OpenWrt Forum Archive

Topic: Simple Bridged VPN How-To

The content of this topic has been archived on 6 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
robrob
23 Nov 2011, 17:31

I recently got a "Simple" bridged vpn working and added it to the OpenWrt Wiki here, at the bottom of the page: http://wiki.openwrt.org/doc/howto/vpn.o … envpn.file

Here's the article:

Simple Bridged VPN Configuration

This setup allows me to connect from the road using a Windows 7 netbook to my home network using OpenVpn. My primary home router is running OpenWrt trunk and OpenVpn. Since the vpn connection is bridged to my home network I can browse the network for network devices as if I'm at home and not worry about routing. My home router's address is 192.168.1.1. The VPN client (my netbook) will get a DHCP address of 192.168.1.242 from OpenVpn running on the router.

Start by opening the firewall port 1194 and generating the security certificates as described above.


Edit the OpenWrt Router's /etc/config/network file:

config 'interface' 'lan'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'ipaddr' '192.168.1.1'
        option 'netmask' '255.255.255.0'
        option 'ifname' 'eth1 tap0' <<------------- add tap0 to lan to create the bridge

Edit the router's /etc/config/openvpn file:

server-bridge 192.168.1.23 255.255.255.0 192.168.1.242 192.168.1.250
# The above line will put the OpenVpn server at 192.168.1.23 and
# create a DHCP pool for clients of 192.168.1.242 to 250.
proto udp
dev tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
# ns-cert-type server
comp-lzo
verb 3
ifconfig-pool-persist /mnt/USB1/OpenWrt/ipp.txt
keepalive 10 120
persist-key
persist-tun
status /mnt/USB1/OpenWrt/openvpn.log

Windows 7 Client Config:

client
remote robrobinette.com 1194 # my website and port 1194 (standard port for OpenVpn)
proto udp
dev tap
nobind
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
keepalive 10 120
resolv-retry infinite
mute-replay-warnings
mute 20

Start the OpenVpn client in a command window or better yet use the OpenVpn GUI for Windows.

Start command placed in LuCi's System/Startup/Local Startup:

openvpn /etc/config/openvpn &

(Last edited by robrob on 23 Nov 2011, 17:33)

Post #2
jow
23 Nov 2011, 18:05

I took the freedom to move this to the howto forum.

Post #3
robrob
23 Nov 2011, 22:33

Thanks jow, I forgot about the how to forum.

The discussion might have continued from here.