Hi all,
The main problem that I have is that the OpenVPN connection is not used.
Here are now some details what is my plan, what have I done and some logs.
I anyone of you can help me.
My plan is to use a Raspberry 3 for Hotel Trips and that all connected clients are automatically routed to a OpenVPN because the most Hotel Wifi has no secure connection (also interesting for Videostreaming in Hotels that support high bandwith connections).
For the setup I use the Raspi 3 onboard WLAN chip as Access Point for the local clients like smartphone / Tablet / Streaming Stick - works -
A USB WIFI stick is used as WIFI Client which connects to the Hotel WIFI (I use a CSL 300 with a RALink chipset / kmod-rt2800-usb is installed). - works -
A OpenVPN client on the raspberry connects to a OpenVPN Server at home - works -
and needs to route all the traffic via the VPN connection. - don't work
- I installed lede-17.01.4-brcm2708-bcm2710-rpi-3-ext4-sdcard.img.gz image on a raspberry pi 3.
- onboard ethernet port is not used (eth0)
- Set onboard wlan chip as Access Point (br-lan)
- Set USB Wifi as Client (wlan1)
- installed openvpn-ssl and use howto from openwrt site (https://openwrt.org/docs/guide-user/services/vpn.client.openvpn.tun)
I used the certificates and settings in the past with my android smartphone and the OpenVPN for Android app and it is working without any problems - setting up firewall config like in the howto
I test the scenario with follow setup:
- the wifi client is connected to my smartphone (with an open hotspot)
- my laptop is connected to the raspbi Access Point
- the Raspbi OpenVPN client connects to my home OpenVPN Server
Everytime i make a traceroute to (as example) google.com or open a "what is my ip" site I see the IP from Vodafone and not from my local internet provider so I know the connection is going out from my smartphone and not from the openvpn server
Here are my settings:
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1d:3cac:99ce::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '172.16.24.1'
config interface 'wwan'
option proto 'dhcp'
config interface 'vpn_n'
option proto 'none'
option ifname 'tun0'
option auto '1'
option delegate '0'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option htmode 'HT20'
option country 'DE'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'LEDE'
option encryption 'psk2'
option key 'secret'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/soc/3f980000.usb/usb1/1-1/1-1.3/1-1.3:1.0'
option htmode 'HT20'
option channel '7'
option country 'DE'
config wifi-iface
option network 'wwan'
option encryption 'psk2'
option device 'radio1'
option mode 'sta'
option key 'secret'
option ssid 'handy'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wwan'
option input 'REJECT'
option forward 'REJECT'
config zone
option name 'vpnn_fw'
option network 'vpn_n'
option masq '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config forwarding
option src 'vpnn_fw'
option dest 'lan'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'vpnn_fw'
option src 'lan'
/etc/config/openvpn
config openvpn 'vpn_new'
option dev 'tun'
option nobind '1'
option verb '3'
option port '1194'
option dev_type 'tun'
option comp_lzo 'adaptive'
option keepalive '5 30'
option persist_tun '1'
option persist_key '1'
option client '1'
list remote 'openvpn.server'
option proto 'udp'
option ca '/etc/luci-uploads/cbid.openvpn.vpn_new.ca'
option cert '/etc/luci-uploads/cbid.openvpn.vpn_new.cert'
option key '/etc/luci-uploads/cbid.openvpn.vpn_new.key'
option auth 'SHA1'
option enabled '1'
option pull '1'
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.43.1 0.0.0.0 UG 0 0 0 wlan1
10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.16.24.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.43.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan1
192.168.43.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan1
ifconfig
br-lan Link encap:Ethernet HWaddr B8:27:EB:46:C3:B3
inet addr:172.16.24.1 Bcast:172.16.24.255 Mask:255.255.255.0
inet6 addr: fe80::ba27:ebff:fe46:c3b3/64 Scope:Link
inet6 addr: fd1d:3cac:99ce::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9987 errors:0 dropped:0 overruns:0 frame:0
TX packets:9672 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2217628 (2.1 MiB) TX bytes:6402524 (6.1 MiB)
eth0 Link encap:Ethernet HWaddr B8:27:EB:46:C3:B3
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:44 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:3752 (3.6 KiB) TX bytes:3752 (3.6 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr B8:27:EB:13:96:E6
inet6 addr: fe80::ba27:ebff:fe13:96e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9987 errors:0 dropped:0 overruns:0 frame:0
TX packets:9890 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2217628 (2.1 MiB) TX bytes:6676360 (6.3 MiB)
wlan1 Link encap:Ethernet HWaddr 24:05:0F:73:B5:A8
inet addr:192.168.43.184 Bcast:192.168.43.255 Mask:255.255.255.0
inet6 addr: fe80::2605:fff:fe73:b5a8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8443 errors:0 dropped:0 overruns:0 frame:0
TX packets:8408 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6066232 (5.7 MiB) TX bytes:2421901 (2.3 MiB)