Access Point with OpenVPN client configuration?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Kenji242
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 9

PostPosted: Mon Apr 30, 2018 8:59    Post subject: Access Point with OpenVPN client configuration? Reply with quote
Hello Community,

I've been trying my router version with VPN for a long time to get up and running.
Currently the DDWRT is running with DHCP server. Somehow but always leads to problems with the connection. I think it will sometimes come to an IP conflict. Very often also problems with the name resolution DNS. To improve this, I have thought and hope that this has a solution for me.
Currently, the DDWRT router is connected to the Fritzbox via the LAN port.


My destination is the second router (DDWRT), which acts as an access point. The DHCP / server should be deactivated on this router and the connection should be made via OpenVPN Client. (Each terminal).
He should, so to speak, refer to the ip processing on the Fritzbox.

Optional. All LAN ports without VPN and all WLAN ports with VPN. If that can work?

Fritzbox (DSL) <DDWRT (VPN) '' AccessPoint <(terminals)

Fritzbox IP (192.168.178.1)
DDWRT IP (192.168.178.2)


Currently the router is configured with this tutorial. This also works with the VPN.
Because of the problems I would like to use the router as an access point.

https://nordvpn.com/de/tutorials/dd-wrt/openvpn-gui/


<<< NEW UPDATE >>>


Hello I have now found a guide whereby the router is now running as AccessPoint but as I said without a VPN> I need a solution as I get Openvpn to run.

The VPN settings are still set as in the tutorial. This reports under Status Connecten Successful but I think that there is a problem here with the forwarding.


Does anyone have a solution for this? More information on demand.

AccessPoint Tutorial>>> https://www.youtube.com/watch?v=KWXkC0d01mM
OpenVpn Tutorial >>> https://nordvpn.com/de/tutorials/dd-wrt/openvpn-gui/

Main IP > 192.168.178.1
AP IP > 192.168.178.2

Info

http://www.bilder-hochladen.net/u/948053/

Summary

So I want a two router configuration. Say to the Fritzbox hangs a router with DDwrt. This should be operated as an access point with associated Openvpn. Connection with a LAN cable from the Fritzbox to the second router DDWRT. (DHCP server deactivated) Say all terminals if they are logged in via WLAN should run over the VPN. Optionally however the terminals which are connected by Lan still the '' pure '' Internet get without VPN.

Say the router is configured with the two links above.

I have now tried the router as an access point to configure what has worked. Unfortunately, the Openvpn works as it was once configured (with an integrated DHCP server) and I'm just looking for the solution. The Openvpn works, in the status is (successfully connected) but my Internet connection is not running on the Openvpn IP. Apparently it looks like the router would have an unconfigured or faulty routing. Since I have no routing experience, I am now looking for answers to my problems Smile
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4836
Location: Netherlands

PostPosted: Mon Apr 30, 2018 15:06    Post subject: Reply with quote
If I understand correctly you have a Wireless Acces Point configured: https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point and have an OpenVPN client to Nord on this WAP.

The WAP shows connected but all clients are routed through your primary router (the Fritzbox).

An easy way to test is manually setting up the network interface of one of your clients e.g. your windows/apple linux PC or even phone.
The trick is setting the standard gateway not to the Fritzbox but to the WAP so gateway = 192.168.178.2
This will route the traffic from that client via the WAP and hence through the VPN.

If this indeed works you know that everything is set up correctly.

What you now have done manually you can do with the help of DNSMasq on your primary router (if the Fritzbox does support these kind of things?)

But you can als setup an unbridged VAP on your DDWRT router. This unbridged VAP is routed through your WAP by default and thus should be routed through the VPN.
The beauty of a setup like this is that if you use your regular bridged WLAN you will be routed through the Fritzbox and if you connect to your unbridged VAP you will be routed through your WAP and through the VPN

Mind you setting up a VAP on WAP needs some special care

Disclaimer: I have used this setup in the past but I am not sure of all the details, can look it up if necessary. But it is possible that the above is just a pile of nonsense Sad

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Kenji242
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 9

PostPosted: Mon Apr 30, 2018 15:25    Post subject: Reply with quote
I configured the router as the link from them.

The normal Internet but the VPN still does not work.

With the topic DNSMasq on my primary router, I have no experience. I would like to hear other opinions.

thanks
Kenji242
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 9

PostPosted: Mon Apr 30, 2018 18:38    Post subject: Reply with quote
https://de.share-your-photo.com/59fc1b320b/album
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Mon Apr 30, 2018 18:58    Post subject: Reply with quote
Doesn't seem like your listening to egc's sound advice.

In a routed config (where the WAN of the dd-wrt router is connected to the LAN of the Fritzbox), clients are using the dd-wrt router as their default gateway. And once the OpenVPN connection is established, it changes the default gateway from the WAN of the dd-wrt router to the VPN. And now those same clients are routed over the VPN.

When dd-wrt is only an AP/WAP, it's in a bridged configuration (LAN to LAN) wrt the Fritzbox, so the dd-wrt router is no longer the default gateway for the rest of the network. The Fritzbox is! And so the fact the dd-wrt router has established a VPN is only relevant to that device.

IOW, it's just as if you had established an OpenVPN client on some standalone PC, laptop, server, etc. Just because that LAN device has an OpenVPN connection doesn't magically turn it into a gateway for the rest of the network. You have to take further steps to make that happen.

To fix it, you have to change the default gateway of the clients to be the LAN ip of the dd-wrt router, NOT the Fritzbox. Problem is, that's not always possible. Sometimes ISP's don't allow you to change the gateway IP returned by DHCP. Sometimes they lock down the router to prevent tampering. And in that case, you may have to consider disabling DHCP on the Fritzbox (assuming that's even possible) and have it managed on the AP/WAP (i.e., dd-wrt). At least that DHCP server will return its own LAN ip as the gateway for the LAN clients.

This is why we don't recommend using a AP/WAP configuration for the OpenVPN client. It just makes things more difficult and complex to configure. When the VPN is established on a routed config, it's much simpler, it just works.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5353
Location: Akershus, Norway

PostPosted: Mon Apr 30, 2018 21:25    Post subject: Reply with quote
Unbridge the wifi interface and give it a separate ip sub-net i.e.192.168.179.1.
Kenji242
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 9

PostPosted: Thu May 03, 2018 17:52    Post subject: Reply with quote
Many Thanks. How exactly does it work? Do I have to change the wlan mode or rather create a virtual interface?

Thank you.


Would that be the way you think?
https://www.dd-wrt.com/wiki/index.php/Image:Standard_bridge_large.jpg
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5353
Location: Akershus, Norway

PostPosted: Thu May 03, 2018 18:19    Post subject: Reply with quote
1) Create a VAP only if you need a new SSID in addition to the existing ones.

2) Networking tab: Switch from Default to Unbridged on the wireless interface. New options will show. Set a new IP address and netmask
Kenji242
DD-WRT Novice


Joined: 12 Feb 2018
Posts: 9

PostPosted: Fri May 04, 2018 13:13    Post subject: Reply with quote
Per Yngve Berg wrote:
1) Create a VAP only if you need a new SSID in addition to the existing ones.

2) Networking tab: Switch from Default to Unbridged on the wireless interface. New options will show. Set a new IP address and netmask


VAP= Virtuell AP?

I will try it tomorrow. How do I do it now that the Openvpn client works? That was already my problem before.

lg.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum