You are not logged in.
Hello, this is the first time I really have trouble doing something, because I am not a networking expert. I hope some of you guys know how to do this.
My problem is this: Neither my Android cell nor my Kindle support Ad-hoc networks and I want to connect them to the internet through my PC. So I have to create an AP using infrastructure mode. So far so good.
The problem is that at my place I connect to the internet through an openvpn tunnel through my ethernet card. So these are the devices I have:
eth0 - ethernet card, connects to the houses LAN
tun0 - created by openvpn, internet
wlan0 - my wlan usb stick, yet not used
I want to create a hotspot using hostapd. For hostapd to work, you have to create a network bridge. And this is the part where I can't continue.
Normally you just bridge the eth0 device and hostapd adds the wlan0 device and everything works. This works for me aswell. I can connect to the LAN using my cell and even can connect to the internet when I set up the openvpn tunnel on my phone. The problem is that my Kindle doesn't have a method to connect to openvpn networks. (silly Amazon )
So what I want to do essentially is connect to the openvpn network on my pc and bridge that connection to the wlan0 and to my kindle and cell phone. I tried adding tun0 to the bridge but this doesn't work.
Is anybody here an expert on openvpn, bridges, tun/tap devices, routings and hostapd and can help me?
Offline
Yes, it can be done. I have had a similar problem, and solved it like this.
The trick is to start the OpenVPN first, and then direct the traffic from hostapd not to the eth0 interface, but to tap0. I use a bridged configuration for the OpenVPN (thus tap0) and a natted configuration for hostapd (this means no "bridge=br0" statement in hostapd.conf).
To be exact, this is the list of my commands: first, I disable Network Manager,
systemctl stop NetworkManager.service
then I start the OpenVPN:
ip link set eth0 up
dhclient eth0
openvpn --config myveryownconfigfile.conf --daemon
Now I bring up the wireless interface with hostapd plus dhcp server:
ip link set up dev wlan0
ip addr add 10.30.40.100/24 dev wlan0
systemctl start hostapd.service
systemctl start dhcpd4.service
Now I instruct iptables to forward what comes out of wlan0 to tap0.:
echo "1"> /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables-save > /etc/iptables/iptables.rules
systemctl start iptables.service
As you can see, it is pretty much the configuration suggested by the Wiki, except for starting the OpenVPN first, and forwarding to IF tap0. I tried this on a Debian system as well, and it works perfectly there too. I have not tried with a tunnel, but, except for the substitution tun0 -> tap0, I expect this configuration to work as well.
Last edited by MariusMatutiae (2013-03-13 10:44:39)
Offline
I have never had a chipset that supported hostapd, so I don't now how it works...
But, if you can specify what interface to bridge. Then just connect to OpenVPN on your laptop and bridge to the tun0 device instead... Awe, I think you will have to configure OpenVPN to use a Tap device instead of a Tun Point-to-Point device. The Tap will work for sure.
Last edited by hunterthomson (2013-03-15 12:47:29)
OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec
Offline