Настройка openvpn сервера tomato

App Support.

Setting up an OpenVPN server with Tomato router and Viscosity

Virtual Private Networks (VPNs) can be utilized for a number of very useful applications. You can securely connect to any public WiFi hotspot. You can overcome geo-blocking restrictions on your favourite websites. And you can even connect to your home or office network from anywhere in the world, as if you were sitting right at your desk. This guide will walk you through the process of setting up your own OpenVPN server, and connecting to it with your copy of Viscosity.

Running your own OpenVPN server will allow you to encrypt everything you do on the internet, so that you can safely do your online banking on the free WiFi at your favourite cafe. Anything you send over the VPN connection will be encrypted from your device until it reaches your OpenVPN server at home. Setting up your OpenVPN server to access your home or office network gives you full access to all your files on your network.

This guide will walk you through the steps involved in setting up an OpenVPN server on a Tomato router that allows you to securely access your home/office network from a remote location and optionally send all of your network traffic through it so you can access the internet securely as well.

Because Tomato is primarily used on router hardware, we will assume that the Tomato flashed router has a direct connection to the internet and its own IP address. Therefore we will not be considering any issues related to having your Tomato router behind another router.


For this guide, we assume:

Tomato Firmware was probably best known or maintained as TomatoUSB. While the source code and releases of TomatoUSB are still available, it is extremely out of date and is not being maintainted. However, several ‘Mods’ exist and are actively maintained and up to date.

For this guide, we will use Tomato by Shibby as it is one of the more actively maintained versions of Tomato Firmware and has wide router support. Even if you are using a different Tomato Mod, this guide should still be accurate for you to follow.

Your client device needs to be connected to the Tomato router via the LAN interface. This is necessary so that you can access the control panel to modify the Tomato configuration. The specifics of how you can achieve this depend on your particular network configuration.

If you don’t have a copy of Viscosity already installed on your client, then please check out this setup guide for installing Viscosity (Mac | Windows).

Читайте также:  Настройка фотоаппарата nikon coolpix l810


Unfortunately we cannot provide any direct support for setting up your own OpenVPN server. We provide this guide as a courtesy to help you get started with, and make the most of, your copy of Viscosity. We’ve thoroughly tested the steps in this guide to ensure that, if you follow the instructions detailed below, you should be well on your way to enjoying the benefits of running your own OpenVPN server.

More information about Tomato by Shibby can be found at http://tomato.groov.pl/. We won’t be covering the details of setting up a Tomato router, many guides can be found online.

Generating Certificates and Keys

The next step is to generate your configurations for the server and your clients as well as certificates to go with them. You can do this easily by following the Creating Certificates and Keys Guide. Generate everything on your PC or Mac and then take a note of the path to your server folder that is created, we will be using the files here later on.

If you use the default DNS Server (, you will need to setup a DNS server yourself, instructions are at the end of this article. We recommend instead using an existing DNS server, a publically available DNS server like Google’s ( and is the easiest.

Creating the OpenVPN Server

Now we can use the web-based control panel to setup the OpenVPN server on our Tomato router. You need to log in to the control panel from your client device connected to the LAN interface of the Tomato router.

That’s it. Our OpenVPN server is setup on our Tomato router!

Time Server

It’s a good idea to set up the clock correctly on your Tomato router.

Firewall Settings

The firewall settings needed for a basic server are added automatically by Tomato when you setup a server.

Setting Up Viscosity

The final step is to setup Viscosity. Thanks to openvpn-generate, this is as easy as importing and connecting.


Copy your *.visz file you created with openvpn-generate to your Mac or Windows machine with Viscosity installed and double click the file. You should see a prompt that the config was imported successfully.

Next, edit the connection you just imported and go to the Advanced tab. On a new line add the following, and then click Save:

Connecting and Using Your VPN Connection

You are now ready to connect. Click on the Viscosity icon in the menu bar (Windows: system tray) and select ‘Connect DemoConnection’. That’s it, you should see a notification that you’re now connected!

To check that the VPN is up and running, you can use the Viscosity details window. Click the Viscosity menu bar (Windows: system tray) icon and select ‘Details. ‘. This will bring up the details window.

Читайте также:  Настройка интернета в москве на дому

This window will show you the traffic passing through the VPN connection.

That’s it, you’ve set up your very own OpenVPN server. Congratulations, you are now free to enjoy the benefits of operating your own OpenVPN server!


Настройка OpenVPN под роутеры с прошивкой Tomato

Мы рекомендуем прошивку Tomato от Shibby: http://tomato.groov.pl/?page_id=164

Список поддерживаемых роутеров для этой прошивки вы можете посмотреть по адресу: http://tomato.groov.pl/?page_id=69

Используйте прошивку с «VPN» в имени (например tomato-K26USB-1.28.RT-N5x-MIPSR2-117-Big-VPN.trx)

Данное руководство составлено при использовании роутера ASUS RT-N12VP и прошивки tomato-K26USB-1.28.RT-N5x-MIPSR2-117-Big-VPN (Tomato by Shibby)

И откройте его в текстовом редакторе.

