Posted: Mon Apr 30, 2018 8:59 Post subject: Access Point with OpenVPN client configuration?
I've been trying my router version with VPN for a long time to get up and running.
Currently the DDWRT is running with DHCP server. Somehow but always leads to problems with the connection. I think it will sometimes come to an IP conflict. Very often also problems with the name resolution DNS. To improve this, I have thought and hope that this has a solution for me.
Currently, the DDWRT router is connected to the Fritzbox via the LAN port.
My destination is the second router (DDWRT), which acts as an access point. The DHCP / server should be deactivated on this router and the connection should be made via OpenVPN Client. (Each terminal).
He should, so to speak, refer to the ip processing on the Fritzbox.
Optional. All LAN ports without VPN and all WLAN ports with VPN. If that can work?
So I want a two router configuration. Say to the Fritzbox hangs a router with DDwrt. This should be operated as an access point with associated Openvpn. Connection with a LAN cable from the Fritzbox to the second router DDWRT. (DHCP server deactivated) Say all terminals if they are logged in via WLAN should run over the VPN. Optionally however the terminals which are connected by Lan still the '' pure '' Internet get without VPN.
Say the router is configured with the two links above.
I have now tried the router as an access point to configure what has worked. Unfortunately, the Openvpn works as it was once configured (with an integrated DHCP server) and I'm just looking for the solution. The Openvpn works, in the status is (successfully connected) but my Internet connection is not running on the Openvpn IP. Apparently it looks like the router would have an unconfigured or faulty routing. Since I have no routing experience, I am now looking for answers to my problems
The WAP shows connected but all clients are routed through your primary router (the Fritzbox).
An easy way to test is manually setting up the network interface of one of your clients e.g. your windows/apple linux PC or even phone.
The trick is setting the standard gateway not to the Fritzbox but to the WAP so gateway = 192.168.178.2
This will route the traffic from that client via the WAP and hence through the VPN.
If this indeed works you know that everything is set up correctly.
What you now have done manually you can do with the help of DNSMasq on your primary router (if the Fritzbox does support these kind of things?)
But you can als setup an unbridged VAP on your DDWRT router. This unbridged VAP is routed through your WAP by default and thus should be routed through the VPN.
The beauty of a setup like this is that if you use your regular bridged WLAN you will be routed through the Fritzbox and if you connect to your unbridged VAP you will be routed through your WAP and through the VPN
Mind you setting up a VAP on WAP needs some special care
Doesn't seem like your listening to egc's sound advice.
In a routed config (where the WAN of the dd-wrt router is connected to the LAN of the Fritzbox), clients are using the dd-wrt router as their default gateway. And once the OpenVPN connection is established, it changes the default gateway from the WAN of the dd-wrt router to the VPN. And now those same clients are routed over the VPN.
When dd-wrt is only an AP/WAP, it's in a bridged configuration (LAN to LAN) wrt the Fritzbox, so the dd-wrt router is no longer the default gateway for the rest of the network. The Fritzbox is! And so the fact the dd-wrt router has established a VPN is only relevant to that device.
IOW, it's just as if you had established an OpenVPN client on some standalone PC, laptop, server, etc. Just because that LAN device has an OpenVPN connection doesn't magically turn it into a gateway for the rest of the network. You have to take further steps to make that happen.
To fix it, you have to change the default gateway of the clients to be the LAN ip of the dd-wrt router, NOT the Fritzbox. Problem is, that's not always possible. Sometimes ISP's don't allow you to change the gateway IP returned by DHCP. Sometimes they lock down the router to prevent tampering. And in that case, you may have to consider disabling DHCP on the Fritzbox (assuming that's even possible) and have it managed on the AP/WAP (i.e., dd-wrt). At least that DHCP server will return its own LAN ip as the gateway for the LAN clients.
This is why we don't recommend using a AP/WAP configuration for the OpenVPN client. It just makes things more difficult and complex to configure. When the VPN is established on a routed config, it's much simpler, it just works.