This is an old revision of the document!
OpenVPN Bridges
Introduction
We are very exited about a new feature which is now part of MESHdesk as well as APdesk.
With this feature you can bridge one or more of the entry points (or SSIDs) with a OpenVPN tunnel that can sit any place on the Internet.
I can now for instance connect to a SSID in South Africa while it will appear that I am browsing from an IP Address that is located somewhere in Europe or North America.
This feature opens up the door to so many new possibilities but those we leave to your own creative powers.
Our tests have proven that there is not reason for a dramatic drop on bandwidth while going this route, in fact, depending how and where you connect, you might even experience an increase in available bandwidth!
We are sure by now you are in a dire need to check out this feature. Unfortunately the initial setup can be quite involved, but once everything is in place it should run like a Swiss watch.
We will follow a divide and conquer rule and break the tasks up into categories in order to accomplish our goal.
Our Setup
For this document we will have the configure the following setup.
One Ubuntu 14.04 server with two Ethernet cards and one public IP Address.
Eth1 will have the Public IP Address (198.27.111.78)
Eth0 will be segmented using VLANs.
We will not need any VLAN capable switches.
Another server (can be the same) running the latest SVN of RADIUSdesk
An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware.
We will use VLANs configured on Eth0 as follows:
VLAN 101 will have Address range 10.101.0.0/16.
VLAN 102 will have Address range 10.102.0.0/16.
VLAN 103 will have Address range 10.103.0.0/16.
These VLANs will each be bridged on the one side with a VLAN on eth0.
br0.101 are bridged with eth0.101.
br0.102 are bridged with eth0.102.
br0.103 are bridged with eth0.103.
The other side of the bridge is a VPN tunnel.
We will create three instances of OpenVPN in server mode.
Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness.
Each of the bridges will have a Coova Chilli captive portal running.
The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict.
The IP Address range should also reflect that which was assigned to the VLAN.
Steps Involved
Prepare the hardware and OS
#Install the VLAN package
sudo apt-get update
sudo apt-get install vlan
#Permanently load the module during boot time
sudo su -c 'echo "8021q" >> /etc/modules'
#Reboot the server
sudo reboot
#Confirm that it is loaded
lsmod | grep 8021q
#Install the bridge-utils package
sudo apt-get update
sudo apt-get install bridge-utils
#Remember also to configure eth1 to contain the public IP Address...
auto eth0.101
iface eth0.101 inet manual
up ip link set $IFACE up promisc on
auto br0.101
iface br0.101 inet static
address 10.101.0.1
netmask 255.255.0.0
bridge_ports eth0.101
auto eth0.102
iface eth0.102 inet manual
up ip link set $IFACE up promisc on
auto br0.102
iface br0.102 inet static
address 10.102.0.1
netmask 255.255.0.0
bridge_ports eth0.102
auto eth0.103
iface eth0.103 inet manual
up ip link set $IFACE up promisc on
auto br0.103
iface br0.103 inet static
address 10.103.0.1
netmask 255.255.0.0
bridge_ports eth0.103
#Issue the ifconfig command to confirm the br0.101, br0.102 and br0.103 are up and has the correct IP Address.
#Also use the brctl command to show you the bridges present
system@rd:~$ brctl show
bridge name bridge id STP enabled interfaces
br0.101 8000.000c294aafdf no eth0.101
br0.102 8000.000c294aafdf no eth0.102
br0.103 8000.000c294aafdf no eth0.103