Wednesday, August 12, 2009

1.25vpn3.4 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:
Notable changes from 1.25vpn3.3
  • Upgraded to OpenVPN 2.1rc19
  • AES speed improvements (Thanks fyellin!)
  • More "Accept DNS configuration" options (strict/exclusive)
  • Add (dynamic) HOWTO links to GUI for key generation
  • TLS renegotiation time setting
  • WINS options pushed/accepted along with other DNS options
  • Option to not push server LAN route to clients
  • Option to leave comp-lzo directive out of confi altogether (now "Disable", "None" is equivalent to the old "Disable")
  • Non-VPN changes (also sent to Jon for inclusion in Tomato)
    • Multiple MAC addresses can share an IP for Static DHCP
    • EditDNS added to Dynamic DNS providers
  • Various code cleanups/improvements

46 comments:

  1. Keith,
    I was wondering if there is space left to squeeze a samba installation in your firmware. I am looking forward to setup a wins server on my router.

    ReplyDelete
  2. @Tiago:
    I don't think I'll be adding samba, at least in the near future. Sorry. For now, it just pushes/receives the value set up in "Basic"->"Network".

    ReplyDelete
  3. Keith, thanks for your great work!

    TomatoVPN is what we use at work. Over the past 2 months, it's worked flawlessly for our 6 roaming users. Looking forward to your future releases!

    ReplyDelete
  4. Is it possible to add client revoke list to open vpn )for blocked certs ?

    ReplyDelete
  5. Hey,

    I had the problem in the last release with compression always being on. Sorry I never got back to you with results from manually removing the comp-lzo line, I've been in the process of an international move.

    The new functionality of "disable" has fixed my problem. Thanks for adding it despite my lack of responsiveness!

    ReplyDelete
  6. has anyone got this particulare firmware release with openvpn to work with ipcops zerina?

    can anyone share their experiences..

    thx

    ReplyDelete
  7. How can i diable ssh access without a keyfile?
    In centos i use hosts.allow file to set these switch.

    can u please help me ?
    at the moment both logins are working: with root / password and with keyfile

    ReplyDelete
  8. ok found it myself also in the tomato wiki.
    thanks savy for helping. no my router is secured ;)

    ReplyDelete
  9. oh was logged in with friends google account ^^ answer made by tatoosh.

    ReplyDelete
  10. hello Keith,

    at first thanks a lot for your great job building this patch. everything looks perfect, but there is one thing which i'm not sure how it works in fact - QoS over vpn tunnels. i have "unclassified" all of any connection going through vpn. only "normal" connections are classified. so, what is in real - are they really unclassified? or they're recognised in fact, but only gui or software can see them as unrecognised? did you made any test or checks regarding this issue?

    br,
    adam

    ReplyDelete
  11. @dezynteria:
    Unfortunately, I haven't done any QoS testing. I don't use it, so I can't say for sure how/if it works.

    ReplyDelete
  12. @Keith:
    thanks for immediate answer! i'll try to figure something and post if got any reasonable results :) brgds!

    ReplyDelete
  13. Nice mod! Any progress on making clients on server net connect to clients on client net?

    ReplyDelete
  14. @Boost:
    Should work just fine. Fill out the client-specific options on the server, and uncheck the NAT box on the client. This is how I have my setup and it works great.

    ReplyDelete
  15. works very well. thx

    ReplyDelete
  16. Love it, thanks...been waiting for something like this for a while. See you in the forums...

    ReplyDelete
  17. The last 2 releases i've had trouble when trying to log into my router.
    the router functions just as it should.
    but i can not log into it. i get "The Connection was reset"
    after a PF, i'm still not able to get in local. but i have remote access turned on and i can get in using my external IP and port.
    as i said, this issue has shown up in the last 2 releases, but never any before.
    any ideas?
    Thanks

    ReplyDelete
  18. @blitzbob:
    Have you tried a full NVRAM erase (thorough)? That seems to clear up weird problems like that.

    ReplyDelete
  19. Is there a preferred method to erase the nvram?
    I only found nvcommit in the debug menu?
    Also i discovered something else that was odd.. i tried to telnet and ssh, and get access denied when trying to log into either way. but when i am able to log into via http. my log/pass works fine, yet gives accessed denied telnet/ssh.. any idea on that? thanks for the tech support.

    ReplyDelete
  20. @blitzbob:
    Administration->Configuration->Restore Default Configuration->thorough
    The username for http(s) is admin (or root), but the username for ssh/telnet is root. Maybe that's the problem?

    ReplyDelete
  21. That did the trick.
    Thanks!!

    ReplyDelete
  22. Hey, is there any current way to block/blacklist certificates?

    ReplyDelete
  23. Tomato 1.26 beta and OpenVPN 2.1_rc20 is out. Any thoughts to combine these two when Tomato 1.26 final version will be released ?
    Thank you !

