{"id":30,"date":"2006-10-01T20:23:34","date_gmt":"2006-10-01T18:23:34","guid":{"rendered":"http:\/\/bjoern-b.de\/wordpress\/?p=30"},"modified":"2009-06-07T13:06:05","modified_gmt":"2009-06-07T11:06:05","slug":"openwrt-hotspot-bridged-openvpn","status":"publish","type":"post","link":"https:\/\/www.bjoern-b.de\/wordpress\/?p=30","title":{"rendered":"OpenWRT hotspot + bridged OpenVPN + roaming"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_30 social_share_privacy clearfix 1.6.4 locale-de_DE sprite-de_DE\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_30')){$('.twoclick_social_bookmarks_post_30').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/www.bjoern-b.de\\\/wordpress\\\/?p=30\",\"post_id\":30,\"post_title_referrer_track\":\"OpenWRT+hotspot+%2B+bridged+OpenVPN+%2B+roaming\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Today many people have a broadband Internet connection and surely don&#8217;t use the whole bandwidth all the time. So why don&#8217;t give others the opportunity to use your connection? With this document I want to describe how to set up a hotspot using an <!--more--> accesspoint running with <a href=\"http:\/\/www.openwrt.org\">OpenWrt<\/a>. A very important aspect when you decide to open your wireless network to everyone often is that you still want to use it for your own purpose. This might be accessing a local file- or printserver or anything else not everybody in front of your house should be able to see and to use. Also your own connection should be encrypted. WEP-encryption is not only quite insecure but would also conflict with the idea of an open hotspot. So I decided to create a VPN using <a href=\"http:\/\/www.openvpn.net\">OpenVPN<\/a>.<\/p>\n<p><strong>Attention with copy&#038;paste!<\/strong>WordPress connects &#8211; &#8211; to one long &#8212;<\/p>\n<p><a class=\"imagelink\" href=\"https:\/\/www.bjoern-b.de\/wordpress\/wp-content\/uploads\/2006\/10\/schema1_small.png\" title=\"Network without clients\"><img decoding=\"async\" id=\"image32\" src=\"https:\/\/www.bjoern-b.de\/wordpress\/wp-content\/uploads\/2006\/10\/schema1_small.png\" alt=\"Network without clients\" \/><\/a><br \/>\n<center><b>Network overview<\/b><\/center><br \/>\nThe various access points have to be on different channels if they cover the same place.<\/p>\n<p><a class=\"imagelink\" href=\"https:\/\/www.bjoern-b.de\/wordpress\/wp-content\/uploads\/2006\/10\/schema2_small.png\" title=\"Network with clients\"><img decoding=\"async\" id=\"image33\" src=\"https:\/\/www.bjoern-b.de\/wordpress\/wp-content\/uploads\/2006\/10\/schema2_small.png\" alt=\"Network with clients\" \/><\/a><br \/>\n<center><b>Network overview with clients<\/b><\/center><\/p>\n<p><a class=\"imagelink\" href=\"https:\/\/www.bjoern-b.de\/wordpress\/wp-content\/uploads\/2006\/10\/router_small.png\" title=\"Inside the router\"><img decoding=\"async\" id=\"image31\" src=\"https:\/\/www.bjoern-b.de\/wordpress\/wp-content\/uploads\/2006\/10\/router_small.png\" alt=\"Inside the router\" \/><\/a><br \/>\n<center><b>Inside the router<\/b><\/center><\/p>\n<p><b>Be careful! The following is only tested for WRT54g V2.2. If you have another version check for differences in the naming of the devices!<\/b><\/p>\n<p>Here comes the nvram settings for the router:<\/p>\n<blockquote><p><code><br \/>\nnvram set vlan0hwname=et0                                  #vlan0 = LANports<br \/>\nnvram set vlan1hwname=et0                                  #vlan1 = WANport<br \/>\nnvram set vlan2hwname=et0                                  #vlan2 = port bridged together with wifi<\/p>\n<p>nvram set vlan0ports=\"1 2 5*\"                                #ports for vlan0<br \/>\nnvram set vlan1ports=\"0 5\"                                     #ports for vlan1<br \/>\nnvram set vlan2ports=\"3 4 5\"                                  #ports for vlan2<\/p>\n<p>nvram set wl0_ifname=eth1<br \/>\nnvram set wl0_mode=ap<br \/>\nnvram set wl0_channel=6<br \/>\nnvram set wl0_ssid=\"My Hotspot\"                            #SSID for your wireless network<\/p>\n<p>nvram set wifi_ifnames=\"eth1 vlan2\"                       #bridge wifi together with the switch ports<br \/>\nnvram set wifi_ifname=br1<br \/>\nnvram set wifi_proto=static<br \/>\nnvram set wifi_ipaddr=192.168.1.1                          #WLAN IP-address of your router<br \/>\nnvram set wifi_netmask=255.255.255.0                  #WLAN netmask of your