User Tools
OpenVPN Bridge to Another Country
Certain content is only available to other country's IP addresses. Set up a Virtual Access Point on your DD-WRT router which is bridged to an OpenVPN server in the other country.
The focus here will be configuring the client bridge on your router. I am assuming you already have the server portion configured and working with IP masquerading (NAT) configured. <p>1. Use easy-rsa scripts to generate a new client certificate on the OpenVPN server.</p><p>Edit the file 'vars' to set sane defaults like setting the expiry to 10 years rather than the default 1 year.</p>
root@openvpn:/etc/openvpn/easy-rsa# ./build-key nexus.mrzesty.net Generating a 1024 bit RSA private key .................++++++ ...................++++++ ... Certificate is to be certified until Mar 16 16:49:28 2020 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
Copy the resulting private key nexus.mrzesty.net.key, certificate nexus.mrzesty.net.crt and CA cert ca.crt from the keys/ directory to the client.
3. Create the new Virtual Interface on your local DD-WRT router. Go to <uri strref=“http://192.168.1.1/Wireless_Basic.asp”/> and Add a new Virtual Interface wl0.1. <p>Configure WPA2 wireless security <uri strref=“http://192.168.1.1/WL_WPATable.asp”/> on your new Virtual wireless.</p><p>4. Create a new ethernet bridge on your router <uri strref=“http://192.168.1.1/Networking.asp”/> and assign the new Virtual Interface wl0.1 to the new bridge br1. Assign an IP of 192.168.x.2. 192.168.x.1 will be on the OpenVPN server, assigned to the tap0 interface there.</p><p>/etc/network/interfaces on Debian/Ubuntu:</p>
auto tap0
iface tap0 inet static
pre-up /usr/sbin/openvpn --mktun --dev tap0
address 192.168.x.1
netmask 255.255.255.0
5. Add an additional DHCP server on the Setup -> Networking page for the bridge br1.
6. Configure the DHCP server to hand out 192.168.x.1 as the gateway IP to clients. <p><uri strref=“http://192.168.1.1/Services.asp”/> -> DNSmasq</p>
dhcp-option=br1,3,192.168.3.1
7. Configure the OpenVPN client of the DD-WRT router <uri strref=“http://192.168.1.1/PPTP.asp”/>
If you SSH to the router, the resulting configuration file should look like: <p>root@DD-WRT:/tmp/openvpncl# cat openvpn.conf</p>
client dev tap proto udp remote 66.55.44.33 1194 resolv-retry infinite nobind persist-key persist-tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt ns-cert-type server key /tmp/openvpncl/client.key comp-lzo
8. Reboot the router and add the tap0 interface to the new bridge br1. I was not able to do this in the web interface, I ran the following from the SSH shell instead:
root@DD-WRT:~# brctl add br1 tap0
You will want to have this command run when the router reboots, so add to nvram rc_startup. I use 60 seconds so the OpenVPN tunnel has enough time to start.
nvram set rc_startup=" sleep 60 ip link set tap0 up brctl addif br1 tap0 "
(You can also set the startup via the web interface on <uri strref=“http://192.168.1.1/Diagnostics.asp”/>)
Verify the Current Bridging Table on the <uri strref=“http://192.168.1.1/Networking.asp”/> page is correct, so that tap0 is now bridged to your Virtual AP wl0.1.
Current Bridging Table Bridge Name STP enabled Interfaces br0 no vlan1 eth1 br1 no wl0.1 tap0
