Use raspberry pi openwrt as access point with softether client

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi
I want to use my raspberry pi as access point with softether vpn for client connect to wifi.

1- I follow this instruction to setup openwrt on raspberry pi :
how-to-install-openwrt-on-raspberry-pi
2- I follow this instruction to make this setup as wifi access point
turn-the-raspberry-pi-into-a-wifi-router
(Please take a look at last part of this instruction for firewall setting)
3- I follow this instruction to install softether on openwrt :
https://openwrt.org/docs/guide-user/services/vpn/softethervpn/client

with this works every things work fine : my clients can access the wifi and i can use normal internet
softether client also connected but i cant forward the wifi client traffic over the softether vpn .

Untitled
Untitled990×494 53.5 KB

and this is route table in openwrt :

Destination     Gateway         Genmask         Flags  Metric  Ref    Use   Iface
0.0.0.0            192.168.1.1     0.0.0.0               UG    0         0        0       eth0
10.10.0.0         0.0.0.0            255.255.255.0   U       0         0        0       wlan0
192.168.1.0     0.0.0.0            255.255.255.0   U       0         0        0       eth0
192.168.30.0   0.0.0.0            255.255.255.0   U       0         0        0       vpn_filter

i tried to change default route to softether server but the route table reset it.

i think i miss someting in firewall rules.

How can i forward wifi client traffic via softether vpn.

2

In the guide you followed, only traffic to specific destinations is routed through the vpn tunnel.

Enable "Use default gateway" to see if it will work for you.

Looking at the color of the vpn interface, it is not assigned to the wan firewall zone.

3

@pavelgl thanks for reply.

Ok i made the vpn as default gateway and made vpn interface and modem(main router access to internet) in same zone :

Untitled1
Untitled1919×1117 98.1 KB

Untitled
Untitled965×543 52.2 KB

in this stage after save & apply softether vpn can not connect . this is route table : (command : route -n )

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.0.0       0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

then i added a route for softether to connect to softether server with this command :
route add -host <SOFTETHER_SERVER_IP> gw 192.168.1.1

then this is my route table now :

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.0.0       0.0.0.0         255.255.255.0   U     0      0        0 wlan0
<SOFTETHER_SERVER_IP>   192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

in this stage i have ping to softether server BUT THE Softether Client can not connect to server !!!!
i reboot the device and no difference appeared.

i have ping to softher server but softether client can not connect !!

4

This vpn client is not behaving as expected and there's a chance you won't be able to use it the way you want (as the guide says).

Try the following workaround:

  1. Disable the “Use default gateway” option again.
  2. Set a metric for the wan (modem) interface.
    image
  1. Make that static route permanent using uci or luci.
  2. Try to connect to the vpn server. If you succeed run the following:
ip route add default via 192.168.30.1 dev vpn_filter

Run ip route show default. You should see two default gateways:

default via 192.168.30.1 dev vpn_filter
default via 192.168.1.1 dev eth0 proto static src 192.168.1.4 metric 10

If it starts working, it should be possible to add/delete the higher priority default route automatically using a hotplug script (when the vpn interface goes up/down).

If not, I have no other ideas...

5

@pavelgl Thanks for reply
i make single ip route to softether server permanent . ( i have ping to server)
when i add new default route ( ip route add default via 192.168.30.1 dev vpn_filter ) softether client disconnected and then table route going to reset as default and this new default route disappear .

actually i run this before on raspbian os ( use raspbian as access point with softether client) and it worked fine but raspbian has packet loss . In rasbian when i add new default route network manager clear this new route .

I totally sure we need some firewall rules to make it right . This is the iptable command i used on raspbian os to make this thing work according to this tutorial :

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT

But i'm not expert in network things and i don't know how to make this rules in Luci