I have an ISP provided modem, and want to use my Netgear WNDR3700v2 as router + OpenVPN gateway.
Is it possible for me to:
Initiate OpenVPN connection to a VPN via router when it bootups.
Create a subnet in my network ( my network is 192.168.1.x, for subnet I'm thinking 192.168.8.x )
The subnet should be redirected to OpenVPN connection.
The DNS for the subnet should not be requested through my original network.
Create two WiFi AP, which the gateways should be 192.168.1.1 and for the other 192.168.8.1
Set two ethernet ports to mynet, other two to subnet.
Is there an easy way to configure this? Like a firmware with OpenVPN client, etc already configured on it with the things I wanted?
Edit: It is possible for me to connect to my VPN via L2TP-IPSEC or PPPTP. So if it's easier I could use those connections ( probably would be faster than OpenVPN )
So, first I set it up as dumb ap, although I think this is not so good for vpn redirection because it disables firewall setup..
installed openvpn-openssl and its' luci add-on uploaded my config file & authorization so it's connected without problem.. Added a new vlan, and assigned LAN 4 to it as untagged..
Now I think I need to create a new interface ( "ovpn" ) for the new vlan, set itself as gateway, and forward all traffic to tun0 somehow... Although all physical interfaces are covered by "lan" for now. I also need to add a new wifi and connect it to the new interface..
I'm using Netgear WNDR3700v2. Could you help me about the creation of new interface and its' firewall configuration?
These are my current configurations:
/etc/config/network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd66:3381:20ea::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0 eth1'
option proto 'static'
option ipaddr '192.168.1.100'
option netmask '255.255.255.0'
option gateway '192.168.1.51'
option ip6assign '60'
list dns '8.8.8.8'
list dns '1.1.1.1'
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'a2:21:b7:b0:7f:ff'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option blinkrate '2'
option enable_vlan4k '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '5 3 2 1'
config switch_port
option device 'switch0'
option port '1'
option led '6'
config switch_port
option device 'switch0'
option port '2'
option led '9'
config switch_port
option device 'switch0'
option port '5'
option led '2'
config switch_vlan
option device 'switch0'
option ports '0'
option vlan '2'
I don't see any tun0 interface. Is the tunnel going to be attached on this router or on another?
Regarding the additional wifi for the vpn, you can follow the guest tutorial. The principal is the same. Guest users can then be routed via the vpn interface to the internet with a rule and a static route as mentioned in my previous post.
You can create a bridge consisting of the wifi and these two ports. Same principal, whatever comes ingress the vpn bridge interface will be routed out of the tunnel.
The firewall system is called fw3 and configured by /etc/config/firewall; it generally makes it unnecessary to access iptables directly. When the firewall scripts run they load iptables rules into the kernel for you.
Much like you can't connect a wifi AP directly to the wan (because you only have one IP address from the ISP) you won't connect it directly to tun0 either. Those stay separate but they each have a firewall "zone" so that a forwarding and masquerade can be set up between them.