Calgarychris
DD-WRT Novice
Joined: 15 Feb 2017
Posts: 2
|
 Posted: Wed Feb 15, 2017 11:37 Post subject: Basic VPN questions from a neophyte |
 |
Hi,
I currently use a VPN provider, BT Guard, using direct connections from my computer to them. I would like to have all traffic in the house (wired and wifi) routed - presumably by using a dd-wrt router and openVPN (?). I would also like a "back to base" VPN connection so that if I'm offsite with a laptop or iPhone I connect back home via VPN and then out over the VPN connection through BT Guard.
I'm wondering if the above is even possible? Is the former a VPN client and the latter a VPN server? If so, can both be done? Is it overly complex to set up? Finally, any recommendations on solid routers that you'd recommend? I would want gigE ports and good wifi as I'm in dense accomodations.
Thanks and sorry if these are basic questions - happy to google, I just need to know the terms to look for!  |
|
Calgarychris
DD-WRT Novice
Joined: 15 Feb 2017
Posts: 2
|
| Posted: Sat Feb 18, 2017 5:14 Post subject: |
|
Awesome, thanks so much for the details and giving me a starting point on how to do this. It doesn't sound *too* bad, in terms of complexity...other than the known bug. Anyway, thanks very much for the reply, I really appreciate it. Any recommendations of routers to use? I'm not a gamer, but I do live in a complex with a lot of competing signal noise, especially 2GHz.
@ethanjoshua - which TP-Link are you using?
Thanks guys
| eibgrad wrote: | Yes, it can be done.
The best and easiest solution would be to use a bridged OpenVPN client/server for your remote access. However, bridged VPNs are not typically supported on mobile devices (e.g., iOS, Android). So for all intents and purposes, we’ll be assuming a routed OpenVPN client and server for the rest of this discussion.
You need to split the problem into two parts. You’ll establish an OpenVPN client on the router and have it connect to a commercial OpenVPN provider of your choice. Then you’ll establish your own OpenVPN server on that same router and use a remote OpenVPN client (e.g. Windows) to test your OpenVPN server and verify you can access your home network and its various local devices.
Note, you will NOT be able to access your OpenVPN server while the OpenVPN client on that same router is connected and active! This is expected and will be corrected next.
In order to make the OpenVPN server accessible w/ an active OpenVPN client, we need to exclude the router’s LAN ip from that same OpenVPN client. And we do that using the PBR (policy based routing) field of the OpenVPN client. Any IPs listed there will use the VPN, while everything else will use the WAN.
For example, if I wanted to have the entire local IP network of 192.168.1.0/24 except 192.168.1.1 (the router) use the OpenVPN client on the router, I could either list every other IP except 192.168.1.1 in PBR (ugh), or better yet, use an online “IP Range to CIDR” calculator to produce a compressed list.
http://www.ipaddressguide.com/cidr
192.168.1.2 thru 192.168.1.254 (we don’t need to include .255, the broadcast IP) converts to:
| Code: | 192.168.1.2/31
192.168.1.4/30
192.168.1.8/29
192.168.1.16/28
192.168.1.32/27
192.168.1.64/26
192.168.1.128/26
192.168.1.192/27
192.168.1.224/28
192.168.1.240/29
192.168.1.248/30
192.168.1.252/31
192.168.1.254/32 |
Because you also want your remote OpenVPN client to use that same OpenVPN client on the router as its internet gateway, you’ll also have to add the tunnel’s IP network (the one used by your own OpenVPN client/server for remote access) to the PBR field (e.g., 10.8.0.0/24). Just like the rest of the LAN, that forces your remote OpenVPN client over the commercial VPN.
Another complication is there is a known bug/flaw in dd-wrt’s implementation of PBR.
http://svn.dd-wrt.com/ticket/5690
It’s important to apply the temporary fix provided in that link to address the problem, or you could have communications problems between devices.
Also, when configuring your OpenVPN server, make sure to have the Start Type set to System, not WAN Up. |
|
|
