OpenVPN Bridge on GL routers

Riho-shuu · 2020-06-29T11:21:09.785Z

Hey guys,

I have added OpenVPN Bridge function on the GL routers, the web page is like this:

The default subnet is 10.8.0.0/24, once the connection is established, the devices under the OpenVPN client will be assigned IP address with 10.8.0.xxx, and you will be able to access the devices via OpenVPN server directly.

Server: MiFi /Client: AR750 /My phone: 10.8.0.63

Once the connection is established the OpenVPN client will become inaccessible, but you can manually change the IP address on your device to access the client.

I change the IP address back to 192.168.10.xxx on my iPhone, then I can access my AR750 via 192.168.10.1 to turn off the VPN or configure other things.

I have only tested with my MiFi and AR750 for now, I will test with other devices and release the firmware in the next few days.

If anyone is interested in this please have a try and leave your feedback, thanks.

rp201rp · 2020-06-29T16:38:08.796Z

I’m sorry for not understanding you here but I am def not a wizzard in routing nor openvpn but I do have some questions.

is 192.168.10.x the wan network or the lan? (gli defaullt lan being 192.168.8.x)
does this allow broadcasting to allow stuff like dlna server running on the router and stream to the remote client?

rp201rp · 2020-06-29T17:35:23.485Z

I diddn’t feel like waiting for response so I decided to install and test it out. My mistake was thinking I could use my android phone. upon trying to connect my ovpn client software relayed that TAP was not supported in android which I knew but wasn’t thinking. so those of you looking to test it out you will need pretty much anything other than android. with that being said.

I was just wonder what type of newer applications and services would benefitl for bridging over routing other than backwards compatibilty with legacy applications?

rp201rp · 2020-06-30T00:37:36.142Z

fyi,
I was using openvpn client from windows 10 and I was able to connect to gl router at 10.8.0.1 from client machne without any changes.

Riho-shuu · 2020-06-30T08:14:42.786Z

Hi,

The 192.168.10.1 is the static IP address of AR750, it is used to access AR750(Client) from devices that connected to AR750 once the OpenVPN connection is established.

In the previous post, some people have asked about this: OpenVPN bridging - #16

The main purpose is to make all the devices issued IPs from the VPN server, to avoid the double NAT. And you can access devices under the client from the server directly, which makes it easier to control all your devices remotely.

rp201rp · 2020-06-30T12:22:45.809Z

Riho-shuu:

The 192.168.10.1 is the static IP address of AR750, it is used to access AR750(Client) from

I only see 192.168.10.100 which is in the apple phone networking section. Where is 192.168.10.1 placed in the config of the ar750server? the lan, the wan, or elsewhere? Is the router in access point mode?. The vpn server address is 10.8.0.1.

Have you change the default ip address of the ar750server from 192.168.8.x to 192.168.10.x . thank you

now your using ar750 and then ar750(client)

I understand the difference between bridging, and double nat.
I have configured tap for openvpn before and I have it working now so I can’t be too far from understanding this setup but I guess I’m not.

Riho-shuu · 2020-07-01T01:59:32.369Z

Sorry for confusing you, I draw a simple topology to better understand.

image868×373 23 KB

Yes I change the default IP address of the AR750 to 192.168.10.x before establish the VPN connection, I keep the static IP in case you want to configure it from its client(10.8.0.x), this might be the thing that confuse you, do you think it is a redundant setting?

rp201rp · 2020-07-01T05:28:48.792Z

I’m getting closer to understanding. but I’m gonna need a little more help here.

I was unaware of the gl-mifi in the entire configurartion.

can I please be hand held on this topic?
so if explain it in story form,

there is a machine 192.168.8.208 that travels around the world and connects to a gl-mifi for its internet services. This gl-mifi is running openvpn-bridge server. a gl-ar750 so wishes to connect to this openvpnbridge as a client. the machines behind the gl-ar750 are on subnet 10.8.0.x.
can someone point me to a good read on this

rp201rp · 2020-07-01T12:49:48.706Z

is dhcp disabled for 192.168.10.x clients so the 10.8.0.80 and 10.8.0.63 machines are getting their ip address’s from the mifi 10.8.0.1 openvpn server?

rp201rp · 2020-07-01T18:19:22.447Z

so I have setup this configuration with two ar750 gl-inet routers.

