Go to the download section in the member area of the Perfect Privacy website and click on the router icon on the top right.
Choose your configuration type, we recommend using
- Type: Servers grouped
- Protocol: UDP
- Encryption: AES-256-CBC
Then click on Download and save the file mobile_udp.zip on your PC.
Tip: Depending on the CPU performance of the router you may want to use the weaker encryption AES-128-CBC to improve bandwidth.
By default the Tomato firmware uses a script called TomatoAnon which will send certain information back to the developer for feedback. This information includes:
- Router model
- Tomato version
- Build type
The information is submitted anonymously but if you want to not send back anything you can opt-out by going to Administration -> TomatoAnon and choose
- “Yes, i do and want to make a choice”
- “No, i definitely wont enable it”
To configure DNS go to Basic -> Networking. You have two choices: If you only wanted to use the Internet while the router is connected to VPN, you can use Perfect Privacy name servers. You can find the DNS IP addresses here.
If you want to have Internet connectivity without VPN you should use publicly available name servers. You can use either Google’s DNS or any servers from the OpenNIC project. WHen connected to VPN all DNS requests will go over the VPN tunnel so they are anonymized.
Enter the nameservers as shown in the screenshot on the left, in this example we are using Google’s name servers 18.104.22.168 and 22.214.171.124.
To configure the VPN connection, go to VPN Tunneling -> OpenVPN Client.
Under the Basic tab set the options as shown in the picture on the left. For Username and Password use your Perfect Privacy username and password.
If you activate the checkbox Start with WAN the router will automatically establish the VPN connection on boot.
Under the Advanced tab set the options as shown in the picture on the left.
Copy the text below into the Custom Configuration field:
tun-mtu 1500 fragment 1300 mssfix auth SHA512 #float hand-window 120 inactive 604800 mute-replay-warnings ns-cert-type server persist-remote-ip ping 5 ping-restart 120 reneg-sec 3600 resolv-retry 60 route-delay 2 route-method exe tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA tls-timeout 5 verb 4 key-direction 1
Under the Keys tab you will need to enter the certificates and keys from the OpenVPN configuration file that you downloaded earlier. Open the *.ovpn file for the server you are using, in this example Amsterdam.ovpn.
Into Static Key copy and paste the content between the <tls-auth></tls-auth> tags from the ovpn file.
For Certificate Authority use the content between the <ca></ca> tags.
Into Client Certificate copy the content between the <cert></cert> tags
and for Client Key use the content between the <key></key> tags.
NOTE: This step will activate the firewall protection (Kill-Switch). If you add the firewall rules below, the Internet connection will only work if VPN is connected. If you want to use your router to access the Internet without VPN, either skip this step or remove the firewalls rules below again.
For the firewall configuration (leak protection) go to Administration -> Scripts -> Firewall.
Insert the following lines into the window below Firewall:
iptables --flush FORWARD iptables -P FORWARD DROP iptables -I FORWARD -o tun+ -j ACCEPT iptables -I FORWARD -i tun+ -j ACCEPT iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE
If you want to use the Internet without VPN go to VPN Tunneling -> OpenVPN Client -> Basic and deactivate the checkbox Start with WAN. Remember that you may need to remove the firewall rules for the leak protection if you have added them previously.
After saving click on the Stop Now button.