I am new to OpenWRT. I have installed it on an old Raspberry Pi 3B+ and it runs perfectly.
Because I want to use this as an VPN-Gateway i have installed OpenVPN and i have got the connection to my VPN-Provider up and running.
Now I don't know how to route the traffic of my WLAN-Devices connected to the Raspberry through the VPN-Tunnel...
The Raspberry is connected to my FRITZBox over a LAN-Cable.
FRITZBox has the IP-Adress 192.168.1.1, and the OpenWRT-Raspi has 192.168.1.2.
Could you help me setting this thing up, please?
In your lan dhcp config , give the clients the ip of your vpn interface since they are in the same subnet?
Have to tested by hard setting the default gateway on your client devices (pc or phone) to use the vpn interface ip
Edit: I misunderstood. If your frtiz box is handling dhcp it will be harder to modify what it advertises as the default gateway address- they designed their web interface to be very hard to get wrong. That also makes it quite inflexible.
I am using VyprVPN.
If I connect to the Raspberry running OpenWRT over WLAN, should the traffic not be routed through the VPN and over the LAN-Port to my FritzBox and the Internet?
If I check my IP online, it isn’t my VPN-IP...
I just want to use this Raspberry as a VPN-AccessPoint.
All devices connected via WLAN should be connected over VPN to the Internet.
The Devices connected directly to the Fritzbox should connect normally...
As @Sparks noticed, you need to advertise the 192.168.1.2 as gateway. Otherwise the Fritz is not aware of the VPN tunnel and will forward everything destined to the internet upstream to the ISP.
One solution is to use static settings to the lan hosts which should use the vpn.
If all lan hosts should use the vpn, then disable the Fritz DHCP server and enable the DHCP server on OpenWrt.
I would also advice to assign the VPN interface to the WAN firewall zone.
First of all please refrain from posting all these screenshots.
Second the client wlan interface is not needed. The lan interface has a bridge of the eth0 and the wireless.
Verify that you allow forwarding cat /proc/sys/net/ipv4/ip_forward
If this is 1 and it still doesn't work post the following:
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Looks right.
You have disabled the dhcp server on the Fritz, correct?
When you connect to VyprVPN-AccessPoint you are getting an IP 192.168.201-220 /24 with gateway and dns 192.168.1.2 correct?
From the OpenWrt do a traceroute 8.8.8.8; traceroute dns.google
No. The DHCP-Server of the Fritzbox is not disabled.
I have an Home Automation with Home Assistant and 35 devices connected to the Fritzbox. I am afraid that this stops working if I disable it. Is there another way without disabling the DHCP of the Fritzbox? If I set the IP manually and set the Gateway to 192.168.1.2 in the devices i connect to VyprVPN-AccessPoint, i don’t get an internet connection.
root@OpenWrt:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets
1 192.168.1.1 (192.168.1.1) 9.685 ms 2.135 ms 1.753 ms
2 10.9.0.1 (10.9.0.1) 12.442 ms 11.920 ms 13.805 ms
3 89.28.144.1 (89.28.144.1) 15.886 ms 13.970 ms 11.295 ms
4 89.28.144.17 (89.28.144.17) 12.940 ms 390.590 ms 140.673 ms
5 113.64.39.62.rev.sfr.net (62.39.64.113) 26.864 ms 29.003 ms 27.365 ms
6 125.10.136.77.rev.sfr.net (77.136.10.125) 29.825 ms 30.231 ms 28.812 ms
7 125.10.136.77.rev.sfr.net (77.136.10.125) 30.065 ms 29.192 ms 29.873 ms
8 72.14.194.30 (72.14.194.30) 25.001 ms 23.974 ms 24.775 ms
9 * * *
10 dns.google (8.8.8.8) 22.974 ms 22.295 ms 21.980 ms
root@OpenWrt:~#
root@OpenWrt:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets
1 * * *
2 10.102.112.4 (10.102.112.4) 30.128 ms 32.578 ms 28.028 ms
3 core1.ams.net.google.com (80.249.208.247) 28.837 ms 28.947 ms 32.599 ms
4 108.170.241.193 (108.170.241.193) 30.900 ms 108.170.241.129 (108.170.241.129) 31.168 ms 108.170.241.225 (108.170.241.225) 29.303 ms
5 142.250.224.133 (142.250.224.133) 29.994 ms 108.170.236.137 (108.170.236.137) 29.230 ms 108.170.237.29 (108.170.237.29) 34.751 ms
6 dns.google (8.8.8.8) 30.415 ms 30.864 ms 30.574 ms
root@OpenWrt:~#
Is it okay to disable the DHCP-Server on the OpenWRT-Router?
The Fritzbox is my main router so I don't want to disable it there.
Is it possible at all to connect via VPN on the OpenWRT-Router if the Fritzbox is the default gateway and both routers are on the same subnet?
On the OpenWRT I set the static IP to 192.168.1.2 and as default gateway I set the Fritzbox with 192.168.1.1
It doesn’t work. If I set the IP-Address on my iPad to 192.168.1.40, set subnet to 255.255.255.0 and the gateway to 192.168.1.2 i have no internet connection.
If i am connected to the OpenWRT-Router and use 192.168.1.1 as gateway on my iPad i have got internet connection, but not over the VPN...