This note is for a setup that allows using Linksys WRT54 router for VPNing into remote network and providing multiple PCs on your home network access to that remote network in similar fashion as they access Internet (through NAT). It is assumed that the VPN server is already available on the remote network and the “openvpn” client can be used to connect to that server. The WRT54 router is assumed to be connected to the local network and not used for WAN/Internet access.
The standard Tomato distribution as of today does not include openvpn, so a modded version is required (download from here):
The script below has to be updated to include correct addresses, VPN parameters, certificates and the private key.
Then it can be put into the “Firewall” script textbox under the “Administration->Scripts” in tomato menu.
The iptables commands for DNS_ADDRESS settings are not necessary, but might be useful for making the
router mimic the remote network DNS. The local DNS then can be set up to forward DNS requests for the remote
network domain directly to the router on the local network.
insmod tun.o cd /tmp ln -s /usr/sbin/openvpn /tmp/vpn ./vpn --mktun --dev tap0 ifconfig tap0 up sleep 5 iptables -t nat -A POSTROUTING -s A.B.C.D/MASK -o tap0 -j MASQUERADE iptables -t nat -A PREROUTING -p udp -i br0 --dport 53 -j DNAT --to DNS_ADDRESS iptables -t nat -A PREROUTING -p tcp -i br0 --dport 53 -j DNAT --to DNS_ADDRESS echo " ================== use your config here ====================== client dev tap0 remote VPN.SERVER.IP resolv-retry infinite tls-client persist-key persist-tun ca ca.crt cert cl.crt key cl.key ns-cert-type server comp-lzo verb 3 ================ end use your config here ===================== " > /tmp/cl.conf echo " -----BEGIN CERTIFICATE----- Cut&paste the CA or server certificate here. -----END CERTIFICATE----- " > /tmp/ca.crt echo " -----BEGIN RSA PRIVATE KEY----- Cut&paste client private key here. In order to decrypt it first use (for RSA): > openssl rsa -in key.pem -----END RSA PRIVATE KEY----- " > /tmp/cl.key chmod 600 /tmp/cl.key echo " -----BEGIN CERTIFICATE----- Cut&paste client certificate here. -----END CERTIFICATE----- " > /tmp/cl.crt ./vpn --config cl.conf &