heredago's blog

September 17, 2013

how to connect to a VPN server on a TomatoUSB router and then only tunnel the traffic to specific hosts

Filed under: Uncategorized — Tags: , , , , , , , , , — heredago @ 20:48

1- setup openvpn connection on the router


2- ImageImageImageImage




2- only tunnel specific hosts route through openvpn client on tomato

I finally did it 🙂

I’m using v1.28.9054 MIPSR2-beta K26 USB vpn3.6, but should work on others, as it’s networking.

OpenVPN wants to setup all your routing, you’ve got to stop that…

In VPN Tunneling/Client/Basic: Uncheck “Create NAT on Tunnel”

In VPN Tunneling/Client/Advanced: Uncheck “Redirect Internet Traffic”

Custom Configuration, add the line: route-nopull


In Administration/Scripts/Firewall, make sure you have:

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE

Reboot, and viola, you got nothing…

Then, in a VPN up script (Best choice), or if you have your VPN start with WAN, put in your Administration/Scripts/WANUP

sleep 30
ip route flush table 200
ip route flush cache
ip rule add from lookup 200
ip rule add from lookup 200
VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
ip route add table 200 default via $VPN_GW dev tun11

This probaly isn’t the “best” or “proper” way to do it, but it works. Now only and192.168.2.13 will go through the OpenVPN tunnel. All other devices, and their traffic will go local.

This was extremely important for me, as i didnt want my Transmission torrent traffic going over the VPN. Some guy like SgtPepperKSU is looking at this and probably laughing… Anyway, from one Routing noob to another…


December 17, 2012

Setup your own VPN server for $10 per year

Filed under: Uncategorized — Tags: , , , — heredago @ 14:14

Running your own VPN

This will make it a 5 minute automated setup:

Get a cheap $10 box/year from 123Systems

Or a $15 one from

Actual instructions to setup the VPN on the VPS server:

How to install and configure OpenVPN on Centos 5

This is tutorial on how to install and configure OpenVPN in a few easy steps on Centos 5.


  • Make the script executable:

chmod +x

  • Run the script


  • Follow the instructions from the script
  • When you are done with the installation you need to copy clientkeys.tgz from /etc/openvpn/keys/ to your PC (you can do this with winscp for example)

How to efficiently hide your IP address from torrents using a (paid) VPN connection

Filed under: Uncategorized — Tags: , , , , , , — heredago @ 00:51

Beware, utorrent and other torrent apps for some versions using a SOCKS5 proxy, especially the older versions, leak your real ip to the tracker, and from there the tracker sends it to the peers, revealing your real ip address.

It is not the fault of the proxy, but rather with the bittorrent app that isnt programmed properly.

You have several options without using a proxy to prevent the occasional VPN drops that will happen with any VPN:

The following uses Windows firewall to block your bittorent app from using the internet (in or out) unless it is through the Public network (which is your VPN as you shouldnt place your VPN network as private):….lways-use.html go to FAQ #4, to manually remove the route to the router after you connect to the vpn. But the drawback is that you no longer have a route to the router meaning no file/printer sharing with the rest of the network, and if you forget to put the route back into netstat then you wont have internet after disconnecting from the internet. This method is 100% effective provided you remember to use it.

You also have the option of trying to use your non-windows firewall to allow connections for the bittorrent app to anything other than your local area connection ips, if you can get it working. Commodo doesnt seem to work properly for some rules for some reason.

You can skip VPNetMon as it doesnt close the app in time if the VPN drops, and will expose your ip for a few secs after the drop. The VPN Kill Switch feature in PIA doesnt seem to work consistently either. I suggest the first 2 things I mentioned above for security.

Blog at