This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
user_guide:openvpn_bridges [2016/09/26 01:52] admin created |
user_guide:openvpn_bridges [2020/08/12 13:37] admin [The Hardware] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== OpenVPN Bridges ====== | ====== OpenVPN Bridges ====== | ||
| + | {{ :user_guide:apdesk:openvpn_bridge.png?nolink |}} | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| * We are very exited about a new feature which is now part of **MESHdesk** as well as **APdesk**. | * We are very exited about a new feature which is now part of **MESHdesk** as well as **APdesk**. | ||
| Line 11: | Line 12: | ||
| ------------------- | ------------------- | ||
| - | ===== Setup Overview ===== | + | ===== Our Setup ===== |
| + | For this document we will configure the following setup. | ||
| + | ==== The Hardware ==== | ||
| + | * One Ubuntu 18.04 server with two Ethernet cards and one public IP Address. | ||
| + | * Eth1 will have the Public IP Address (198.27.111.78) | ||
| + | * Eth0 will be segmented using VLANs. | ||
| + | * We will **not** need any VLAN capable switches. | ||
| + | * Another server (can be the same) running the latest SVN of RADIUSdesk | ||
| + | * An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware. | ||
| + | |||
| + | <WRAP center round info 90%> | ||
| + | == Only one Ethernet port? == | ||
| + | * If your server has only one Ethernet port it is not a train smash! | ||
| + | * We offer an alternative which will use the **dummy** module to mimick a real Ethernet port. | ||
| + | </WRAP> | ||
| + | |||
| + | |||
| + | ==== Segmenting Using VLANs ==== | ||
| + | |||
| + | * We will use VLANs configured on Eth0 as follows: | ||
| + | * VLAN 101 will have Address range 10.101.0.0/16. | ||
| + | * VLAN 102 will have Address range 10.102.0.0/16. | ||
| + | * VLAN 103 will have Address range 10.103.0.0/16. | ||
| + | * These VLANs will each be bridged on the one side with a VLAN on eth0. | ||
| + | * br0.101 are bridged with eth0.101. | ||
| + | * br0.102 are bridged with eth0.102. | ||
| + | * br0.103 are bridged with eth0.103. | ||
| + | |||
| + | ==== The VPNs ==== | ||
| + | |||
| + | * The other side of the bridge is a VPN tunnel. | ||
| + | * We will create three instances of OpenVPN in server mode. | ||
| + | * Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness. | ||
| + | |||
| + | ==== The Captive Portals ==== | ||
| + | |||
| + | * Each of the bridges will have a Coova Chilli captive portal running. | ||
| + | * The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict. | ||
| + | * The IP Address range should also reflect that which was assigned to the VLAN. | ||
| + | |||
| + | ----------------------------------------- | ||
| + | |||
| + | ===== Steps Involved ===== | ||
| + | * [[user_guide:openvpn_bridges_prep_os|Prepare the hardware and OS]] | ||
| + | * [[user_guide:openvpn_bridges_prep_openvpn|Install and configure OpenVPN]] | ||
| + | * [[user_guide:openvpn_bridges_prep_coova|Install and configure CoovaChilli]] | ||
| + | * [[user_guide:openvpn_bridges_prep_radiusdesk|Configure RADIUSdesk, MESHdesk and APdesk]] | ||
| + | |||
| + | |||
| + | ------------------------- | ||
| - | |||