Viscosity and OpenVPN on Tomato Firmware

Got a problem with Viscosity or need help? Ask here!

Geoff

Posts: 3
Joined: Thu Mar 05, 2009 6:22 pm

Post by Geoff » Thu Mar 05, 2009 6:26 pm
Hi all,

I've created a post on the Tomato Firmware board, but thought I'd ask here as well:

What I want to do is, when I bring up the VPN to tunnel all network traffic over the VPN connection to avoid snooping and blocking sites/apps.

I've installed the v1.23vpn2.0006 firmware and can connect from my client. I have the following setup so far:

On the router:

Interface: TUN
Proto: UDP
Port: 1194
Firewall: Auto
Auth: Static Key
Local/remote endpoint addresses: 10.99.88.1 10.99.88.101
Encryption cipher: Default
Compression: Enabled
[no custom config]
Static key: my 2048 bit OpenVPN static key

On the client: Viscosity Version 1.0.3 on OS X 10.5.6 running OpenVPN 2.0.9

Image
Image
Image
Image

I can connect, but can't do anything else. If I set the default route to 10.99.88.1 I get this in the connection log:
Code: Select all
Wed Mar  4 21:59:22 2009: IMPORTANT: OpenVPN's default port number is now 1194
Wed Mar  4 21:59:22 2009: LZO compression initialized
Wed Mar  4 21:59:23 2009: gw 192.168.130.1
Wed Mar  4 21:59:23 2009: TUN/TAP device /dev/tun0 opened
Wed Mar  4 21:59:23 2009: UDPv4 link local: [undef]
Wed Mar  4 21:59:23 2009: UDPv4 link remote: **redacted**:1194
Wed Mar  4 21:59:40 2009: Peer Connection Initiated with **redacted**:1194
Wed Mar  4 21:59:40 2009: Initialization Sequence Completed
Any ideas to get me started? I'd like to force all DNS through the VPN as well (no leakage).

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Mar 06, 2009 7:19 pm
Hi Geoff,

Judging by your log you aren't being assigned an IP address. Normally when using a TUN based connection your OpenVPN server should be pushing out an IP address to Viscosity using the ifconfig command. For example, the following should appear in the Details window log (when using the default log level):

/sbin/ifconfig tun0 x.x.x.x y.y.y.y mtu 1500 netmask 255.255.255.255 up

To correct this you should get your server to push out an IP address, or you can specify one at Viscosity's end like so:

1. Open Viscosity and edit your connection
2. Click on the Advanced tab
3. Enter the following command on a new line. Replace x.x.x.x with the IP address you want, and y.y.y.y with the IP address of the server (e.g. ifconfig 10.8.0.2 10.8.0.1)
ifconfig x.x.x.x y.y.y.y

Also make sure you have given the OpenVPN server an IP address as well using the same technique (e.g. the server would have the opposite: ifconfig 10.8.0.1 10.8.0.2).

To secure your DNS you should specify a DNS server to use while connected to the VPN. This should be a DNS server accessible through the VPN (and not one on your local network). You can tell Viscosity to set this VPN server while connected like so:

1. Open Viscosity and edit your connection
2. Under the General tab make sure "Enable DNS support" is ticked
3. Click on the Advanced tab
4. Enter the following command on a new line. Replace x.x.x.x with the DNS server you want to use:
dhcp-option DNS x.x.x.x
5. Click Save and try connecting

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

Geoff

Posts: 3
Joined: Thu Mar 05, 2009 6:22 pm

Post by Geoff » Tue Mar 10, 2009 8:34 am
James,

I got things working by switching to TLS and generating the cert and keys. I basically used these Instructions:

http://www.ventanazul.com/webzine/artic ... u-and-hulu

And did everything from Xubuntu inside a VMWare Fusion machine.

Thanks again, and thanks for the great product!
-Geoff
3 posts Page 1 of 1