GL-Mifi - Guest Wifi with OpenVPN & DHCP Relay plus Private Wifi w/o VPN - How?

johan · 2017-07-13T20:14:20.000Z

Hi,

Just bought the GL-Mifi and been trying it out for my purpose which I tried to describe in the subject. In the image there’s a little more info on what I’m trying to do. I have so got the following working:

LTE-connection
OpenVPN-tunnel to my server
Private Wifi with login

What I need help with is how to set the whole flow up, especially the lower part, i.e. the Guest Wifi part where I want my guests to connect to an open SSID, get an 192.168.1.x adress coming from the DHCP server which is connected to the Wifi through the OpenVPN connection.

How do I get this to work?

alzhao · 2017-07-14T12:44:53.000Z

I have a question about the DHCP relay.

Now the guest is having 192.168.0.x domain and your openvpn server’s subnet is 172.16.x.x, so actually the dhcp is not relayed.

If you just want two network for your private network and guest and don’t need dhcp relay, all these things can be done in the MiFi part.

Three things to do.

Create a network for guest

Either do this in Luci or just edit /etc/config/network part, find “config interface lan” and duplicate this part, it should be like

config interface lan_guest option proto static option ipaddr '192.168.0.1' option netmask '255.255.255.0'

2. Create guest wifi network.

Either do this in Luci or just edit /etc/config/wireless, find the ap part and copy it. The content should be like

config wifi-iface 'guest' option device 'radio0' option network 'lan_guest' option mode 'ap' option encryption 'psk2' option key 'goodlife' option ifname 'wlan1'

3. Create the dhcp server config

Either do this in Luci or just edit /etc/config/dhcp, find the part “lan” and duplicate it, content should be like

config dhcp 'guest' option interface 'lan_guest' option start '100' option limit '150' option leastime '12h' option ra 'server'

4. Route guest traffic

edit /etc/config/firewall or do it in luci, add rule for guest to the end

config rule 'guest' option src 'lan_guest' option dest 'VPN_client' #If you don't want guest to use vpn, here should be " option dest 'wan' " option proto 'udp tcp' option target 'ACCEPT'

5. Finally reboot your device. If you do this in Luci, there changes should be applied automatically, no need reboot.

johan · 2017-07-14T16:50:18.000Z

Hi Alzhao,

Thanks for a quick reply but unfortunately I do need the DHCP Relay coming from the server. That’s the most important part of the setup that a guest connects to the “Guest” SSID, the Mifi setups a tunnel to the server with a DHCP Relay to 192.168.0.1, the server then handles the DHCP and gives the user an adress in the range 172.16.0.x - the attached image last time were wrong.

I have attached four images coming from the admin tool of a competitor of yours called Teltonika RUT950. The functionality is good but I want to use your product instead since it’s better, looks better and has a battery. Can you look at the images and from that figure out how to duplicate that on a GL-Mifi. That would be fantastic. The images shows the WAN setting, the LAN setting and the OpenVPN setting. Needed is to disable NAT and to use the DHCP Relay.

Thanks a lot in advance for your quick help.

Regards,
/Johan

alzhao · 2017-07-15T00:04:08.000Z

I see. I will have several days leave and can try one week later. I will put this in the development list.

johan · 2017-07-31T17:54:46.000Z

Hi Alzhao,

Any news on this? I would be a very happy customer if you would help me with this.

/Johan

alzhao · 2017-07-31T18:44:36.000Z

I am sorry I forgot. Pls just reply this post to bring it up. Sorry for this but I will try.

johan · 2017-07-31T19:34:42.000Z

Hi,

This is the reply as requested to bring this up.

Thanks,

/Johan

johan · 2017-08-18T20:22:28.000Z

Any news on this? I would be a very happy customer if you would help me with this.

/Johan

alzhao · 2017-08-19T15:15:56.000Z

I tried a lot but still cannot set up the realy via openvpn.

I am using a public openvpn server and that could also be the problem.

Does your server allow bridging? Can you set an account for me so that I can try?

You can give the the account via email.