WiFi SSID Tunneling

Hello,

We would like to use SSID tunneling method in order to tunnel all WiFi traffic initiated from Remote Access point (Mini router of GL-INET for example) to a centralized VPN server.

Is it possible to user GL-INET mini router on remote site to tunnel all WiFi traffic ?

Thank you
Amit

There are various ways to accomplish this.

But i need to know something first otherwise i will make it too technically when the solution can be easier:

  • can the router be used as full vpn for all networks?

  • if my first question was not sufficient, is the guest network sufficient for non vpn?

  • are vlans from work involved?

My issue is, you say ssid tunneling do you mean the route goes to the central vpn from the router?, or is your intention to encapsulate client to router in the tunnel?

The last part is not entirely possible, but can be made possible to use a cascaded vpn server, this requires the client to be a vpn client still, does not work on devices without the vpn client software.

Hello,

We are working in a lab environment to develop our own captive portal and we only have one SSID with Open authentication (No vlans for guest, IoT etc)

The idea is to leave Open authentication on remote access point and concentrate all traffic to central VPN server. So the developers can work remotely on the captive portal using mini router installed in their homes.

Here are the answers to your questions :

  • Yes, Mini router will be used as full vpn
  • No VLANs involved
  • SSID tunneling : We would like user to send all his traffic via VPN (including DHCP traffic). So the client traffic will be encapsulated in the the tunnel.

Traffic flow :

WiFi User → Access point <-----VPN Tunnel------> VPN Concentrator → Internet

  • Open Authentication configured on Remote Access point (GL-iNet GL-MT300N-V2 mini router)
  • IPses VPN tunnel between Access point and VPN concentrator
  • DHCP service running on VPN Concentrator (Wifi user should get an IP from VPN concentrator)
  • All traffic from WiFi user should be redirected to the VPN concentrator

Amit

Ah i think best is to configure a vpn client on the router, easiest way is to choose wireguard.

Since GL default configuration already points to lan and wifi that would be a easy part.

GL ui also have options to allow client to client communication.

so if the central vpn is also hosting the captive portal instance it would be the gateway ip otherwise it should be the ip, optionally if it is outside of the tunnel ip you can add the ip through allowedips for the client👍

Meaning the route gets added, for the clients and being accessible.

Hello, I will check this and get back here. thanks

1 Like

Hello, Finally I found that wireguard doesn’t support bridge option.

I tried OpenVPN with bridge mode (By changing the interface from tun to tap) on the client side (via command line on Mini router). As soon as I click connect to the VPN, I get the below message and I lose access to the router.

Capture d’écran du 2024-03-07 17-00-21.png

So the mini router gets a bridged IP from the server but I can not create an interface/network to attach to the wireless SSID. Is there a way to create a network for OpenVPN tap interface and attach it to the Wireless SSID?