OpenWrt Forum Archive

Topic: Using OpenWRT to route LAN traffic through an OpenVPN remote server

The content of this topic has been archived on 13 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
nodje
27 Jan 2011, 06:45

Currently living in China, where internet is all but open, VPN connection is a need.
But I'm tired of individual VPN connection as I have dozens of devices that needs to surf the free web.

I need to find a way to get LAN traffic through a single OpenVPN client connection.

I'm turning to OpenWRT to get a solution that would possibly avoid using a spare machine.

Being quite newbie in networks, I reckon it's not really a common problem, as google has been able to provide a clear answer.
If it is a "classic" problem, please let me know what is the straight forward solution.

My thinking is the following:
- router acting as vpn client and routing absolutely ALL traffic through remote OpenVPN server - would work fine but not flexible
- a combination of proxy server using a vpn client connection, hopefully on an OpenWRT box - leaving "plain" connection as an option.

Comments would be really helpful of course, but I know it's quite demanding to explain crystal clear stuff to obscured mind...

So basically, I'd like to secure a few things before buying a compatible router and I'd be happy enough with a few answers:

- is OpenWRT able to act as an OpenVPN client ?
- is it able to share that connection over the LAN?
- can tinyproxy be used to proxy connection to this openvpn connection?

cheers

Post #2
minimou
30 Jan 2011, 11:49

Hello

I've personnaly openwrt running with openvpn in client mode and it just work fine.

just to answer your 3 questions:
1)yes, but if you have a big connection this will slow down the connection as the poor routers aren't design to do cryto
2)yes
3)partly
i think that tinyproxy can only redirect to another proxy (or i haven't found the good option), so you will have to put squid on the server side (or another proxy software)

Did you already have a openvpn server up and running (if yes tell us the configuration)?
What OS did you use (win,mac,linux,...)?

Post #3
nodje
31 Jan 2011, 04:16

Hi,

thanks for your answer.

I have an OpenVPN 2.1.4 server running on Ubuntu 10.04.

I'm connecting to it with UDP tun device, with redirect-gateway option.

I didn't realize that crypto would be that demanding for the router.
This alone justifies a dedicated machine.
I kind of wanted to avoid that, thinking it would be neater and more eco to have just a router taking care of that.
Maybe I can just give it a try, but probably not with a WRT54G.
Any powerful router that could support VPN encryption and dual WLAN?

I guess a Soekris box would be perfect for the job, right? But they don't seem to provide wireless though.

I've tested the config I'd like to have set on a router on an old OSX 10.4 box:
- a machine acting as openVPN client
- a proxy redirecting to this vpn tunnel.

I've successfully installed the OpenVPN client and Squid.
I can connect through VPN tunnel with a browser, but Squid doesn't.
A browser using the local Squid proxy can access the web just as regular machine on the chinese web.
I actually don't understand how Squid can bypass the vpn tunnel setup with redirect-gateway option.

cheers

The discussion might have continued from here.