Wednesday, January 27, 2010

1.27vpn3.5 release

You can download the binaries from here.

Source is available at the Git repository.
Be sure to read the COPYING file if you plan to use/distribute the sources.
Direct links:
Notable changes from 1.25vpn3.4
  • Moved to Tomato 1.27 baseline
  • Upgraded to OpenVPN 2.1.1
  • Fixed "exclusive" option for accepting DNS
  • Omit key/certs that aren't filled in in the GUI
    • This should allow people to create user/pass only configs - likely to be added to the GUI in the future
  • Fix some TAP connection issues
  • Option to not leave existing default gateway in place while VPN is running
  • Option is now to start VPN with WAN, not just with router
    • If wan goes down and back up, VPN service will be stopped and restarted
  • "Poll Interval" option in GUI to periodically check if the VPN is running, and restart it if not.
  • Various code cleanups/improvements and adaptations to the updated Tomato components
I want to apologize for the delay between the last release and this post. If there were features that I said I would include, but aren't here, please let me know. I may have forgotten...

Since I did release a testing version along the way with this same version number, here are the full build versions of the released binaries so everyone can be sure they have the latest:
  • 1.27vpn3.5.4b6065f3
  • 1.27vpn3.5.4b605dda(ND)


  1. What would be the best way to update from v1.25vpn3.3.4a23156e?

    (bad experience with updating dd-wrt :/)

  2. Many thanks for your excellent work !

  3. @GimbaR:
    Just load the new file into the upgrade page in the GUI. If you experience any bizarre behavior, you may need to do a (thorough) nvram reset - but that goes for any Tomato upgrade.

  4. Someone posted in the earlier "Roadmap" post that they were having trouble using client certificates with username/password authentication. I had the same issue, and just figured out how to enable it. Perhaps a GUI option for a future version?

    Add "auth-user-pass /etc/openvpn.pass" to the custom configuration section, and create that file with two lines, first line username second line password.

    I don't think it would survive a reboot, but probably better for security anyway.

  5. Can't believe how FAST this firmware is! The only reason I upgraded to this instead of DD-WRT was the addition of VPN you added to it. Amazing job Keith! Amazing! My WRT54GL is OC'd to 225Mhz now and I bumped up the xmit power to 70mW. My wife's wireless DL speed went from 4.7mb/s to 5.4mb/s. My wired DL is now consistently 23 - 27mb/s! Thanks a bunch and donation inc! =)

  6. @Andy:
    "Advertise DNS to clients" pushes directives to the clients to let them know about the DNS server running on the router. If the client is set up to do so, it will then use the router for DNS requests.

    I'm not sure what you mean by "Can I accss clients in server side?", but any way I can bend that statement, I think the answer is yes. It doesn't have anything to do with your first question, though.

  7. Hello how do you translate "poll interval" to the old command set "keepalive n m"?

    Where keepalive takes two time argument, poll interval only takes one. How so?

  8. @1240500:
    Those are unrelated. Poll interval checks to see if the VPN process is running periodically and restarts it if it isn't.

  9. Will this run on a WRT54GL v1.1?

    The hardware compatibility info on Tomato is more than confusing, especially with this "ND" version thrown in.

  10. @Daniel:

    For a WRT54GL 1.1 you'll need the non-ND version, WRT54G_WRT54GL.bin file.

  11. Hi Keith,

    Love the work. Unfortunately one of your changes has broken my usage of the VPN.

    Currently I have a dedicated router running my tunnels, and then a primary router, a Cisco, maintaining the actual internet connection. My networks for my OpenVPNs are routed over to the secondary router, and from there to the partner networks. Everything on the secondary router is connected through a LAN port.

    So this:-

    "Option is now to start VPN with WAN, not just with router
    If wan goes down and back up, VPN service will be stopped and restarted"

    Means the tunnels don't get restart after a power failure. Is there a script I can execute (configured in the admin screen) to automatically kick off the tunnels on router start up?

    Sorry if that's either confusing, or I sound dense :)


  12. I need to know which product is the best from the ones listed on the site?