ar750-a is the server with the ovpn-bridge-firmware installed and lan static ip of 192.168.8.1 in router mode
ar750-b is the client router with firmware version 3.104 with static ip of 192.168.17.1 in router mode

wan interfaces of both routers are not on same subnet but connected over the interenet.
vpn is established and connected

on ar750-b I stop dnsmasq so it is not served a 192.168.17.x address from the lan interface.
service dnsmasq stop

when I attempt to add a new client to the subnet of ar750-b, it does not receive an address from the ovpn server of ar750-a. I then give the client a static ip of 10.8.0.63 with default gateways of 10.8.0.1 and 10.8.0.2 where both are unsuccessful.

any suggestions or troubleshooting commands to help diagnose?

note: standard routing would think it is 10.8.0.2(ar750-b) but this is a bridge so it the assumed default gateway of ovpnserver 10.8.0.1 which hould be delivered to clients via dhcp, correct?

Riho-shuu · 2020-07-02T08:28:23.097Z

Yes the DHCP is disabled for 192.168.10.x clients.

You need to use ovpn-bridge firmware for both of them to make it work.

Your note is right.

rp201rp · 2020-07-02T17:19:59.348Z

what is you you doing in the client router that needs the updated firmware?
is there something I can change to make this work without have to flash bridging firmware in on the client ar750-b

also has this been tested with addresses other than 10.8.0.x for the internal vpn? thanks.

Riho-shuu · 2020-07-03T02:29:30.242Z

Main Changes when using tap0 include:

Add ‘tap0’ interface to network.lan.ifname
Add network interface ‘ovpn’
Add dhcp interface ‘ovpn’ and ignore the default dhcp

Here are screenshots:

(Network)
(Network)
(DHCP)
(DHCP)

And yes I have tested with different subnet include 192.168.x.0/24, 172.16.x.0/24.

You may have a try and if meet any problem just send it to me, thanks for your patience.

rp201rp · 2020-07-03T03:25:09.940Z

so how is the diffent firmware in the client ar750-b understanding this? are you scripting this on an all tap client configurations or is there a UI for it to enable the feature? Just a little puzzled on the end user implementation. sorry if I’m being too nosey.

one more question is if an additional different dhcp server and subnet is created and placed on the same physical subnet as ar750-a,192.168.8.1 for ranges 10.8.0.101-200 will that traffic also be bridged to the other subnet to the ar750-b ranges 10.8.0.2-10.8.0.100

Riho-shuu · 2020-07-03T04:35:33.881Z

It depends on the ovpn files, the scripts will check if ‘dev tap’ is existed, then do the following steps. No changes with Openvpn Client UI.

I am not very clear about your question but I will try to answer.

In the server I create a ‘VPN’ network interface that uses tap0, then add dhcp:

Default LAN:

So when you set the dhcp you need to choose a network interface to assign the IPs, I am not sure which interface you want to use when you set the additional dhcp. Normally we don’t add two dhcp for a single interface.

rp201rp · 2020-07-03T05:53:54.333Z

like you said, it works. thank you for YOUR PATIENCE!
just tried it with a 300n-v2. another thumbs up!

perhaps for the client you can make the kill dhcp and ovpn settings as a switch function choice “opvn client bridge” and it serves a dual purpose. enables connection

Riho-shuu · 2020-07-03T08:19:26.139Z

So I have compiled the firmware for other two models: AR750S AR300M

I will consider your suggestion.

rp201rp · 2020-07-03T14:14:27.278Z

slide right for client router ar750-b
dhcp up
ovpn down

slide left
tap vpn conection up
192.168.10.x dhcp disabled

for a travel router I might say this is prefered. who really wants to type in their phone static addesses to get back to the router. with this config you leave you phone client on dhcp and know what network to expect by the switch setting

chromebook · 2020-07-03T15:14:13.088Z

rp201rp:

for a travel router I might say this is prefered. who really wants to type in their phone static addesses to get back to the router. with this config you leave you phone client on dhcp and know what network to expect by the switch setting

this might be completely irrelevant to the specific case discussed here (this topic is going a bit over my head tbh) but you can use http://console.gl-inet.com to get to the router page too.

OscarTheGrouch · 2020-09-23T02:19:50.569Z

Thanks for doing this! Any chance of getting firmware for MT300v2? Hoping this will be rolled out in general soon.