Changes

OpenVPN traffic split (view source)

Revision as of 13:18, 6 September 2021

987 bytes removed ,  13:18, 6 September 2021
Changed most of instruction
Line 10: Line 10:     
'''Prerequisites''':
 
'''Prerequisites''':
* A single RUTxxx router (excluding [[RUT850]]) with an active internet connection that will act as the OpenVPN client
+
* Working OpenVPN connection with OpenVPN server with zone allowing traffic to internet
 
* At least one end device (PC, Laptop) to configure the routers and test the set up
 
* At least one end device (PC, Laptop) to configure the routers and test the set up
 
----
 
----
'''Configuration scheme''':
+
'''Topology scheme''':
   −
[[File:Openvpn traffic split configuration scheme.jpg|1000px]]
+
[[File:OpenVpn schema.png|alt=|749x749px]]
   −
The figure above depicts the OpenVPN traffic split scheme. A RUTxxx router acts as an OpenVPN client (virtual IP: '''10.0.0.6'''; P-t-P: '''10.0.0.5''') that is connected to a remote OpenVPN server. The routers LAN IP addresses range from 192.168.1.1 to 192.168.1.254.
+
The figure above depicts the OpenVPN traffic split scheme. A RUTxxx router acts as an OpenVPN client (virtual IP: '''172.16.0.2''') that is connected to a remote OpenVPN server (virtual IP '''172.16.0.1'''). The routers LAN/WiFi LAN IP addresses range from 192.168.1x.1 to 192.168.1x.254.
   −
When the scheme is realized, Devices in the 192.168.1.1 to 192.168.1.127 IP range reach the Internet via the router's WAN and devices in the 192.168.1.128 to 192.168.1.254 IP range reach the Internet via the OpenVPN server effectively "adopting" the server's Public IP address.
+
When the scheme is realized, Devices in the LAN range reach the Internet via the router's WAN and devices in the WiFi LAN range reach the Internet via the OpenVPN server effectively "adopting" the server's Public IP address.
    
==Router configuration==
 
==Router configuration==
Line 29: Line 29:  
* First, you must create an OpenVPN client instance on your router. You can do this either via command line or from the router's WebUI, '''Services → VPN → OpenVPN''' section. We will not go into further detail on this because the client's configuration will depend on the OpenVPN server that you are connecting to. You can find detailed instructions on how to create and configure an OpenVPN client instance in our '''[[OpenVPN configuration examples]]''' article, which also contains information on how to configure an OpenVPN server on a RUTxxx router, if that is what you are using for this configuration.
 
* First, you must create an OpenVPN client instance on your router. You can do this either via command line or from the router's WebUI, '''Services → VPN → OpenVPN''' section. We will not go into further detail on this because the client's configuration will depend on the OpenVPN server that you are connecting to. You can find detailed instructions on how to create and configure an OpenVPN client instance in our '''[[OpenVPN configuration examples]]''' article, which also contains information on how to configure an OpenVPN server on a RUTxxx router, if that is what you are using for this configuration.
 
----
 
----
* Once you have configured your OpenVPN client, you should probably test whether the OpenVPN connection is operational as this will make troubleshooting easier later on. The easiest way to do so is to login to the router's WebUI and check OpenVPN status in '''Status → Network → OpenVPN''':
+
* Once you have configured your OpenVPN client, you should probably test whether the OpenVPN connection is operational as this will make troubleshooting easier later on. The easiest way to do so is to login to the router's WebUI and check OpenVPN status in '''Status → Services:''':
   −
[[File:How to check openvpn status.png]]
+
[[File:OpenVPN.png|alt=|859x859px]]
 
----
 
----
* If the connection was successful, we can start the traffic split configuration. First, we'll need to add an additional routing table. This can be done by issuing the following command:
+
* If the connection was successful, we can start the traffic split configuration. First, we'll need to Edit LAN network to use IP address 192.168.10.1. It can be done in section '''Network''' '''→ Interfaces → General settings:''' [[File:LAN.png]]
   −
echo "<span style="color:red>5 rt</span>" >> <span style="color:red>/etc/iproute2/rt_tables</span>
  −
  −
This adds a new routing table called ''rt''. ''/etc/iproute2/rt_tables'' is a file used by the ''iproute2'' utilities which translate user friendly names given on the command line into integer values used by the kernel. So the number ''5'' is just the way for the ''iproute2'' to identify the table.
   
----
 
----
* Next, we'll need to add some entries to the network configuration file ''/etc/config/network''. You can edit the file with the ''vi'' command. Type '''vi /etc/config/network''' and press the "I" button on your keyboard to begin editing. Add the following lines:
+
* Next, we'll need to create wireless interface to use a custom network (wifi_lan) and disable encryption for convenience. In order to do this, navigate '''Network''' '''→ Wireless''' and click '''edit:'''
 
  −
config interface 'vpnas'
  −
        option proto 'none'
  −
        option ifname '<span style="color:red>tun_c_MyClient</span>'
  −
  −
config route
  −
        option interface 'vpnas'
  −
        option target '0.0.0.0'
  −
        option netmask '0.0.0.0'
  −
        option table 'rt'
  −
        option gateway '<span style="color:red>10.0.0.5</span>'
  −
  −
config rule
  −
        option in 'lan'
  −
        option src '<span style="color:red>192.168.1.128/25</span>'
  −
        option lookup 'rt'
  −
        option priority '10'
   
<ul>
 
<ul>
 
<li>
 
<li>
Anonymous user
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/84301"

Navigation menu