OpenWRT hotspot + bridged OpenVPN + roaming

Today many people have a broadband Internet connection and surely don’t use the whole bandwidth all the time. So why don’t give others the opportunity to use your connection? With this document I want to describe how to set up a hotspot using an accesspoint running with OpenWrt. A very important aspect when you decide to open your wireless network to everyone often is that you still want to use it for your own purpose. This might be accessing a local file- or printserver or anything else not everybody in front of your house should be able to see and to use. Also your own connection should be encrypted. WEP-encryption is not only quite insecure but would also conflict with the idea of an open hotspot. So I decided to create a VPN using OpenVPN.

Attention with copy&paste!WordPress connects – – to one long —

Network without clients

Network overview

The various access points have to be on different channels if they cover the same place.

Network with clients

Network overview with clients

Inside the router

Inside the router

Be careful! The following is only tested for WRT54g V2.2. If you have another version check for differences in the naming of the devices!

Here comes the nvram settings for the router:


nvram set vlan0hwname=et0 #vlan0 = LANports
nvram set vlan1hwname=et0 #vlan1 = WANport
nvram set vlan2hwname=et0 #vlan2 = port bridged together with wifi

nvram set vlan0ports="1 2 5*" #ports for vlan0
nvram set vlan1ports="0 5" #ports for vlan1
nvram set vlan2ports="3 4 5" #ports for vlan2

nvram set wl0_ifname=eth1
nvram set wl0_mode=ap
nvram set wl0_channel=6
nvram set wl0_ssid="My Hotspot" #SSID for your wireless network

nvram set wifi_ifnames="eth1 vlan2" #bridge wifi together with the switch ports
nvram set wifi_ifname=br1
nvram set wifi_proto=static
nvram set wifi_ipaddr=192.168.1.1 #WLAN IP-address of your router
nvram set wifi_netmask=255.255.255.0 #WLAN netmask of your router

nvram set lan_ifnames=vlan0
nvram set lan_ifname=vlan0
nvram set lan_proto=static
nvram set lan_ipaddr=192.168.0.1 #LAN IP-address of your router
nvram set lan_netmask=255.255.255.0 #LAN netmask of your router

nvram set wan_device=vlan1
nvram set wan_ifname=ppp0
nvram set wan_proto=pppoe #using pppoe for internet connection

nvram set pppoe_username=user@provider.name #your pppoe username
nvram set pppoe_passwd=yourpassword #your pppoe password
nvram commit

/etc/dnsmasq.conf

domain-needed
bogus-priv
filterwin2k
localise-queries

# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=lan
expand-hosts

# enable dhcp (start,end,netmask,leasetime)
dhcp-authoritative
dhcp-range=192.168.1.100,192.168.1.150,255.255.255.0,12h
dhcp-leasefile=/tmp/dhcp.leases

# use /etc/ethers for static hosts; same format as —dhcp-host
#
read-ethers
# other useful options:
# default route(s): dhcp-option=3,192.168.1.1,192.168.1.2
# dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2
dhcp-option=3,192.168.1.1
dhcp-option=6,192.168.1.1

Configuring the OpenVPN-server is quite easy but you have to generate certificates and keys for each the server and the clients. The descrition of this procedure would exceed this document. You’ll find a detailed howto at http://openvpn.net/howto.html

/etc/openvpn/home-bridge/local.conf

dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server-bridge 192.168.0.1 255.255.255.0 192.168.0.151 192.168.0.200
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status status.log
verb 3
client-to-client

/etc/init.d/S51openvpn

#!/bin/sh
cd /etc/openvpn/home-bridge
br=“br0″
tap=“tap0″
eth=“vlan0″
eth_ip=“192.168.0.1″
eth_netmask=“255.255.255.0″
eth_broadcast=“192.168.0.255″
openvpn –mktun –dev $tap
brctl addbr $br
brctl addif $br $eth
brctl addif $br $tap
ifconfig $tap 0.0.0.0 promisc up
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

openvpn –daemon –config /etc/openvpn/home-bridge/local.conf

Assign executable rights for the startup script:
chmod a+x /etc/init.d/S60openvpn

/etc/init.d/S45firewall

[…]
iptables -A FORWARD -i br1 -o ppp0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT

This has to be appended! The whole file is much longer.

Good luck!

7 Gedanken zu „OpenWRT hotspot + bridged OpenVPN + roaming

  1. Hello my friends!
    The interesting name of a site – bjoern-b.de
    I today 9 hours
    has spent to the Internet So I have found your site 🙂
    The interesting site but does not suffice several sections!
    However this section is very necessary!
    I have added you in elected!
    Forgive I is drunk :))

  2. There has come winter 🙁
    It became cold and cloudy!
    Mood very bad 🙁
    Depression Begins

  3. I very much love summer 🙂
    Someone very much loves winter 🙁
    I Wish to know whom more 🙂
    For what you love winter?
    For what you love summer? Let’s argue 🙂

  4. Hello, thanks for this tutorial.

    I want to configure my home network with this AP (OpenWRT) to cover all the space. Is possible to add 2 APs on the same network?

    Thanks for all!

  5. This is one of the good articles you can find in the net explaining everything in detail regarding the topic. I thank you for taking your time sharing your thoughts and ideas to a lot of readers out there.

  6. Мало заботиться о самочувствии своего малыша – необходимо делать решительные действия для его защиты. Причем доверить данный вопрос можно только опытным проверенным педиатрам.
    На сегодняшний день помощь своего врача по карману далеко не многим гражданам Нашей страны. А отправляться по каждому вопросу в поликлинику, выстаивать длинные очереди и подвергать чадо риску заразиться вирусами от иных детей – тоже не вариант.
    К счастью, многочисленные частные клиники дают оформить программу Детского Добровольного Медицинского Обслуживания (ДМО), которая даёт возможность за небольшую сумму купить полис на годовое обслуживание у врачей.
    К сожалению, не многие люди осведомлены о подобной услуге и продолжают лечиться народными способами, ждут часами в очередях и отдают большие деньги за посещения частных педиатров.
    А программа Добровольного Медицинского Обслуживания для детей позволяет:
    “ Бесплатно получить больничный лист по уходу за ребенком;
    “ Бесплатно проходить обследование у личных врачей педиатров;
    “ Бесплатно или со скидкой проходить лечебные процедуры и диагностику;
    “ Лечить ребенка вовремя, качественно и без очередей.
    Для того чтобы ознакомиться со списком клиник и условиями оказания услуг достаточно вбить в поиск Яндекса или Google ключевое выражение: „Добровольное Медицинское Обслуживание“. После этого надо выбрать понравившуюся клинику и оформить договор.

    34j5c6h87

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

*

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.