By default the Tomato firmware uses a script called TomatoAnon which will send certain information back to the developer for feedback. This information includes:
To configure DNS go to Basic -> Networking. You have two choices: If you only wanted to use the Internet while the router is connected to VPN, you can use Perfect Privacy name servers. You can find the DNS IP addresses on the DNS nameserver page in the download section.
If you want to have Internet connectivity without VPN you should use publicly available name servers. You can use either Google’s DNS or any servers from the OpenNIC project. When connected to VPN all DNS requests will go through the VPN tunnel so they are anonymized.
Enter the name servers as shown in the screenshot on the left, in this example we are using Google’s name servers 18.104.22.168 and 22.214.171.124.
To configure the VPN connection, go to VPN Tunneling > OpenVPN Client. Under the Basic tab set the options as shown in the picture on the left. In this example we use the IP address of Amsterdam1 from the Amsterdam.conf. For Username and Password use your Perfect Privacy username and password.
If you activate the checkbox Start with WAN, the router will automatically establish the VPN connection on boot. If you rather want to establish the VPN connection manually you will instead have to use the Start Now button later.
Under the Advanced tab set the options as shown in the picture on the left. Copy the text below into the Custom Configuration
tun-mtu 1500 fragment 1300 mssfix hand-window 120 inactive 604800 mute-replay-warnings remote-cert-tls server persist-remote-ip ping 5 ping-restart 120 reneg-sec 3600 route-delay 2 route-method exe tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLSDHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSAWITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBCSHA:TLS-RSA-WITH-AES-256-CBC-SHA tls-timeout 5 verb 4 key-direction 1
Under the Keys tab you will need to enter the certificates and keys from the OpenVPN configuration file that you downloaded earlier. Open the *.conf file for the server you are using, in this example Amsterdam.conf.
Into Static Key copy and paste the content between the <tls-auth></tls-auth> tags from the ovpn file.
For Certificate Authority use the content between the <ca></ca> tags.Into Client Certificate copy the content between the <cert></cert> tags and for Client Key use the content between the <key></key> tags.
NOTE: This step will activate the firewall protection (Kill-Switch). If you add the firewall rules below, the Internet connection will only work if VPN is connected. If you want to use your router to access the Internet without VPN, either skip this step or remove the firewalls rules below again.
For the firewall configuration (leak protection) go to Administration > Scripts > Firewall. Insert the following lines into the window below:
iptables --flush FORWARD iptables -P FORWARD DROP iptables -I FORWARD -o tun+ -j ACCEPT iptables -I FORWARD -i tun+ -j ACCEPT iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE
Now save the configuration and reboot the router!
You can check on any device connected to the Internet via the router that the connection is working correctly by visiting our Check IP page.
If you want to access the internet without VPN, navigate to VPN Tunneling > OpenVPN Client > Basic and deactivate the checkbox Start with WAN.
Don't forget to also remove the firewall rules if you have added any before. Also you have to use publicly available name servers instead of the ones from Perfect Privacy.
After saving the settings click on the button Stop Now.