDeleteThe current TomatoVPN only supports OpenVPN, not PPTP.
I have not earnestly started looking into either PPTP or IPSec. But, I thought I remembered there being patches to get OpenSwan working on 2.4 (which is what Tomato uses).
I've tried to get opendchub to work on my wrt54gl. The problem seems to be the missing IPC support of the kernel. The error occurs while creating the semaphore for holding the total share amount. The exact message is: "semget(): Function not implemented". Is there anybody who has the same problem and fixed it anyhow?
ReplyDeleteHi!
ReplyDeleteHow can I patch from Tomato to TomatoVPN?
It says "Expecting .bin or trx file.
how can i update?
I know it may seem too early but Tomato 1.26 is out! When can we expect the VPN mod? :)
ReplyDeleteThank you !
Hello,
ReplyDeleteDo you plan to prepare VPN version od Tomato 1.27
Hello,
ReplyDeleteThere has been a quite important update to OpenVPN recently. This fixes CVE-2009-3555 and the SSL/TLS renegotiation vulnerability. The latest package is: 2.1_rc22
Keep up the nice work!
I would love a Tomato 1.27 and 2.1_rc22 update...
ReplyDeleteHello. I have reconfigured ports inside router in following manner:
ReplyDeletevlan0ports=2 3 4 5*
vlan1ports=0 1 5
Will I be able to use openVpnClient working through vlan1port 1 ?
@Robert:
ReplyDeleteProbably. My code doesn't care what ports you have assigned where, it just uses VLAN1 as the WAN. Though, I'm not quite sure what you mean by "working through vlan1port1", so I may be misunderstanding.
If you are using VLAN1 as WLAN - then ok, it will work. Thanks.
ReplyDeleteAnother question - I've found tomatovpn-1.27vpn3.5.7z - is it beta or you simply haven't time to update this page?
@Robert:
ReplyDeleteI misspoke a little. I just use whatever is set in nvram for wan_iface as the WAN. But, for most configurations, that VLAN1.
1.27vpn3.5 is still in testing. I haven't been able to find time to test it myself, so I'm "crowdsourcing" the testing a bit :)
Looking forward to 1.27vpn3.5. Enjoy the holidays.
ReplyDeleteVery excited about 1.27vpn3.5, I love this branch of the code. Just enough features but not too many. Thanks for all your hard work
ReplyDeleteAny news on Tomato 1.27vpn3.5? Any way I can help?
ReplyDeleteHi.
ReplyDeleteI have updated the image to use tomato 1.27 ; I merged my previous tomato firmware (PPTP/SNMP) so both VPN client/server can be used.
Also added support for OpenVPN with username/password authentication.
If anyone is interested ; email me...
Hello,
ReplyDeleteJean-Yves, i'd be very interested about your firmware, but i can't find yout address.
Could you upload the firmware to any website, or could you give me an address?
Many thanks,
Zsolt
@Zsoc@m in case you haven't found the files, Jean-Yves Avenard's version of Tomato is available at http://avenard.com/
ReplyDeleteHi,
ReplyDeleteFirst of all:Thank you - this is a very good firmware!:)
We using it to connect many networks to a site-to-site vpn network. I suggest some featues that we need:
- restoring configuration to an another router (if you have many of them, you can keep a backup router with the same config, if the primary hardware fails)
- export/import static dhcp clients
- export/import wireless MAC addresses
Thank you:
Curt