Posted: Sun Aug 04, 2019 17:34 Post subject: OpenVPN + separate APs?
Hi All,
I'm sure this question has been posted somewhere on the forums before, but I can't find something that matches my situation well enough to get working.
My current setup is this: I need two wireless networks, 1 that I can connect to for work (Static IP through ISP), and another that I can connect to with home devices to route through my Privacy-VPN.
I'm running on Firmware: DD-WRT v3.0-r33675M kongac (11/03/17)
I've tried setting up a separate virtual unbridged interface under wireless tab, and got that working, but when I set the PBR to run on that separate subnet, I couldn't get DNS to route on the home-network; I would get an IP address on the correct subnet, but I would NOT get DNS to work. Pinging 8.8.8.8 would respond. In this config, my work network was working exactly as expected.
I've been working on this for like three hours now, and I'm frustrated as all hell.
So... can anyone give me any pointers? Again, I'll bulletpoint the ideal situation:
2 SSIDs on the 5G bands:
Celestia-Work
-Routes directly through ISP, using 8.8.8.8 as main DNS
Celestia-Home (I'll probably leave this as Celestia-5G)
-uses OpenVPN. Using 198.18.0.1 as primary DNS, fallback to 8.8.8.8 if possible
At the time of this particular posting, I'm not even getting DHCP.
I have Celestia-5G set up as the new wlan, and Celestia-Work as the natural wlan. Celestia-work is working, I don't have PBR set up yet. I have DHCP, and I'm on the 192.168.1.x subnet.
Celestia-work is NOT getting an IP address (169.x.x.x)
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Mon Aug 05, 2019 10:07 Post subject:
First get the VAP working without the VPN.
VAP's on Broadcom are sometimes troublesome to get working (maybe I issed it but what router are you using?)
The guide you followed actually looks quite decent at first glance.
Attached my notes with the VAP workarounds , but I think your build is so old that it is pre-VAP-trouble era, so that it might work without any workarounds.
In the old days you had to reboot to get a VAP working (rebooting after setup is alwauys a good idea)
First get the VAP working reliably then proceed with the VPN, is the VAP working with the VPN then proceed with PBR.
Thanks for the tips egc. I'll give that a shot. It was weird, because once I got through the guide, everything was actually working just fine. After a few hours it stopped working reliably on either network, and different issues across different devices (mobile wouldn't connect to one network, and wouldn't get dns on another, Desktop would connect to the network that mobile wouldn't, and would get an IP address, but wouldn't ping, etc.)
I'm running on a Netgear R6400.
I'll try your suggestion. If worst case, I'll get another wifi router for the non-vpn network, and just run that in tandem on a vlan instead of a wlan.... Or I'll just go back to manually disabling the vpn during work =P
I might try running it in unbridged mode... I don't care if there is cross-network talk. I just want to make sure that anything on the one network goes through vpn for streaming and privacy purposes.
Alternatively, is there a command I can run that will toggle the vpn via command line that I can just set up as a script to run over ssh?
If a toggle isn't available, I could set up two scripts, one to turn it on and apply settings, and one to turn it off and apply settings... Obviously that won't work if the settings aren't saved when you disable it via script...
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Thu Aug 08, 2019 18:13 Post subject:
graelb wrote:
Alternatively, is there a command I can run that will toggle the vpn via command line that I can just set up as a script to run over ssh?
If a toggle isn't available, I could set up two scripts, one to turn it on and apply settings, and one to turn it off and apply settings... Obviously that won't work if the settings aren't saved when you disable it via script...
I'm definitely not being clear in my question here.
I have three wireless APs set up through the router:
Celestia: 192.168.1.x subnet
Celestia-5G:192.168.22.x subnet (PBR for VPN set for 192.168.22.128/25, and DHCP is routing those same IPs for that wlan)
Celestia-Work:192.168.1.x subnet
If I am connected to the -work AP, then I can see the devices connected to the celestia AP, but NOT any of them that are connected to the -5G AP, which is obnoxious because that means I can't stream audio to any of my google-homes setup on that network.
Actually, now that I have written it all out, Yes you guessed right. I can't see any of the devices set up on the PBR. My assumption here... is that it's because of the different subnets? Will your earlier suggestion fix that?