router<\/p>\n<p>nvram set lan_ifnames=vlan0<br \/>\nnvram set lan_ifname=vlan0<br \/>\nnvram set lan_proto=static<br \/>\nnvram set lan_ipaddr=192.168.0.1                           #LAN IP-address of your router<br \/>\nnvram set lan_netmask=255.255.255.0                   #LAN netmask of your router<\/p>\n<p>nvram set wan_device=vlan1<br \/>\nnvram set wan_ifname=ppp0<br \/>\nnvram set wan_proto=pppoe                                    #using pppoe for internet connection<\/p>\n<p>nvram set pppoe_username=user@provider.name #your pppoe username<br \/>\nnvram set pppoe_passwd=yourpassword                 #your pppoe password<br \/>\nnvram commit<br \/>\n<\/code><\/p><\/blockquote>\n<p>\/etc\/dnsmasq.conf<\/p>\n<blockquote><p>\ndomain-needed<br \/>\nbogus-priv<br \/>\nfilterwin2k<br \/>\nlocalise-queries<\/p>\n<p># allow \/etc\/hosts and dhcp lookups via *.lan<br \/>\nlocal=\/lan\/<br \/>\ndomain=lan<br \/>\nexpand-hosts<\/p>\n<p># enable dhcp (start,end,netmask,leasetime)<br \/>\ndhcp-authoritative<br \/>\ndhcp-range=192.168.1.100,192.168.1.150,255.255.255.0,12h<br \/>\ndhcp-leasefile=\/tmp\/dhcp.leases<\/p>\n<p># use \/etc\/ethers for static hosts; same format as &#8212;dhcp-host<br \/>\n# <hwaddr> <ipaddr><br \/>\nread-ethers<br \/>\n# other useful options:<br \/>\n# default route(s): dhcp-option=3,192.168.1.1,192.168.1.2<br \/>\n#    dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2<br \/>\ndhcp-option=3,192.168.1.1<br \/>\ndhcp-option=6,192.168.1.1<br \/>\n<\/ipaddr><\/hwaddr><\/p><\/blockquote>\n<p>Configuring the OpenVPN-server is quite easy but you have to generate certificates and keys for each the server and the clients. The descrition of this procedure would exceed this document. You&#8217;ll find a detailed howto at <a href=\"http:\/\/openvpn.net\/howto.html\">http:\/\/openvpn.net\/howto.html<\/a><\/p>\n<p>\/etc\/openvpn\/home-bridge\/local.conf<\/p>\n<blockquote><p>\ndev tap0<br \/>\nca ca.crt<br \/>\ncert server.crt<br \/>\nkey server.key<br \/>\ndh dh1024.pem<br \/>\nserver-bridge 192.168.0.1 255.255.255.0 192.168.0.151 192.168.0.200<br \/>\nifconfig-pool-persist ipp.txt<br \/>\nkeepalive 10 120<br \/>\ncomp-lzo<br \/>\npersist-key<br \/>\npersist-tun<br \/>\nstatus status.log<br \/>\nverb 3<br \/>\nclient-to-client\n<\/p><\/blockquote>\n<p>\/etc\/init.d\/S51openvpn<\/p>\n<blockquote><p>\n#!\/bin\/sh<br \/>\ncd \/etc\/openvpn\/home-bridge<br \/>\nbr=&#8220;br0&#8243;<br \/>\ntap=&#8220;tap0&#8243;<br \/>\neth=&#8220;vlan0&#8243;<br \/>\neth_ip=&#8220;192.168.0.1&#8243;<br \/>\neth_netmask=&#8220;255.255.255.0&#8243;<br \/>\neth_broadcast=&#8220;192.168.0.255&#8243;<br \/>\nopenvpn &#8211;mktun &#8211;dev $tap<br \/>\nbrctl addbr $br<br \/>\nbrctl addif $br $eth<br \/>\nbrctl addif $br $tap<br \/>\nifconfig $tap 0.0.0.0 promisc up<br \/>\nifconfig $eth 0.0.0.0 promisc up<br \/>\nifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast<\/p>\n<p>openvpn &#8211;daemon &#8211;config \/etc\/openvpn\/home-bridge\/local.conf\n<\/p><\/blockquote>\n<p>Assign executable rights for the startup script:<br \/>\n<code>chmod a+x \/etc\/init.d\/S60openvpn<\/code><\/p>\n<p>\/etc\/init.d\/S45firewall<\/p>\n<blockquote><p>\n[&#8230;]<br \/>\niptables -A FORWARD -i br1 -o ppp0 -j ACCEPT<br \/>\niptables -A FORWARD -i br0 -j ACCEPT\n<\/p><\/blockquote>\n<p>This has to be appended! The whole file is much longer.<\/p>\n<p>Good luck!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today many people have a broadband Internet connection and surely don&#8217;t use the whole bandwidth all the time. So why don&#8217;t give others the opportunity to use your connection? With this document I want to describe how to set up &hellip; <a href=\"https:\/\/www.bjoern-b.de\/wordpress\/?p=30\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-30","post","type-post","status-publish","format-standard","hentry","category-computer"],"_links":{"self":[{"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=30"}],"version-history":[{"count":1,"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/30\/revisions"}],"predecessor-version":[{"id":201,"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/30\/revisions\/201"}],"wp:attachment":[{"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=30"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=30"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bjoern-b.de\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}