You are not logged in.

#1 2012-04-10 12:52:16

Registered: 2010-03-10
Posts: 60

OpenVPN hostapd bridge (complicated, experts please look)

Hello, this is the first time I really have trouble doing something, because I am not a networking expert. I hope some of you guys know how to do this.
My problem is this: Neither my Android cell nor my Kindle support Ad-hoc networks and I want to connect them to the internet through my PC. So I have to create an AP using infrastructure mode. So far so good.

The problem is that at my place I connect to the internet through an openvpn tunnel through my ethernet card. So these are the devices I have:

eth0 - ethernet card, connects to the houses LAN
tun0 - created by openvpn, internet
wlan0 - my wlan usb stick, yet not used

I want to create a hotspot using hostapd. For hostapd to work, you have to create a network bridge. And this is the part where I can't continue.
Normally you just bridge the eth0 device and hostapd adds the wlan0 device and everything works. This works for me aswell. I can connect to the LAN using my cell and even can connect to the internet when I set up the openvpn tunnel on my phone. The problem is that my Kindle doesn't have a method to connect to openvpn networks. (silly Amazon tongue)

So what I want to do essentially is connect to the openvpn network on my pc and bridge that connection to the wlan0 and to my kindle and cell phone. I tried adding tun0 to the bridge but this doesn't work.

Is anybody here an expert on openvpn, bridges, tun/tap devices, routings and hostapd and can help me? smile


#2 2013-03-13 07:59:01

Registered: 2012-11-08
Posts: 31

Re: OpenVPN hostapd bridge (complicated, experts please look)

Yes, it can be done. I have had a similar problem, and solved it like this.

The trick is to start the OpenVPN first, and then direct the traffic from hostapd not to the eth0 interface, but to tap0. I use a bridged configuration for the OpenVPN (thus tap0) and a natted configuration for hostapd (this means no "bridge=br0" statement in hostapd.conf).

To be exact, this is the list of my commands: first, I disable Network Manager,

systemctl stop NetworkManager.service

then I start the OpenVPN:

ip link set eth0 up
dhclient eth0
openvpn --config myveryownconfigfile.conf --daemon

Now I bring up the wireless interface with hostapd plus dhcp server:

ip link set up dev wlan0
ip addr add dev wlan0
systemctl start hostapd.service
systemctl start dhcpd4.service

Now I instruct iptables to forward what comes out of wlan0 to tap0.:

echo "1"> /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables-save > /etc/iptables/iptables.rules
systemctl start iptables.service

As you can see, it is pretty much the configuration suggested by the Wiki, except for starting the OpenVPN first, and forwarding to IF tap0. I tried this on a Debian system as well, and it works perfectly there too. I have not tried with a tunnel, but, except for the substitution tun0 -> tap0, I expect this configuration to work as well.

Last edited by MariusMatutiae (2013-03-13 10:44:39)


#3 2013-03-15 12:45:33

Registered: 2008-06-22
Posts: 794

Re: OpenVPN hostapd bridge (complicated, experts please look)

I have never had a chipset that supported hostapd, so I don't now how it works...

But, if you can specify what interface to bridge. Then just connect to OpenVPN on your laptop and bridge to the tun0 device instead... Awe, I think you will have to configure OpenVPN to use a Tap device instead of a Tun Point-to-Point device. The Tap will work for sure.

Last edited by hunterthomson (2013-03-15 12:47:29)

OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec


Board footer

Powered by FluxBB