I managed to install openWRT to my Raspberry Pi. The main use of it is to become a Wifi router (no wired connection) to use it with my Chromecast. Current configurations allow me to use the Wifi but once I tried to install NordVPN (through openVPN) but nothing happened.
Network scheme: modem/router combo -> Raspberry Pi -> Chromecast
Config files:
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd09:6676:ffaf::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.254'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
list dns '192.168.1.240'
list dns '192.168.1.121'
config device
option name 'wlan0'
What I don't understand is how I managed to connect to the internet without configuring a wan? I tried I couple of time, but it always mess with my connection.
The Chromecast traffic has to NAT into the VPN tunnel, which means routing, which means there has to be more than one network.
Set up another network 'vpnuser' on the Pi. It should have a static IP outside any other range you're using, (e.g. 192.168.10.1/24) and a DHCP server. Attach the wifi AP to the vpnuser network. Note that attaching wifi interfaces to networks is done entirely inside /etc/config/wireless, there should be no mention of 'wlanX' anywhere in /etc/config/network.
Define two new firewall zones vpnuser and vpntun. vpnuser of course is the vpnuser network, that is the Chromecast. You can use permissive default rules like lan if you trust the device, though it would be better to model it as a guest network. vpntun is the tunnel. Use option device tun0 to associate it with the NordVPN tunnel. This should have rules like wan-- and it is critical that masquerade is enabled. Also set up a forward from vpnuser to vpntun.
As I was unsuccessful to do this, I tried RaspAp and managed to do what I wanted. My main network is 192.168.1.xxx and the tunnelled one is 192.168.2.xxx. I just need to replace the config file to switch regions.
And then made the following modifications to get what I wanted:
/etc/config/network (everything above the line bellow stays the same)
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.3.1'
option ip6assign '60'
#option gateway '192.168.1.1'
option device 'wlan0'
list dns '192.168.1.240' # (change this one to 1.1.1.1 or any other of preference)
config interface 'wan'
option device 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.253'
option gateway '192.168.1.1'
list dns '192.168.1.240' # (change this one to 1.1.1.1 or any other of preference)
/etc/config/wireless: still the same
/etc/config/dhcp: everything still the same but,
config dhcp 'lan'
option interface 'lan'
pption leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ignore '0' #change this one (it was '1')
Just to reinforce: I wanted the Raspberry Pi to provide wifi in a subnet without having to add a second ethernet/wifi device to be the wan.