OpenVPN Bridges

Introduction

We are very exited about a new feature (actually old feature as of 2023 but still very handy) which is now part of MESHdesk as well as APdesk.
With this feature you can bridge one or more of the entry points (or SSIDs) with a OpenVPN tunnel that can sit any place on the Internet.
I can now for instance connect to a SSID in South Africa while it will appear that I am browsing from an IP Address that is located somewhere in Europe or North America.
We are sure by now you are in a dire need to check out this feature. Unfortunately the initial setup can be quite involved, but once everything is in place it should run like a Swiss watch.
We will follow a divide and conquer rule and break the tasks up into categories in order to accomplish our goal.

For this document we will configure the following setup.

One Ubuntu 22.04 server with one Ethernet card and one public IP Address.
- Eth0 will have the Public IP Address (198.27.111.78)
- Eth1 is a virtual interface and will be segmented using VLANs.
- We will not need any VLAN capable switches.
Another server (can be the same) running the latest RADIUSdesk Git code.
An Access Point with Internet access, running the latest Git of the MESHdesk firmware.

If your server has only one Ethernet port it is not a train smash!
We offer an alternative which will use the dummy module to mimick a real Ethernet port.

We will use VLANs configured on Eth0 as follows:
- VLAN 101 will have Address range 10.101.0.0/16.
- VLAN 102 will have Address range 10.102.0.0/16.
- VLAN 103 will have Address range 10.103.0.0/16.
These VLANs will each be bridged on the one side with a VLAN on eth0.
- br0.101 are bridged with eth1.101.
- br0.102 are bridged with eth1.102.
- br0.103 are bridged with eth1.103.

The other side of the bridge is a VPN tunnel.
- We will create three instances of OpenVPN in server mode.
- Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness.

Each of the bridges will have a CoovaChilli captive portal running.
- The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict.
- The IP Address range should also reflect that which was assigned to the VLAN.