4

I'm trying to set up my RPi as Wifi Access Point and to connect as client to a OpenVPN server.

However, as soon I start OpenVPN my devices associated with the RPi WIFI no longer can access the web. I assume the problem lies in the routing stuff, but am not sure.

My configuration...
WLAN0 -> connected to the internet router
WLAN1 -> WIFI Access Point

Any help is appreciated as I'm left helpless. Thanks.

Community
  • 1
Marco
  • 81
  • 2
  • 9
  • what shows 'route' after ovpn connection is started? – patricks Jul 23 '13 at 14:41
  • Do you want your wifi traffic to also go through this VPN? – Gerben Jul 23 '13 at 16:38
  • Part 1/2: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.119.74.165 128.0.0.0 UG 0 0 0 tun0 default timecapsule.loc 0.0.0.0 UG 0 0 0 wlan0 10.119.72.1 10.119.74.165 255.255.255.255 UGH 0 0 0 tun0 10.119.74.165 * 255.255.255.255 UH 0 0 0 tun0 128.0.0.0 10.119.74.165 128.0.0.0 UG 0 0 0 tun0 – Marco Jul 23 '13 at 20:04
  • Part 2/2: 192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 * 255.255.255.0 U 0 0 0 wlan1 205.164.45.3 timecapsule.loc 255.255.255.255 UGH 0 0 0 wlan0 – Marco Jul 23 '13 at 20:04
  • 1
    @Gerben Yes I want all traffic to go through this VPN if it's up. However, SSH should not go via VPN – Marco Jul 23 '13 at 20:12
  • Now with the wifi AP running route looks like...

    Part 1/2 default 10.119.72.177 128.0.0.0 UG 0 0 0 tun0 default timecapsule.loc 0.0.0.0 UG 0 0 0 wlan0 10.119.72.1 10.119.72.177 255.255.255.255 UGH 0 0 0 tun0 10.119.72.177 * 255.255.255.255 UH 0 0 0 tun0 69.46.82.11 timecapsule.loc 255.255.255.255 UGH 0 0 0 wlan0

     – Marco Jul 23 '13 at 20:38
  • Part 2/2:

    128.0.0.0 10.119.72.177 128.0.0.0 UG 0 0 0 tun0 192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0 192.168.2.0 * 255.255.255.0 U 0 0 0 wlan1

     – Marco Jul 23 '13 at 20:39
  • You won't be able to control SSH going through the VPN or not without additional work with iptables, which gets nasty pretty fast. Could you repost the routing information on pastebin.com so that it doesn't loose its formatting? – Fred Mar 19 '14 at 13:21

1 Answers1

2

I managed to do this with my RPI, although my VPN connection was running over the Ethernet port, rather than over a second wireless interface.

I wrote up the details of how I got it working here: http://alphaloop.blogspot.com/2014/01/raspberry-pi-as-vpn-wireless-access.html

The main thing that tripped me up was that I tried to use my local router's DNS for any connected devices, but I found that when the VPN connection was up, all traffic from the devices got routed over the VPN, which effectively meant that they were trying to look up a local IP address on the Internet.

I got round it by setting up bind9 as a DNS server on the RPI and pointing the connected devices to that. It might be worth seeing if this fixes your problem.

alphaloop
  • 121
  • 3