Перейдите в веб-интерфейс роутера. Затем в меню VPN Tunneling → OpenVPN Client → Client 1 → Basic:

Start with WAN: отметье, если требуется, чтобы VPN подключался автоматически после подключения к Интернет
Protocol: TCP / UDP
Server Address / Port: uk4.vpn.zorrovpn.com (используйте имя хоста или IP-адрес указанный в начале файла конфигурации со строкой remote) / порт 443
Остальные параметры отметьте как указано на изображении.

Перейдите в Advanced:

Accept DNS configuration: Exclusive (системные DNS будут заменены DNS от VPN-сервера)

Encryption cipher: AES-256-CBC

Также можно добавить адреса других VPN-серверов в поле Custom configuration (при недоступности 1-го сервера будет осуществлено подключение к следующему серверу в списке). Рекомендуется добавить как имя хоста, так и IP-адрес сервера (указанные в файле конфигурации). Пример:

Сохраните настройки нажав Save:

Перейдите в Status и нажмите Start Now:

Подождите подключения (это может занять от нескольких секунд до 1 минуты). После этого обновите страницу и нажмите «Refresh Status», вы сможете увидеть статистику по переданным и полученным данным:

Если по каким-либо причинам подключения не происходит или после подключения нет доступа к интернет-сервисам, то перейдите в главном меню Status → Logs и посмотрите последние системные сообщения. Вы можете прислать эту информацию на почтовый ящик службы поддержки и мы постараемся помочь:

В случае ошибки связанной с IPv6, проверьте, чтобы поддержка протокола IPv6 была включена. Перейдите на страницу BasicIPv6 и выставите «IPv6 Service Type» в «Native IPv6 from ISP». Нажмите «Save».

Также в настройках сети на сайте выставите «Блокировать доступ в Интернет по IPv6» для предотвращения потенциальной утечки через IPv6.

Разрешение доступа в сеть через роутер только при подключенном VPN (kill switch)

Перейдите в Administration → Scripts → Firewall (закладка)

Сохрание следующую команду для разрешения пропуска трафика только через сетевой интерфейс VPN для адресов из диапазона (диапазон IP-адресов пользователей по умолчанию; посмотреть текущий диапазон можно в Basic → Network разделе LAN):

Показать альтернативный список команд

или можете использовать следующий список команд, если предыдущая команда не подошла:

Читайте также:  Настройка pioneer loud sound

Сохраните конфигурацию и перезагрузите роутер:

Теперь доступ в Интернет будет возможен только когда роутер будет подключен к VPN.


How to configure OpenVPN for Tomato Routers

Last updated: December 16, 2020

Need a VPN for your router?

Love ExpressVPN? Want a free month?

This tutorial will show you how to set up ExpressVPN on your Tomato router, using the OpenVPN protocol.

Important: The OpenVPN manual configuration does not offer the same security and privacy benefits as the ExpressVPN app. If your router does not support AES-NI (e.g., Asus RT-AX88U and RT-AC86U), you may experience occasional speed issues while using the OpenVPN manual configuration.

Tomato is a custom firmware that offers advanced networking features and OpenVPN protocol support. The steps below were tested on AdvancedTomato Version 3.5-140. See a list of AdvancedTomato supported routers.

Before you proceed, make sure you have set up the Tomato firmware on your router.

Jump to…

1. Find your ExpressVPN account credentials

On the ExpressVPN setup page, enter your ExpressVPN credentials. Click Sign In.

Click Manual Configuration on the left side of the screen. Select OpenVPN on the right. You will first see your username and password and then a list of OpenVPN configuration files.

Keep this browser window open. You will need this information for the setup later.

2. Configure your Tomato router

In your browser’s address bar, enter your router’s IP address.

Enter the username and password. (By default, they are root and admin.) Click Sign In.

Once in the admin settings, in the left sidebar, click VPN > OpenVPN Client.

In the Basic tab, enter the following information:

Click Save.

Click the Advanced tab. Enter the following information:

For Custom Configuration, in the same text editor that you opened earlier, find and paste the values for the following items into this field:

For example, if you are using the.ovpn configuration file for USA – New York, paste:

tun-mtu 1500
fragment 1300
mssfix 1200
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288

Click Save.

Click Save.

3. Connect to a VPN server location

At the top, click the Status tab. Then click the ► icon on the right.

Once you are successfully connected, you will see the word “Running.”

To verify your connection, you can use ExpressVPN’s IP Address Checker to check your IP address. If you are connected properly, the IP address shown will correlate to the location you are connected to via the VPN.

Disconnect from a VPN server location

To disconnect, go to VPN > OpenVPN Client > Status. Click the ■ icon. You will be disconnected from the VPN.