#cd /root
#wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.03.tar.gz
#tar zxvf  lzo-2.03.tar.gz
#cd lzo-2.03
#./configure && make && make install

再安裝 openvpn 2.1.1 (lzo 必須要先安裝，不然下面的安裝會出錯)
#cd /root
#wget http://openvpn.net/release/openvpn-2.1.1.tar.gz
#tar zxvf openvpn-2.1.1.tar.gz
#cd openvpn-2.1.1
#./configure && make && make install

# cd /root

# cp -rv openvpn-2.1.1/easy-rsa ./

(如果是用 tar 方式安裝，則 easy-rsa 會在 openvpn-2.1.1 的資料夾裡。)

# cd  ~/easy-rsa

# vi vars

export KEY_COUNTRY="TW"

export KEY_PROVINCE="Taiwan"

export KEY_CITY="Taipei"

export KEY_ORG="TomatoVPN"

export KEY_EMAIL="y...@email.com"

# source ./vars

# ./clean-all

# ./build-ca
(以下為問答交談的畫面，請注意輸入，因為不能使用刪除鍵。)

Country Name (2 letter code) [TW]:

State or Province Name (full name) [Taiwan]:

Locality Name (eg, city) [Taipei]:

Organization Name (eg, company) [TomatoVPN]:

Organizational Unit Name (eg, section) []:Home

Common Name (eg, your name or your server’s hostname) [TomatoVPN CA]:

Name []:Home

Email Address [y...@email.com]:

—–[建立 vpn server 的相關 key 組]—————————————————————

# ./build-key-server vpnsrv

……

Country Name (2 letter code) [TW]:

State or Province Name (full name) [Taiwan]:

Locality Name (eg, city) [Taipei]:

Organization Name (eg, company) [TomatoVPN]:

Organizational Unit Name (eg, section) []:Home

Common Name (eg, your name or your server’s hostname) [vpnsrv]:

Name []:Home

Email Address [y...@email.com]:

…….. (以下兩個都按 Enter 跳過。)

A challenge password []:

An optional company name []:

……..
(以下兩個都回答 y 即可)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

——[dh1024]————————————————————

# ./build-dh

—–[以下為  VPN SERVER 填寫到 tomatovpn 對應的欄位---------------------------------------------

Certificate Authority -> 開啟 ca.crt 並全選->複製 -> 貼上

Server Certificate -> 開啟 vpnsrv.crt 並全選->複製 -> 貼上

Server Key -> 開啟 vpnsrv.key 並全選->複製 -> 貼上

Diffie Hellman parameters ->開啟 dh1024.pem 並全選->複製 -> 貼上

================================================================

[Client-Part]

# cd /tmp

# cp -rv easy-key client

( If you want to copy second client key.) -> 非必要步驟

(# cp -rv easy-key client1) -> 非必要步驟

# cd client

# source ./vars

# ./build-key vpnclient1

Generating a 1024 bit RSA private key

………………………………………………………………………………………………………………………++++++

…………++++++

writing new private key to ‘vpnclient1.key’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [TW]:

State or Province Name (full name) [Taiwan]:

Locality Name (eg, city) [Taipei]:

Organization Name (eg, company) [TomatoVPN]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server’s hostname) [vpnclient1]:

Name []:

Email Address [y...@email.com]:

Please enter the following ‘extra’ attributes

to be sent with your certificate request

(以下兩個可以按 Enter 跳過)

A challenge password []:

An optional company name []:

Using configuration from /tmp/client/openssl.cnf

Check that the request matches the signature

Signature ok

The Subject’s Distinguished Name is as follows

countryName :’TW’

stateOrProvinceName : ‘Taiwan’

localityName : ‘Taipei’

organizationName :PRINTABLE:’TomatoVPN’

commonName :PRINTABLE:’vpnclient1′

emailAddress :IA5STRING:’y...@email.com’

Certificate is to be certified until Jul 19 11:17:27 2019 GMT (3650 days)

(以下兩項也是都回答 y 即可)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

—[到這裡為止，該做的 KEY 都做完了。]—————————————————

(接下來要 sign vpnclient1 的 key 了)

# cp keys/vpnclient1.csr ../easy-rsa/keys/

# cp keys/vpnclient1.key ../easy-rsa/keys/

# cd ../easy-rsa

# source ./vars

# ./sign-req vpnclient1

Using configuration from /tmp/easy-rsa/openssl.cnf

Check that the request matches the signature

Signature ok

The Subject’s Distinguished Name is as follows

countryName :PRINTABLE:’TW’

stateOrProvinceName :PRINTABLE:’Taiwan’

localityName :PRINTABLE:’Taipei’

organizationName :PRINTABLE:’TomatoVPN’

commonName :PRINTABLE:’vpnclient1′

emailAddress :IA5STRING:’y...@email.com’

Certificate is to be certified until Jul 19 11:20:48 2019 GMT (3650 days)

(以下兩個回答 y 即可)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

======================================================================

ca ca.crt
cert vpnclient1.crt
key vpnclient1.key

以上3個為 vpnclient 的 KEY。

======================================================================

http://code.google.com/p/twtomato/w/list

以下更新方法適用 已為 tomatovpn 或已是 tomato 的韌體適用:

tomatoVPN官網

使用機型: Buffalo WHR-G54S
更新用的檔案: tomatovpn-1.27vpn3.6.7z 裡的 tomato.trx 更名為 tomato.bin

