How to use OpenVPN in an separate WLAN

Hello,

i need help with the configuraten. The OpenVPN connect to the VPN Provider.

OpenVPN is installed and work but cut all inet Traffic.

I want to route all traffic from the VPN only to separate WLAN ESSID Network.

The normal traffic should work the time before.

Thanks for ideas.

Set up a guest network, only instead of forwarding from the second network to the wan you would route it through the VPN. The original LAN and wan continue to work conventionally.

That is what i mean and try. But can you explain it a Little bit more exactly.

When i connect my VPN with OPENVPN i got the Problem that my Network stop to Transfer normal traffic.

I think i Need to clean install lede and do all again with the now known config. And then route the traffic over VPN.

I have tried to Bridge my OpenVPN to an Separate WLAN. Think that was the false way.

Thanks

You have to route to a VPN tunnel not bridge it. The VPN server only gives you one IP address, much like an ISP does.

Follow typical guest network instructions. Except you need to make yet another firewall zone for the VPN tunnel. Use the same settings as WAN (input REJECT, output ACCEPT, forward REJECT, masquerade and mtu fix enabled).

Then forward guests (VPN users) to the VPN tunnel instead of to the WAN.

You'll also need to enable masquerade on the VPN zone, if this is not done for you.

I tried this and i make everytime something wrong.

First Problem is after start VPN. The Internet Traffic wont work after start.

Think my VPN works good, here a Logfile:

Mon Apr 16 10:43:23 2018 OpenVPN 2.4.4 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Apr 16 10:43:23 2018 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
Mon Apr 16 10:43:23 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Apr 16 10:43:23 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Apr 16 10:43:23 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]185.12.177.29:1194
Mon Apr 16 10:43:23 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Apr 16 10:43:23 2018 UDP link local: (not bound)
Mon Apr 16 10:43:23 2018 UDP link remote: [AF_INET]185.12.177.29:1194
Mon Apr 16 10:43:23 2018 TLS: Initial packet from [AF_INET]185.12.177.29:1194, sid=514a0276 d1f6da08
Mon Apr 16 10:43:23 2018 VERIFY OK: depth=1, C=SE, ST=CA, L=Stockholm, O=PrivatVPN, CN=PrivateVPN CA, name=PrivateVPN, emailAddress=support@privatvpn.se
Mon Apr 16 10:43:23 2018 VERIFY KU OK
Mon Apr 16 10:43:23 2018 Validating certificate extended key usage
Mon Apr 16 10:43:23 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Apr 16 10:43:23 2018 VERIFY EKU OK
Mon Apr 16 10:43:23 2018 VERIFY OK: depth=0, C=SE, ST=CA, L=Stockholm, O=PrivatVPN, CN=PrivateVPN, name=PrivateVPN, emailAddress=support@privatvpn.se
Mon Apr 16 10:43:23 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Apr 16 10:43:23 2018 [PrivateVPN] Peer Connection Initiated with [AF_INET]185.12.177.29:1194
Mon Apr 16 10:43:24 2018 SENT CONTROL [PrivateVPN]: 'PUSH_REQUEST' (status=1)
Mon Apr 16 10:43:24 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-icit-exit-notify 2,comp-lzo no,sndbuf 393216,rcvbuf 393216,redirect-gateway def1,dhcp-option DISABLE-NBT,dhcp-option DNS 10.81.15.1,dhcp-option DNS 108.59.1.193,route-gateway 10.81.15.1,topology subnet,ping 50,ping-restart 120,ifconfig 10.81.15.12 255.255.255.0,peer-id 11,cipher AES-256-GCM'
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: compression parms modified
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mon Apr 16 10:43:24 2018 Socket Buffers: R=[163840->327680] S=[163840->327680]
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: route options modified
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: route-related options modified
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: peer-id set
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Apr 16 10:43:24 2018 OPTIONS IMPORT: data channel crypto options modified
Mon Apr 16 10:43:24 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Apr 16 10:43:24 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Apr 16 10:43:24 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Apr 16 10:43:24 2018 TUN/TAP device tun0 opened
Mon Apr 16 10:43:24 2018 TUN/TAP TX queue length set to 100
Mon Apr 16 10:43:24 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Apr 16 10:43:24 2018 /sbin/ifconfig tun0 10.81.15.12 netmask 255.255.255.0 mtu 1500 broadcast 10.81.15.255
Mon Apr 16 10:43:24 2018 /sbin/route add -net 185.12.177.29 netmask 255.255.255.255 gw my inet Provider Gateway ip
Mon Apr 16 10:43:24 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.81.15.1
Mon Apr 16 10:43:24 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.81.15.1
Mon Apr 16 10:43:24 2018 Initialization Sequence Completed

I am flatten and rebuild my LEDE, i actualy can say my OPENVPN is running.

But if i start the Connection to my vpn Provider all Traffic in LAN-AREA stop. No Connection able to any Service.

Have someone else same prob or an fix?

To Route the vpn to seperate WLAN is to clear later when the vpn works to lan.

Excuse my bad english