Posted: Mon Aug 24, 2015 8:30 Post subject: Setting up 2 wifi, one with openvpn
Hi Experts
background -
1. I live in China and I need 2 wifi in 2 separate routers. my modem connects with the internet, 1st router (low end TPLINK) gives me default wifi/internet. I want to connect a 2nd router with openvpn (netgrear 4300, to log in to facebook, google, youtube etc).
2. I have configured my netgear router with below DD-WRT build -
Firmware: DD-WRT v24-sp2 (02/04/14) std
Time: 00:29:15 up 29 min, load average: 0.01, 0.03, 0.04
WAN IP: 192.168.1.107
3. Now when I am putting my netgear behind the 1st router, it shows DNS fail as below -
Serverlog Clientlog 19700101 00:00:24 W DEPRECATED OPTION: --tls-remote please update your configuration
19700101 00:00:24 I OpenVPN 2.3.2 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 4 2014
19700101 00:00:24 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700101 00:00:24 W WARNING: file '/tmp/auth.conf' is group or others accessible
19700101 00:00:24 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:24 Socket Buffers: R=[172032->131072] S=[172032->131072]
19700101 00:00:39 N RESOLVE: Cannot resolve host address: kr1.vyprvpn.com: Name or service not known
19700101 00:00:54 N RESOLVE: Cannot resolve host address: kr1.vyprvpn.com: Name or service not known
19700101 00:01:15 N RESOLVE: Cannot resolve host address: kr1.vyprvpn.com: Name or service not known
19700101 00:01:35 NOTE: --mute triggered...
19700101 00:04:36 10 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:04:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:04:36 D MANAGEMENT: CMD 'state'
19700101 00:04:36 MANAGEMENT: Client disconnected
19700101 00:04:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:04:36 D MANAGEMENT: CMD 'state'
19700101 00:04:36 MANAGEMENT: Client disconnected
19700101 00:04:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:04:36 D MANAGEMENT: CMD 'state'
19700101 00:04:36 MANAGEMENT: Client disconnected
19700101 00:04:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:04:36 D MANAGEMENT: CMD 'log 500'
19700101 00:04:36 MANAGEMENT: Client disconnected
19700101 00:04:56 N RESOLVE: Cannot resolve host address: kr1.vyprvpn.com: Name or service not known
19700101 00:05:16 N RESOLVE: Cannot resolve host address: kr1.vyprvpn.com: Name or service not known
19700101 00:05:36 N RESOLVE: Cannot resolve host address: kr1.vyprvpn.com: Name or service not known
19700101 00:05:56 NOTE: --mute triggered...
19700101 00:06:56 4 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:06:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:06:56 D MANAGEMENT: CMD 'state'
19700101 00:06:56 MANAGEMENT: Client disconnected
19700101 00:06:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:06:56 D MANAGEMENT: CMD 'state'
19700101 00:06:56 MANAGEMENT: Client disconnected
19700101 00:06:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:06:56 D MANAGEMENT: CMD 'state'
19700101 00:06:56 MANAGEMENT: Client disconnected
19700101 00:06:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
19700101 00:06:56 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
4. I also have tried to ping and tracert from my laptop when the laptop is connected with netgear, both ping and tracert fails.
5. I have properly configured DNS in the control panel. snapshot is attached.
6. Surely the DNS in 1st router and the DNS in my netgear are not same.
I don't know about setups with two routers, but for a friend I setup an Archer C7 with the VPN on a VAP. It has two SSIDs, one normal and one VPN. It took a bit of fiddling, but wasn't too bad. He has been using it for Netflix for the past week without issue. If you need the cheap TP-Link as an AP, it should be possible to get both networks there with a vlan, though I haven't personally done it.
If you're interested in putting both networks on the netgear, let me know and I'll pass on what I can from my startup and firewall commands.
I don't know about setups with two routers, but for a friend I setup an Archer C7 with the VPN on a VAP. It has two SSIDs, one normal and one VPN. It took a bit of fiddling, but wasn't too bad. He has been using it for Netflix for the past week without issue. If you need the cheap TP-Link as an AP, it should be possible to get both networks there with a vlan, though I haven't personally done it.
If you're interested in putting both networks on the netgear, let me know and I'll pass on what I can from my startup and firewall commands.
thanks, mwbuss8. Pls send me the steps to configure as below at your convenience -
1. netgear will 1st dial for a PPPoE.
2. netgear will 2ndly dial to VPN service provider. (I can configure open vpn by myself).
3. netgear (4300 model has 2 separate wifi I can see) will have default wifi1 with local internet (no VPN).
4. netgear will have 2nd wifi (wifi2), with VPN internet.
pppoe causes VPN conflicts. I've read some reviews on how to make them work together, but I believe it puts everything through the VPN, without the option of using your ISP. Personally, I have pppoe as well, but I turned off WiFi on the ISP router and still have it routing. You could do this as well, just put the TP-Link with WiFi disabled between the modem and netgear. The TP-Link will handle pppoe, and the netgear will use auto-dhcp.
