This howto covers the steps I followed to get a site-site VPN up and running using TomatoVPN.  I claim no responsibility if your hardware is damaged following any of the steps contained in this tutorial.

I spent the better portion of the weekend looking at different VPN solutions to connect my shop to my residence.  My goal was to have a bi-directional connection so I could access resources at both locations from the other.  My decision was to use a site to site VPN with 2 Linksys WRT54GL routers that I already had lying around.  I have in the past used the DD-WRT for normal router operation but found the Quality of Service to be lacking.  This could be my own lack of knowledge but who knows. I just know that I have never been able to get it working right.  I decided to use TomatoVPN which is a mod of Tomato.  The reviews of the QoS were pretty good and the initial testing I performed looked promising.

Step 1 - Generate Your OpenVPN Certs and Keys

The TomatoVPN GUI gives you 3 choices when choosing your Authorization Mode.

1. TLS
2. Static
3. Custom

As far as setup goes TLS is not that much more work and is a better solution all around.  In order to use it you must generate several keys and certificates.  To do this first install the open-vpn client on a computer, you can locate that here.  I believe that you can only use only the Windows or Linux clients.  Using a Mac is a little more complicated and is beyond the scope of this post.  Once you have the client installed follow this howto.  Read the howto and don't just skip to the commands.  Watch out for the Common Name of each device it must be different.

Step 2 - Install TomatoVPN

Download the TomatoVPN firmware and follow these instructions.  Once the router is flashed confirm everything works prior to moving on.  Set up different subnet on the two networks. Like 192.168.2.x and 192.168.3.x or what ever strikes your fancy.

Step 3 - Setup OpenVPN Server

On the router that will be the server use the following screen shots as an example.  This router is residing at my shop which has a static IP. The server needs either a static IP address or to use a service like dyndns.org.  You wil need it for the client to connect to the server.

The only thing that you might need to change is the VPN subnet/netmask if you are already using 10.8.0.0.  Just set it to a different subnet then you are currently using on either ends.

Use a plain text editor to open the keys and certs that you created.  Everything that is in the key/cert files starting with -----BEGIN line and ending with the line that starts with -----END. has to be entered.  The files that you create during the key gen process should be located in the easy-rsa/keys directory.

I am using 10.10.30.0/255.255.255.0 for my home network.  By adding the entry to this field I am setting it up so that the VPN can by bidirectional.  I don't just want to access my shop from home, I want to access my home from the shop.

Finally go into port forwarding and forward port 1194 to the routers own address. If your router is 192.168.1.1 then that's address to use

Step 4 - Setup the Client Router

The client router in my case is at my home does not have or need a static address.

The only piece of information that is variable here is the server address, replace the xxx.xxx.xxx.xxx with the address of your other router that is going to be acting as the OpenVPN server.  Make sure the 'Create NAT on tunnel' is unchecked.  The settings changes that were made to the server advanced page will take care of it.

For the keys and certs your going to be doing the same as you did for the server except that you will use the client cert and key that you created and not the server ones.

Step 5 - Enjoy

That is all there is to it.

We are going to incorporate Twitter into our webpage.  As we come across interesting things online we will be pushing them to the @wasagacomputers account.  For those of you who might be new to twitter we can give a you a really brief description.  You have 140 characters to put together a message that you then post to twitter.com.  Some people use it to share every facet of their lives.  We feel the benefit of twitter is to pass along interesting links and things that we find online.  This could come in the form of articles, pictures or videos.  We promish we won't tell about the wonderful cornbeef sandwich we had at lunch.

On a monthly basis we deal with computers that have had a hard drive fail. Sometimes we get lucky and are able to retrieve some or even all of the data. Other times we have the displeasure of explaining to a customer that the drive is dead and we can't recover it. There are companies that specialize in low level data recovery but it can be a very very costly process and results might not be guarantied.

This could all be avoided by using some form of backup.

There are several methodologies to backing up.  I follow a 3-2-1 strategy It's a very simple idea and breaks down like this:

3. No file exists till it exists in triplicate, the original and two backup copies.
  - Protects against having a bad backup file.

2. The two backup copies need to be on different media for example two different external hard drives.
  - Protects against failing backup media.

1. One of the backup copies need to be off site at a different location.
  - Protects against fire, theft, act of god.

This may make it sound like I am being a little over cautious but I can't chance losing the pictures of our newborn.  I don't think I would ever live it down so why take the chance.

The only other key to backups is that they must be automated.  I don't want to have to rely on myself to do a backup every night.  I want it to just happen.  People are the weakest link when it comes to backup, we either forget and put it off till it's too late.

We sell one year licenses for product called Carbonite.  For around $5.00 a month (probably less than you spend at Tim Horton's every couple of days) you can rest assured that you backup is happening offsite and automatically.  Carbonite installs an agent on your computer that monitors for changes and automatically sends new and modified files to a datacentre that is located on the internet.  They encrypt your data to ensure your privacy.  Contact us to find out more information or to sign up.

We will be closed until May 7th. On Thursday at 2:49 pm my wife brought our beautiful baby girl into the world. Her name is Abigail. I should have her trained to repair computers some in the next 14 years. If you need computer assistance please call. 705-429-6100 if it is not urgent I will call you back when we reopen. If it is i will be checking my messages periodically. Thanks for your understanding.

The business show was two weeks ago and we were very happy with the results.  It was nice to get into public and meet with the community.  During the show we had a draw for a Samsung ML-1630 Laser Printer.  The winning ballot was pulled last monday and the winner of the printer is Rebecca Chisholm.  Happy printing Rebecca and thanks for visiting us at our booth.