下載網址:  點這裡下載
檔案名稱: tomatovpn-1.27vpn3.6.7z

————————————————————————————–

使用機型: Asus WL-520GU

更新用的檔案: tomatovpn-ND-1.27vpn3.6.7z 裡的 tomato-ND.trx

下載網址:  點這裡下載

檔案名稱: tomatovpn-ND-1.27vpn3.6.7z

更新步驟:

1.連到後台 192.168.x.x 的 ip

2. 找到左邊的 Administration -> Upgrade  -> Upgrade Firmware 的頁面

3. 點擊 「瀏覽」，依上頭的機型並選擇對應的檔案，然後點 Upgrade.

4. 依畫面指示，等候1分多鐘，幾乎快 2 分鐘了。反正不要中斷或按重整或中斷電源，這些都是不可以做的事情。

5. 待設定畫面恢復後，進入檢查設定並啟動未啟動的設定。

=====================================================

tomatoVPN 的 change log 看下面官方的 BLOG 吧。

http://tomatovpn.keithmoyer.com/2010/01/127vpn35.html

• Moved to Tomato 1.27 baseline
  • Tomato 1.26 changelog
  • Tomato 1.27 changelog
• Upgraded to OpenVPN 2.1.1
  • OpenVPN changelog
• Fixed "exclusive" option for accepting DNS
• Omit key/certs that aren’t filled in in the GUI
  • This should allow people to create user/pass only configs – likely to be added to the GUI in the future
• Fix some TAP connection issues
• Option to not leave existing default gateway in place while VPN is running
• Option is now to start VPN with WAN, not just with router
  • If wan goes down and back up, VPN service will be stopped and restarted
• "Poll Interval" option in GUI to periodically check if the VPN is running, and restart it if not.
• Various code cleanups/improvements and adaptations to the updated Tomato components

=====================================================

offical tomato change log as below:

http://www.polarcloud.com/tomato_127
Tomato 1.27
Submitted by jon on Sun, 2009-11-29 11:44

Version 1.27

* Fix DDNS "-1″ error when service used HTTPS.

Tomato 1.26
Submitted by jon on Thu, 2009-11-26 22:43

Version 1.26

* Allow a different port to be entered in Basic:Network:Static DNS (enter as "ip:port"). Be aware that dnsmasq must act as the DNS server (the default setting) when not using the normal port 53.
* Allow DHCP to serve the user-entered gateway (in Basic:Network) if the option in Advanced:DHCP is enabled.
* Do not start miniupnpd early to avoid warning messages.
* Update Australian DST (need to re-select), add Darwin, Brisbane TZ. Thanks to Peter O. for the info.
* Avoid double loading of tomato.css
* Fix possible null dereference in sendpage
* Collapsed all menus. For the old look, set nvram: "web_mx=status,bwm,tools"
* Obscured some key/password fields when not in focus.
* Accept more than two MAC addresses per IP address (ex: one IP for a laptop either wired or wireless [one at a time]). Note: Some computers may not like seeing the same IP unless it’s restarted.
* Added LED options back in Admin:Buttons/LED.
* Added ID for WLA2-G54L, TrueMobile 2300 thanks to Nick B. and David J.
* Added EditDNS thanks to Keith M.
* Added UTC+4:30 Kabul time zone.
* Fixed port set validation allowed more than what could be handled.
* Allow rstats to log if WAN port is used for LAN.
* Update dnsmasq to 2.51, miniupnpd 1.4, busybox 1.14.4, matrixssl 1.8.8.
=====================================================

1. 下載 puttygen.exe ，http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
[點我快速下載] ， 並啟動 puttygen.exe。

2.修改 Number of bits in a generated key 為 2048 → 並點 Generate。

3. 在產生 key 必須移動鼠標作為亂數的種子。

4. 等候 putty key generator 產生 public & private key.

5.藍色框框: 為 public key (公鑰)
tomato sshd server : Administration → Admin Access → Authorized Keys 的欄位貼上。
Linux server: /home/users/.ssh/authorized_keys
黃色框框: key comment (金鑰的註解，可註明用途及日期)
綠色框框: key passphrase (金鑰的保護密碼，不知道密碼的人，就會無法使用。)
紫色框框: Save Public key (儲存公開金鑰，可以不用儲存，只要有私鑰可以再度產生出來。)
紅色框框: Save Private key (儲存私人金鑰，此金鑰極為重要，不可亂丢)

6.Myentunnel: 請存成 keyfile.ppk , 如果有 profile ,ex: cpalm-keyfile.ppk , ( – ) 減號為檔名分隔符號。

7.(非必要步驟) 把產生的私鑰順便轉成 linux ssh 用的 私鑰格式。
Conversions → Export OpenSSH key → openssh.ppk 即可。

8. 在 Tomato sshd  的 authroized keys 欄位，貼入公鑰(public key) → Save → Start Now.

如欲轉載，請註明出處，謝謝。