This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| user_guide:openvpn_bridges [2016/09/26 02:08] – [Setup Overview] admin | user_guide:openvpn_bridges [2020/08/12 13:37] (current) – [The Hardware] admin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== OpenVPN Bridges ====== | ====== OpenVPN Bridges ====== | ||
| + | {{ : | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| * We are very exited about a new feature which is now part of **MESHdesk** as well as **APdesk**. | * We are very exited about a new feature which is now part of **MESHdesk** as well as **APdesk**. | ||
| Line 10: | Line 11: | ||
| ------------------- | ------------------- | ||
| + | |||
| + | ===== Our Setup ===== | ||
| + | For this document we will configure the following setup. | ||
| + | ==== The Hardware ==== | ||
| + | * One Ubuntu 18.04 server with two Ethernet cards and one public IP Address. | ||
| + | * Eth1 will have the Public IP Address (198.27.111.78) | ||
| + | * Eth0 will be segmented using VLANs. | ||
| + | * We will **not** need any VLAN capable switches. | ||
| + | * Another server (can be the same) running the latest SVN of RADIUSdesk | ||
| + | * An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware. | ||
| + | |||
| + | <WRAP center round info 90%> | ||
| + | == Only one Ethernet port? == | ||
| + | * If your server has only one Ethernet port it is not a train smash! | ||
| + | * We offer an alternative which will use the **dummy** module to mimick a real Ethernet port. | ||
| + | </ | ||
| + | |||
| + | |||
| + | ==== Segmenting Using VLANs ==== | ||
| + | |||
| + | * We will use VLANs configured on Eth0 as follows: | ||
| + | * VLAN 101 will have Address range 10.101.0.0/ | ||
| + | * VLAN 102 will have Address range 10.102.0.0/ | ||
| + | * VLAN 103 will have Address range 10.103.0.0/ | ||
| + | * These VLANs will each be bridged on the one side with a VLAN on eth0. | ||
| + | * br0.101 are bridged with eth0.101. | ||
| + | * br0.102 are bridged with eth0.102. | ||
| + | * br0.103 are bridged with eth0.103. | ||
| + | |||
| + | ==== The VPNs ==== | ||
| + | |||
| + | * The other side of the bridge is a VPN tunnel. | ||
| + | * We will create three instances of OpenVPN in server mode. | ||
| + | * Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness. | ||
| + | |||
| + | ==== The Captive Portals ==== | ||
| + | |||
| + | * Each of the bridges will have a Coova Chilli captive portal running. | ||
| + | * The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict. | ||
| + | * The IP Address range should also reflect that which was assigned to the VLAN. | ||
| + | |||
| + | ----------------------------------------- | ||
| ===== Steps Involved ===== | ===== Steps Involved ===== | ||
| - | * Prepare the hardware and OS | + | * [[user_guide: |
| - | * Install and configure OpenVPN | + | * [[user_guide: |
| - | * Install and configure CoovaChilli | + | * [[user_guide: |
| - | * Configure RADIUSdesk | + | * [[user_guide: |
| - | * Configure | + | |
| - | * Configure APdesk | + | |
| + | ------------------------- | ||
| - | |||