====== OpenVPN Bridges ====== {{ :user_guide:apdesk:openvpn_bridge.png?nolink |}} ===== Introduction ===== * We are very exited about a new feature which is now part of **MESHdesk** as well as **APdesk**. * With this feature you can bridge one or more of the entry points (or SSIDs) with a OpenVPN tunnel that can sit any place on the Internet. * I can now for instance connect to a SSID in South Africa while it will appear that I am browsing from an IP Address that is located somewhere in Europe or North America. * This feature opens up the door to so many new possibilities but those we leave to your own creative powers. * Our tests have proven that there is not reason for a dramatic drop on bandwidth while going this route, in fact, depending how and where you connect, you might even experience an increase in available bandwidth! * We are sure by now you are in a dire need to check out this feature. Unfortunately the initial setup can be quite involved, but once everything is in place it should run like a Swiss watch. * We will follow a divide and conquer rule and break the tasks up into categories in order to accomplish our goal. ------------------- ===== Our Setup ===== For this document we will configure the following setup. ==== The Hardware ==== * One Ubuntu 18.04 server with two Ethernet cards and one public IP Address. * Eth1 will have the Public IP Address (198.27.111.78) * Eth0 will be segmented using VLANs. * We will **not** need any VLAN capable switches. * Another server (can be the same) running the latest SVN of RADIUSdesk * An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware. == Only one Ethernet port? == * If your server has only one Ethernet port it is not a train smash! * We offer an alternative which will use the **dummy** module to mimick a real Ethernet port. ==== Segmenting Using VLANs ==== * We will use VLANs configured on Eth0 as follows: * VLAN 101 will have Address range 10.101.0.0/16. * VLAN 102 will have Address range 10.102.0.0/16. * VLAN 103 will have Address range 10.103.0.0/16. * These VLANs will each be bridged on the one side with a VLAN on eth0. * br0.101 are bridged with eth0.101. * br0.102 are bridged with eth0.102. * br0.103 are bridged with eth0.103. ==== The VPNs ==== * The other side of the bridge is a VPN tunnel. * We will create three instances of OpenVPN in server mode. * Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness. ==== The Captive Portals ==== * Each of the bridges will have a Coova Chilli captive portal running. * The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict. * The IP Address range should also reflect that which was assigned to the VLAN. ----------------------------------------- ===== Steps Involved ===== * [[user_guide:openvpn_bridges_prep_os|Prepare the hardware and OS]] * [[user_guide:openvpn_bridges_prep_openvpn|Install and configure OpenVPN]] * [[user_guide:openvpn_bridges_prep_coova|Install and configure CoovaChilli]] * [[user_guide:openvpn_bridges_prep_radiusdesk|Configure RADIUSdesk, MESHdesk and APdesk]] -------------------------