L2TP Client: OpenWRT with Policy Based Routing: Difference between revisions

← Older edit

L2TP Client: OpenWRT with Policy Based Routing (view source)

Revision as of 15:11, 5 March 2024

3,627 bytes added , 5 March

no edit summary

David-AA

autoreview, editor, emailconfirmed, reviewer, upwizcampeditors

223

edits

Revision as of 13:16, 5 March 2024 (view source) David-AA (talk \| contribs) No edit summary ← Older edit		Latest revision as of 15:11, 5 March 2024 (view source) David-AA (talk \| contribs) No edit summary
(7 intermediate revisions by the same user not shown)
This guide was kindly written by Alan T on 04/04/2024 <br> ;<big>1. Configure LAN interface</big>▼ <br>▼ ▲;<big>1 Configure LAN interface</big> :Click Add new interface, select Static address then enter :Device br-lan :Firewall Settings lan :DHCP Sever On <br>▼ [[File:WRT001.png\|680px]] <br> :Click Save & Apply, then disconnect your WLAN connection and rejoin, or refresh IP address. <br> ;<big>2. Set up WAN Connection</big>▼ <br>▼ ▲;<big>2 Set up WAN Connection</big> :This is depended on your WAN connection; however you will most likely need to connect to it wirelessly in Client mode :like myself, or create a DHCP client on eth0.2 (VLAN 2) interface which should default to untagging VLAN 2 on the WAN :interface. :In most situations you should probably enable Masquerading on the WAN interface (default) which is found under Firewall. [[File:WRT002.png\|680px]] ▲<br> ;<big>3. Create LAN Access Point(s) & add security</big> :As above, in my case I have set up MyNetwork_5Ghz & MyNetwork_2Ghz, and have secured with a Passphrase. BOTH :interfaces are bound to the default br-lan interface which defaults to VLAN 1 (eth0.1) which untags ALL LAN ports. :You can change this as you wish. ;<big>4. Download and Install xl2tpd</big> :Go into Software, click Update lists, and then search for xl2tpd, and then click to install. :In my case I have already installed it, however a reboot will be required one you have installed it. [[File:WRT003.png\|680px]] ▲<br> ;<big>5. Configure AAISP L2TP Connection.</big> :Interfaces, Add new interface, select L2TP, and enter your login details, and information as shown below. [[File:WRT00455.png\|680px]] :The metric and DNS weight aren’t particularly important here for simple policy routing; however, these will be :required later on. :I have set my WAN interface up with metric 2, and DNS weight 3. :Use default gateway also selected. [[File:WRT005.png\|680px]] ▲<br> <br> ;<big>6. MWAN3 Package – Policy Based Routing Installation.</big> :Same as installing xl2tpd really, except that you will want to install mwan3, and the luci snap in for it. [[File:WRT006.png\|680px]] <br> ;<big>7. MWAN3 configuration.</big> :Network -> MultiWAN Manager :The Name MUST match exactly to the interface names for your L2TP connection, and you’re your other WAN connections. If :set correctly, then the Metric should be pulled from the interface. [[File:WRT007.png\|680px]] :Set Ping, and enter something to ping. A couple of public DNS servers should work nicely. Everything else defaults. [[File:WRT008.png\|680px]] :Ignore everything else, except that you will want to edit the wan_m1_w3, and wan_m2, w3, and select your interfaces as :specified in MWAN3 interfaces. [[File:WRT009.png\|680px]] :Under policy, create two new policies, and add AAISP_ONLY, or VPN_ONLY, or TUN_ONLY, and then pop wan_m1_w3 into it, :and do the same for your WAN connection selecting wan1_m2_w3. In my case I have sky broadband so I created a WAN :interface called SKY, and refer to my internet connection as SKY, or SKY_ONLY [[File:WRT010.png\|680px]] :Rules are pretty simple, and are run from top bottom sequentially. In my case I want to send everything on my network :directly over Sky unless it’s a server. I set up iPad & Laptop so that I could switch between AAISP/SKY to test :external IP with http://ip.help.me.uk. :This configuration works a treat! [[File:WRT011.png\|680px]] <br> ;<big>8a. Ports Forwards.</big> :Last thing to do is to configure Port forwards to your server, and your running services. In my case I am running a LAMP :server on my network, and the same server hosts the DNS for my domain, and I am also running a Postfix/ Dovecot :server for :Mail. :I also run a small Docker cluster (IPVLAN 10.0.1.0/24) for playing with, and in this case I am forwarding TCP 1080 to :one of my containers running Apache on TCP 80. [[File:WRT012.png\|680px]] [[File:WRT015.png\|680px]] ;<big>8b. Firewall Configuration for Port Forwards</big> :I have been a little lazy with my firewalling, however providing there isn’t a port forward in place, then the ports :won’t be exposed. :The Luci from Sky rule allows me to administer the OpenWrt config from the shared sky service, which is a good :fallback if you accidentally screw your LAN config. [[File:WRT013.png\|680px]] [[File:WRT014.png\|680px]] :I think that’s about it. I haven’t created any special routes for the L2TP service, since OpenWRT automatically sets :them up, which is really nice. <big>Save your config!</big>