FreshTomato (OpenVPN Setup)

This tutorial will walk you through configuring a router using FreshTomato firmware version 2022.5.

Before Starting : be sure you have downloaded the configuration file you would like to use for your connection. For this guide specifically, we have used the California file from the collection labeled Default, be sure to decompress the file so you can access the contents.

Step 1. Basic - Time: Assure you are using the appropriate time settings for your location, this is done to prevent types of connectivity problems.

  1.  Select your real, local Time Zone from the drop down.
  2.  Select the NTP Time Server you prefer using, closer to your physical location is usually better.
  3.  Click Save.
FT_000_markup.png

Step 2. VPN Tunneling - OpenVPN Client: This set of interfaces will allow you to make the necessary changes to implement a PIA VPN connection. To access the OpenVPN configuration interfaces, click VPN Tunneling in the menu on the left side of the router interface, then click OpenVPN Client in the dropdown, these items are highlighted in orange in the image below.

  1.  Start with the Basic settings, shown highlighted in orange in the screenshot.
  2.  Check Enable on Start to initiate the VPN connection every time the router is turned on.
  3.  In the Protocol dropwdown, select UDP/TCP based upon the details shown in the configuration file you have chosen.
  4.  Type the Server Address and Port, also found in the configuration file you should have downloaded, listed in Before Starting up top.
  5.  Check Username/Password Authentication to reveal the input for those fields. Once available, input your PIA username (in the format of p1234567) and input the password for your PIA account.
  6.  From the dropdown menu, select the Auth digest specific to the configuration file you are referencing — either SHA1 or SHA256.
  7.  Click Save.
FT_001_markup.png
  1.  Click Advanced to access more settings, shown highlighted in orange below.
  2.  To specify that the VPN connection will Redirect internet traffic to the VPN tunnel, select All from the dropdown.
  3.  To allow the VPN connection to Accept DNS configuration from the VPN server, select Relaxed from the dropdown.
  4.  To prevent potential spoofing of the VPN server, check Verify Certificate.
  5.  In the Custom Configuration section, copy/paste the following:
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
tls-client
verb 1
reneg-sec 0
disable-occ
 copy copy
  1. Click Save.
FT_002_markup.png
  1.  Next, navigate to the Keys page, highlighted in orange below.
  2.  Copy and paste the Certificate Authority, found in the config file you have used a few times already. Be sure to include the header and footer for the key which include begin and end certificate declarations.
  3.  Click Save.
  4.  If you have followed every step correctly, the VPN settings are all configured, click Start Now.

FT_003_markup.png
Step 3. VPN Tunneling - Status: The connection should be ready to use — you can confirm the status of your connection in the router interface, and confirm the IP, location, and DNS masking with the leak tools provided on the PIA website.

FT_004_markup.png

Related articles