Dumb AP + own WiFi + VPN

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi guys, it's me again.

The following condition:

The following problem:
When I connect to the AP via SSH and then do curl -s ifconfig.me I see that NordVPN is used
As soon as devices connect to the WLAN emitted by the AP, all traffic is sent via my FritzBox (= my ISP).
Now I had the idea of creating my own interface and redirecting the traffic there using PBR. But there must be a simpler solution, right? Do I have to set traffic rules here or how can I solve this?

Thanks for your help!

2

You have to create a guest interface on the Dumb AP see: https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap

Everything connected to that guest interface will use the VPN

Alternatively point your lan clients gateway to the dumb AP

Problem is that your LAN clients in the current situation just bypass the Dumb AP

3

Thank you!
And a follow up question: Can I use other DNS servers instead the one from my main router? IP is not Nord, but DNS is still from my ISP. Thanks!

4

I think it works like this
You probably have set the DNS of your dumb AP to point to your router (on the lan interface option dns 192.168.1.1 in the example) this is the address DNSMasq is using as upstream resolver and thus also used by your guest interface.
As this is a local route it will not use the VPN tunnel.
So if you specify e.g. 1.1.1.1 as DNS server on the LAN interface instead of the routers IP address you should be good and the DNS will go through the tunnel.
Be careful with using a DNS server from your VPN provider, only do this if it is publicly available, you can test this from a lan client on your main router, from the command line:

nslookup openwrt.org <DNS-server>

If that resolves it is a publicly available DNS server

1 Like
5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.