General, Info Sec 11-June-2017 .NetRussell No comments

Connecting CryptoStorm VPN to Tomato OS v1.28

I’m in the process of hunting for a new VPN because my current one (Nord VPN) disconnects constantly when I use it with my Tomato Router. I recently came across CryptoStorm and it looks pretty legit so I decided to give it a go. Unfortunately, there’s not an updated Tomato OS setup guide so I decided to provide one here.

Step One: Get the Hash

Go and get a hash from https://cryptostorm.is/ I used paypal to make my payment and they emailed me a hash to my paypal email within a couple min. This was the first time I’ve used a hash to connect and I LOVE this idea. So far so good.

Step Two: Config VPN Basic

You’ll need to open up your router settings and log in. Once there, navigate to VPN Tunneling -> OpenVPN Client.

 

In my basic config, you’ll notice that I set the following settings:

  • Start with WAN = True
  • Interface Type = TUN
  • Protocol = UDP
  • Server Address/Port = linux-balancer.cryptostorm.net 443
  • Firewall = Automatic
  • Authorization Mode = TLS
  • Username = EMPTY
  • Password = EMPTY
  • Username Authen. Only = True
  • Extra HMAC Authorization = Disabled
  • Create NAT on tunnel = true

 

Step Three: Config VPN Advanced

Next we will setup the advanced tab.

In my advanced config, you’ll notice that I set the following settings:

  • Poll interval = 0
  • Redirect Internet Traffic = true
  • Accept DNS Configuration = Relaxed
  • Encryption Cipher = AES-256-CBC
  • Compression = Adaptive
  • TLS Renegotiation Time = -1
  • Connection Retry = -1
  • Verify Server Certificate = false
  • Custom Configuration
    • ns-cert-type server
    • auth SHA512
    • auth-user-pass /mnt/FLASH_DISK1/password.txt
    • hand-window 17
    • replay-window 128 30
    • tun-mtu-extra 32
    • msfix 1450
    • persist-key
    • persist-tun

You’ll notice that I set the auth-user-pass to a password.txt file on the routers file system. This file doesn’t exist yet and you need to go create it.

Step Four: Add your Certificate Authority Key

Navigate to the Keys tab next. In here you just need to paste your CA in.

 

Step Five: Creating your password.txt File

You’ll need to ssh into the router at this point. Once ssh’d in you’ll have one of two options. You MIGHT be able to write files and store them on your router. Unfortunately for me the entire disk was used 🙁 So I opted for option two. Option two is find a crappy old USB thumb drive and plug it into the back of your router. Once you have that in you can write to it instead!

One thing you’ll notice is that I put a fake password on line two of this file. The hash goes on line one but if you don’t put a “password” in on line two then you will get errors and it will fail to connect when you attempt to activate the VPN.

That’s it! At this point you can go back to your VPN Config page and hit start. If you have any issues with it starting check the log file. Feel free to comment if you have any improvements to this post.

Leave a Reply

Your email address will not be published. Required fields are marked *