This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
user_guide:openvpn_bridges [2016/09/26 01:52] admin created |
user_guide:openvpn_bridges [2020/08/12 13:37] admin [The Hardware] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== OpenVPN Bridges ====== | ====== OpenVPN Bridges ====== | ||
+ | {{ :user_guide:apdesk:openvpn_bridge.png?nolink |}} | ||
===== Introduction ===== | ===== Introduction ===== | ||
* We are very exited about a new feature which is now part of **MESHdesk** as well as **APdesk**. | * We are very exited about a new feature which is now part of **MESHdesk** as well as **APdesk**. | ||
Line 11: | Line 12: | ||
------------------- | ------------------- | ||
- | ===== Setup Overview ===== | + | ===== Our Setup ===== |
+ | For this document we will configure the following setup. | ||
+ | ==== The Hardware ==== | ||
+ | * One Ubuntu 18.04 server with two Ethernet cards and one public IP Address. | ||
+ | * Eth1 will have the Public IP Address (198.27.111.78) | ||
+ | * Eth0 will be segmented using VLANs. | ||
+ | * We will **not** need any VLAN capable switches. | ||
+ | * Another server (can be the same) running the latest SVN of RADIUSdesk | ||
+ | * An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware. | ||
+ | |||
+ | <WRAP center round info 90%> | ||
+ | == Only one Ethernet port? == | ||
+ | * If your server has only one Ethernet port it is not a train smash! | ||
+ | * We offer an alternative which will use the **dummy** module to mimick a real Ethernet port. | ||
+ | </WRAP> | ||
+ | |||
+ | |||
+ | ==== Segmenting Using VLANs ==== | ||
+ | |||
+ | * We will use VLANs configured on Eth0 as follows: | ||
+ | * VLAN 101 will have Address range 10.101.0.0/16. | ||
+ | * VLAN 102 will have Address range 10.102.0.0/16. | ||
+ | * VLAN 103 will have Address range 10.103.0.0/16. | ||
+ | * These VLANs will each be bridged on the one side with a VLAN on eth0. | ||
+ | * br0.101 are bridged with eth0.101. | ||
+ | * br0.102 are bridged with eth0.102. | ||
+ | * br0.103 are bridged with eth0.103. | ||
+ | |||
+ | ==== The VPNs ==== | ||
+ | |||
+ | * The other side of the bridge is a VPN tunnel. | ||
+ | * We will create three instances of OpenVPN in server mode. | ||
+ | * Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness. | ||
+ | |||
+ | ==== The Captive Portals ==== | ||
+ | |||
+ | * Each of the bridges will have a Coova Chilli captive portal running. | ||
+ | * The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict. | ||
+ | * The IP Address range should also reflect that which was assigned to the VLAN. | ||
+ | |||
+ | ----------------------------------------- | ||
+ | |||
+ | ===== Steps Involved ===== | ||
+ | * [[user_guide:openvpn_bridges_prep_os|Prepare the hardware and OS]] | ||
+ | * [[user_guide:openvpn_bridges_prep_openvpn|Install and configure OpenVPN]] | ||
+ | * [[user_guide:openvpn_bridges_prep_coova|Install and configure CoovaChilli]] | ||
+ | * [[user_guide:openvpn_bridges_prep_radiusdesk|Configure RADIUSdesk, MESHdesk and APdesk]] | ||
+ | |||
+ | |||
+ | ------------------------- | ||
- | |||