Sharing OpenVPN to only 1 interface

TheZneaks · May 29, 2018, 10:11pm

Hey Guys,
I’ve got an AC-58U with the LEDE firmware installed, and been loving it heaps.
Only problem I’ve been having is configuring the VPN.

i’ve followed this tutorial and can see the VPN connected and can ping through the interface, but I’m struggling to see how to share the VPN on one of the Wi-Fi interfaces, as I bridge the interfaces together, but when I try to connect to it from the Wi-Fi interface, I’m not given an IP, so I’m assuming I’m missing something else that I need to do. Ask me any questions, and I’ll try and answer them all,

Thanks

dlakelan · May 29, 2018, 10:24pm

You should not bridge the wifi interface to the VPN interface. instead you should route across the two networks. Are you trying to reach a specific network via VPN or just sending all your traffic there?

TheZneaks · May 30, 2018, 1:23am

I’m trying to route all traffic through it, I mucked around with the firewall settings and still couldn’t sort it out.
Do I need to create a DHCP interface for the wifi clients?
My plan was to have the 2 wireless interfaces, one which passes everything to the local network, and the other one, pass everything through the VPN. I can provide screenshots later tonight!

So in summary, It’s a router that is acting as a DHCP client behind another router, but I have set up the VPN on it, following the tutorial in the first post, and I’m able to see the VPN working, just unable to get one of the wireless AP, to route everything through the VPN.

jeff · May 30, 2018, 1:27am

This is often called "policy-based routing" and if you search on that you should find several good references.

Setting up the two "zones" with different subnets (and DHCP) will make it a lot easier to accomplish.

dlakelan · May 30, 2018, 2:41am

Specifically, policy routing is where the source or some other aspect of the packet not just the destination determines where the packet goes.

I'm not sure how to configure it in UCI, but I'd look here to get started

https://openwrt.org/docs/guide-user/network/ip_rules

TheZneaks · June 6, 2018, 7:35am

Hey Guys, thanks for your help! After many countless hours I managed to figure it out.
Firstly used the Policy Routing package which is VPN Policy-Based Routing + Web UI - ARCHIVE #1

Then created another interface with a different subnet (1.92.168.2.1 for example) with it’s own DHCP, then routed all traffic from that subnet through the VPN using the VPN policy based routing package. I then assigned this interface to the second wireless AP.

Then created the firewall zones, but not too sure if this was really needed, I just allowed forwarding from all sources and destinations to the interface with the wireless adapter attached.

Connected with different devices and confirmed with what’s my IP and US Netflix that it was working and sure enough, it was all working!! Thanks guys I wouldn’t of known about the policy based routing if it wasn’t for yous!

tmomas · June 6, 2018, 2:28pm

If your problem is solved, please consider marking this topic as [Solved].