    ReplyDelete
  24. I cant get WLAN to run.
    It is set on enabled and the SSID was hidden.
    I changed and also want to set bacon intervall but this won't be saved.
    Whats wrong here??

    Screenshot: www.abload.de/img/2009-10-08112935khft.png

    ReplyDelete
  25. @Florin:
    Of course

    @Max:
    Did you clear NVRAM (thorough) after upgrading? If not, do that.

    ReplyDelete
  26. First - You firmware is awesome, I've used it for quite a while, and the PPTP VPNs work flawlessly. Unfortunately, a call was made for standardization (people complained), and we 'upgraded' all of our VPNs to Gigabit boxes (RVS4000/WRVS4400) and our primary firewall to generic IPsec only Gigabit VPN concentrator.

    Have you had a chance to work IPsec VPN stuff into your firmware? Will you use OpenSWAN, or is there another implementation that you are looking at? I've also heard rumblings that the 2.4 kernel is insufficient for IPsec, is your kernel 2.6?

    Thanks again for your hard work!

    Thanks!

    ReplyDelete
  27. @Pincushion:
    The current TomatoVPN only supports OpenVPN, not PPTP.
    I have not earnestly started looking into either PPTP or IPSec. But, I thought I remembered there being patches to get OpenSwan working on 2.4 (which is what Tomato uses).

    ReplyDelete
  28. I've tried to get opendchub to work on my wrt54gl. The problem seems to be the missing IPC support of the kernel. The error occurs while creating the semaphore for holding the total share amount. The exact message is: "semget(): Function not implemented". Is there anybody who has the same problem and fixed it anyhow?

    ReplyDelete
  29. Hi!
    How can I patch from Tomato to TomatoVPN?
    It says "Expecting .bin or trx file.
    how can i update?

    ReplyDelete
  30. I know it may seem too early but Tomato 1.26 is out! When can we expect the VPN mod? :)
    Thank you !

    ReplyDelete
  31. Hello,

    Do you plan to prepare VPN version od Tomato 1.27

    ReplyDelete
  32. Hello,
    There has been a quite important update to OpenVPN recently. This fixes CVE-2009-3555 and the SSL/TLS renegotiation vulnerability. The latest package is: 2.1_rc22

    Keep up the nice work!

    ReplyDelete
  33. I would love a Tomato 1.27 and 2.1_rc22 update...

    ReplyDelete
  34. Hello. I have reconfigured ports inside router in following manner:

    vlan0ports=2 3 4 5*
    vlan1ports=0 1 5

    Will I be able to use openVpnClient working through vlan1port 1 ?

    ReplyDelete
  35. @Robert:
    Probably. My code doesn't care what ports you have assigned where, it just uses VLAN1 as the WAN. Though, I'm not quite sure what you mean by "working through vlan1port1", so I may be misunderstanding.

    ReplyDelete
  36. If you are using VLAN1 as WLAN - then ok, it will work. Thanks.
    Another question - I've found tomatovpn-1.27vpn3.5.7z - is it beta or you simply haven't time to update this page?

    ReplyDelete
  37. @Robert:
    I misspoke a little. I just use whatever is set in nvram for wan_iface as the WAN. But, for most configurations, that VLAN1.
    1.27vpn3.5 is still in testing. I haven't been able to find time to test it myself, so I'm "crowdsourcing" the testing a bit :)

    ReplyDelete
  38. Looking forward to 1.27vpn3.5. Enjoy the holidays.

    ReplyDelete
  39. Very excited about 1.27vpn3.5, I love this branch of the code. Just enough features but not too many. Thanks for all your hard work

    ReplyDelete
  40. Any news on Tomato 1.27vpn3.5? Any way I can help?

    ReplyDelete
  41. Hi.

    I have updated the image to use tomato 1.27 ; I merged my previous tomato firmware (PPTP/SNMP) so both VPN client/server can be used.

    Also added support for OpenVPN with username/password authentication.

    If anyone is interested ; email me...

    ReplyDelete
  42. Hello,
    Jean-Yves, i'd be very interested about your firmware, but i can't find yout address.
    Could you upload the firmware to any website, or could you give me an address?
    Many thanks,
    Zsolt

    ReplyDelete
  43. @Zsoc@m in case you haven't found the files, Jean-Yves Avenard's version of Tomato is available at http://avenard.com/

    ReplyDelete
  44. Hi,
    First of all:Thank you - this is a very good firmware!:)
    We using it to connect many networks to a site-to-site vpn network. I suggest some featues that we need:
    - restoring configuration to an another router (if you have many of them, you can keep a backup router with the same config, if the primary hardware fails)
    - export/import static dhcp clients
    - export/import wireless MAC addresses

    Thank you:

    Curt

    ReplyDelete