This is an old revision of the document!

OpenVPN Bridges


  • We are very exited about a new feature which is now part of MESHdesk as well as APdesk.
  • With this feature you can bridge one or more of the entry points (or SSIDs) with a OpenVPN tunnel that can sit any place on the Internet.
  • I can now for instance connect to a SSID in South Africa while it will appear that I am browsing from an IP Address that is located somewhere in Europe or North America.
  • This feature opens up the door to so many new possibilities but those we leave to your own creative powers.
  • Our tests have proven that there is not reason for a dramatic drop on bandwidth while going this route, in fact, depending how and where you connect, you might even experience an increase in available bandwidth!
  • We are sure by now you are in a dire need to check out this feature. Unfortunately the initial setup can be quite involved, but once everything is in place it should run like a Swiss watch.
  • We will follow a divide and conquer rule and break the tasks up into categories in order to accomplish our goal.

Our Setup

  • For this document we will have the configure the following setup.
    • One Ubuntu 14.04 server with two Ethernet cards and one public IP Address.
      • Eth1 will have the Public IP Address (
      • Eth0 will be segmented using VLANs.
      • We will not need any VLAN capable switches.
    • Another server (can be the same) running the latest SVN of RADIUSdesk
    • An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware.
  • We will use VLANs configured on Eth0 as follows:
    • VLAN 101 will have Address range
    • VLAN 102 will have Address range
    • VLAN 103 will have Address range
  • These VLANs will each be bridged on the one side with a VLAN on eth0.
    • br0.101 are bridged with eth0.101.
    • br0.102 are bridged with eth0.102.
    • br0.103 are bridged with eth0.103.
  • The other side of the bridge is a VPN tunnel.
    • We will create three instances of OpenVPN in server mode.
    • Each of these instances will be bound to a common IP Address ( but it will have a unique port to ensure uniqueness.
    • Each of the bridges will have a Coova Chilli captive portal running.
      • The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict.
      • The IP Address range should also reflect that which was assigned to the VLAN.

Steps Involved

  • Prepare the hardware and OS
  • Install and configure OpenVPN
  • Install and configure CoovaChilli
  • Configure RADIUSdesk
  • Configure MESHdesk
  • Configure APdesk