DumbAP and OpenVPN


#1

Hello,
I'm trying to set up DumbAP with OpenVPN but I can't get it working.
I have followed this guides:
https://openwrt.org/docs/guide-user/network/wifi/dumbap
and this one without firewall instructions as the firewall is suppose to be disabled in DumbAP.
https://nordvpn.com/tutorials/openwrt/openvpn/
I've made a diagram to show my network.
Untitled%20Diagram

I've managed to get working internet and local network(to access NAS(PLEX, Radarr etc.)) but I can't get OpenVPN working so it will pass all the traffic through VPN.
As on Diagram I want to connect Apple TV with ethernet to DumbAP with VPN.


#2

You want the dumb AP machine to run OpenVPN in client mode, as a client of a third party service?

That is straightforward. After you get OpenVPN to connect to the service, it will start up a "tap" interface which is your end of the VPN tunnel. You then need to set up a new separate network in the dumb AP/VPN client machine for VPN users such as the Apple TV. Use VLANs in the Ethernet switch so that different Ethernet ports can serve different networks. Then just like a main router forwarding to the Internet, you use two firewall zones with Masquerade enabled on the destination zone, so the Apple TV will NAT into the VPN tunnel, and come out at the remote server's end.

So you do need a firewall running on that machine for the VPN users, but LAN users of the dumb AP do not pass through the firewall since they are all on the LAN network.


#3

@braian87b made two really useful github post for your needs:

In the the last two links the DNS script is kinda messed up, here's the correct version
https://forum.archive.openwrt.org/viewtopic.php?id=26746&p=1#p118310

in my .ovpn config I used
script-security 2