OpenWrt, OpenVPN, One Router, Two Signals

I am re-posting this article because the last one I wrote was deleted in error. I was updating it and, when I clicked save, it all went away. However, the previous article was based on OpenVPN version 2.0 so some of the commands didn't work. I found a backup of the old article and added two sections for OpenVPN 2.4.

As an introduction, while living overseas, I found myself needing a VPN for various reasons. I would have two routers, one with the VPN connection and one with a Local Connection. I knew there had to be a better way, so I went on a hunt to figure it out. The below information is my solution. There is plenty of information that is taken for granted, so if there are any questions that are not answered, asked a trusted friend or ask it in the Help Forum.

The idea: Broadcast two wireless signals. One running an OpenVPN and the other running local internet

Purpose: To watch Netflix, Hulu, etc., on media devices and have a server running that can be access from the internet (without VPN) or just to have access to the local internet. So, depending on which wireless network that is connected, you can either be running over a VPN or locally. For example, you can connect your media devices to the VPN SSID and run Netflix, Hulu, or just have a Secure Connection all the time.

Before attempting this, I looked around on the internet and didn't find a walkthrough, so if there is one, please let me know. However, I did find lots of help that I picked up from different places. Some of them include:

http://wiki.openwrt.org/doc/howto/vpn.client.pptp

https://forum.openwrt.org/viewtopic.php?id=39223

There were a few more, but can't remember which ones now.

I'm using Attitude Adjustment 12.09 RC2 with OpenVPN 2.0 and OpenVPN 2.4

Here is what I did:

1. Purchase OpenVPN service from a reputable company (ex. Witopia, StrongVPN, etc.)

2. Install OpenVPN on the OpenWRT router, See “Installation” section here. (Don't do anything else on this page)

3. Install ip ...yes, just two letters. It's version 3.3.0-1 as of this writing.

4. Add a new Wireless controller from the LuCi as normal (Network->Wifi).

   • SSID: <your 'secure' name>

   • Mode: Access Point

   • Attach the network it to the LAN network for now.

   • We'll test it to make sure it works and that you have internet access in a few moments...

   • Add Wireless Security and any other wireless setting you desire

   • Save and Apply

• Click 'Enable'

5. Add a new interface (Network->Interfaces->Add new interface)

   • Choose Name (ex. Slan) -If you change this name (Slan), make sure to change the other references to it below

   • Select 'Static Address.'

   • Create bridge = unchecked

   • Cover the following interfaces = Choose newly created wireless Network

   • Submit

   • Choose IP address in another subnet, for example:

     • IPv4 address = 192.168.20.1

     • IPv4 netmask = 255.255.255.0

     • Leave Gateway blank

     • Custom DNS server = 192.168.20.1

     • Save and Apply

   • From Firewall Settings

     • Create new Zone = <your 'secure' lan name> (needs to be different than wlan above. I choose the name of the lan. ex. slan)

   • Click 'Setup DHCP server' and use default settings unless you need something special.

   • Save and Apply

6. From LuCI, go to the Firewall section: Network->Firewall Section

   • Edit the LAN settings and add the newly created interface (slan) to the covered networks. There should be two now. LAN and SLAN. Wan should be checked under the Allow forward to destination zone.

   • Save and Apply.