From there, if you want to continue, create a bridged VAP, create a new bridge (br1) in setup->network, and add the VAP to it. Scroll to the bottom and add a dhcp server for br1. You should now be able to connect to your VAP and obtain an IP address, but you won't get internet access. From there, a startup script and firewall rules are needed, but I don't have access to them from my phone.
pppoe causes VPN conflicts. I've read some reviews on how to make them work together, but I believe it puts everything through the VPN, without the option of using your ISP. Personally, I have pppoe as well, but I turned off WiFi on the ISP router and still have it routing. You could do this as well, just put the TP-Link with WiFi disabled between the modem and netgear. The TP-Link will handle pppoe, and the netgear will use auto-dhcp.
From there, if you want to continue, create a bridged VAP, create a new bridge (br1) in setup->network, and add the VAP to it. Scroll to the bottom and add a dhcp server for br1. You should now be able to connect to your VAP and obtain an IP address, but you won't get internet access. From there, a startup script and firewall rules are needed, but I don't have access to them from my phone.
Hi
Actually I think as netgear 4300 has 2 APs I do not need to create any VAP in it. from today morning, I tried to find a way to bridge PPPoE internet with ath0 (wifi1) and OPENVPN internet with ath1 (wifi2). In the networking tab, I can create bridge br0 and br1, then assign ath0 and ath1 to them respectively but then noway to link PPPoE default internet and OPENVPN internet in these bridges.
ath0 is 2.4ghz and ath1 is 5ghz. You want to create ath0.1 and ath1.1 as VAPs and put them on your new bridge. ath0 and ath1 should share an SSID. ath0.1 and ath 1.1 should share a different SSID.
ath0 is 2.4ghz and ath1 is 5ghz. You want to create ath0.1 and ath1.1 as VAPs and put them on your new bridge. ath0 and ath1 should share an SSID. ath0.1 and ath 1.1 should share a different SSID.
I can see that they have separate SSID. ath0 and ath1 are separate wireless physical interfaces.
pls check the attachment. I have omitted the MAC addr from the snap.
As it shows in your picture, ath0 is 2.4ghz and ath1 is 5ghz. Whether they share an SSID or not, they access the same network. Putting them on the same SSID isn't necessary, but it simplifies things. If you put the VPN on ath1, you'll limit your standard connection to 2.4ghz, and more importantly, limit VPN to 5ghz. That means devices that Tony support 5ghz can't use the VPN. Adding a VAP for each is easy, just click "add" for virtual interface under each one. Set your VPN SSID for them, and add a password in the security tab.
As it shows in your picture, ath0 is 2.4ghz and ath1 is 5ghz. Whether they share an SSID or not, they access the same network. Putting them on the same SSID isn't necessary, but it simplifies things. If you put the VPN on ath1, you'll limit your standard connection to 2.4ghz, and more importantly, limit VPN to 5ghz. That means devices that Tony support 5ghz can't use the VPN. Adding a VAP for each is easy, just click "add" for virtual interface under each one. Set your VPN SSID for them, and add a password in the security tab.
but then how to bridge them as below?
PPPoE internet -> br0 -> ath0.1
OPENVPN internet -> br1 -> ath1.1
I can do the 2nd part for example br0 -> ath0.1 but how to do the 1st part, i.e. PPPoE internet -> br0?
It will be:
PPPoE<->br0 (ath0 & ath1)
VPN<->br1 (ath0.1 & ath1.1)
You need to go to setup->networking and add a bridge (br1). After applying, add a new subnet (if br0 is 192168.1.1 then you can use something like 192.168.2.1 just use a different subnet). Then scroll to the bottom of the same tab, and click "add" for multiple dhcp server and select br1. Then you can use the "assign to bridge" section in that tab to put ath0.1 & ath1.1 on br1. Once that is done, you should be able to connect to the SSID for ath0.1 & ath1.1 and get an IP address in the 192.168.2.xxx range, but no internet at this point. I'm still on my phone, so no startup or firewall scripts yet.
It will be:
PPPoE<->br0 (ath0 & ath1)
VPN<->br1 (ath0.1 & ath1.1)
You need to go to setup->networking and add a bridge (br1). After applying, add a new subnet (if br0 is 192168.1.1 then you can use something like 192.168.2.1 just use a different subnet). Then scroll to the bottom of the same tab, and click "add" for multiple dhcp server and select br1. Then you can use the "assign to bridge" section in that tab to put ath0.1 & ath1.1 on br1. Once that is done, you should be able to connect to the SSID for ath0.1 & ath1.1 and get an IP address in the 192.168.2.xxx range, but no internet at this point. I'm still on my phone, so no startup or firewall scripts yet.
Hi
Great help!
I have completed the steps by now. Could you please suggest next steps now?
My baby daughter came 1½mo early, so most of my time is at the hospital right now. If I stop by my house tomorrow I'll try to post my scripts, or at least turn on my computer so I can access it during down time.
Is your vpn already configured? If not, get that set up.
Go to setup->advanced networking view your routing table. See if there is anything listed as tun0 or tun1. Let me know what you find.
My VPN is already configured and a start up script is also added with my user id and password. I could not find anything in the advanced networking tab as attachment.