Solved

Sharing a wireless broadband connection and tunneling traffic through OpenVPN?

Posted on 2011-02-25
10
763 Views
Last Modified: 2013-11-15
First ... Here's a list of what I have at my disposal:
Desktop computer with built-in network adapter (Realtek RTL8111DL chipset) running 64-bit Ubuntu 10.10
Mobile broadband adapter Huawei E220 (though it identifies itself as 220/270?)
WLAN router (Linksys WRT54GL) that has been flashed with Tomato firmware 1.27vpn
Number of other stuff that happily interconnects using WLAN; phones, a few laptops etc.

Problem: I wish to share my "wireless broadband" connection (Indonesian prepaid Telkomsel Flash) in my desktop computer through WLAN/WiFi for other computers in my home (a couple of laptops and such). Furthermore, I have signed up for a VPN-account (not for the sake of security, but simply because Telkomsel's DNSs are more often offline or otherwise hindered and simply not working like they should) and would like to have all traffic routed through OpenVPN-tunnel.

I have tried different setups in an attempt to achieve this, but so far with not much success. I can connect to network with the desktop machine, and can manually open a VPN-tunnel, but sharing the connection (with or without VPN-tunneling) has proven to be an exercise in futility. I have found some examples of how things should work, but most of the examples appear to be either outdated or, for some reason, overly complicated (which came as rather a surprise for me, since normally I've found that things with Ubuntu have been extreamely straight-forward) ... often both.

I would wish for the connection to open automatically (setting the "connect automatically" only works sometimes?) and - if possible - start the OpenVPN-tunnel as soon as connection has been established (I don't know why, but Network Manager's VPN setup's "connect automatically" appears to have no effect). Also, I would wish that if the connection gets dropped (seems to happen a lot more often on Ubuntu than for example my MacBook) it would rise again automatically (very often on Ubuntu, when the connection drops, Huawei is unable to connect again before I run through the motions of "disconnect/reconnect USB-cable").

On my opinion, doing all this should really be a piece of cake, but for some reason the solution has managed to avoid me for several days already. I'm counting on you, experts; help me out :)
0
Comment
Question by:DiscoNova
  • 6
  • 4
10 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
I've used dlink and other routers that have USB ports and the wireless modem works as the wan connection using dd-wrt. The other way to do this is dedicate a computer to have the modem and connect it's network to the wan of the linksys.
0
 
LVL 7

Author Comment

by:DiscoNova
Comment Utility
While being a rather temptating alternative, unfortunately purchasing additional hardware is not exactly a valid option due to my lack of capital :)

Having a dedicated computer is basically what I am attempting to do ... router/firewall -software I know that are able to do this kind of thing (like pfSense, ZeroShell, IPCop, et all) are simply Linux-boxes (or it would propably be more precise to call them *nix-boxes generally). It seems like such a waste to dedicate a machine for only routing (seeing that I don't have a spare 386 lying around - if I did, I would already have jumped the opportunity), so I just wish to do the thing they do on a "consumer grade" Linux instead that isn't dedicated to routing.
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
Comment Utility
This seems fairly straightforward and current
http://www.server-servers.com/ubuntu-internet-gateway-and-router/

Then just use the linksys as an access point.
0
 
LVL 7

Author Comment

by:DiscoNova
Comment Utility
The link looks good (it's saturday, didn't have time to test it yet) but it seems to me like it is assuming an "always on"-connection (like *DSL or something like that)? The problem I'm having is that since I'm using wireless broadband (3G), the interface is PPP (only available when in use).

Do you think this will cause problems setting up? Because if the interface accessing the Internet were always available, I wouldn't be having the difficulties (at least, not so severe) setting it up...

But as said, I didn't have the time to go through it yet.
0
 
LVL 7

Author Comment

by:DiscoNova
Comment Utility
Regarding using the Linksys as access point ... shouldn't it be exactly the other way round? I mean ... the PPP-interface being the access point for all other network traffic?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
By the linksys be the access point I ment the linksys can be the wifi access point. Turn off it's router and dhcp server etc.  
0
 
LVL 7

Author Comment

by:DiscoNova
Comment Utility
Unfortunately the provided link didn't prove to be a mystical silver bullet to solve all my problems, but it managed to steer my thoughts some way towards the right direction (I think). Currently I have managed to get my setup into a stage where I can ping a laptop connected through WiFi from the desktop (and vice versa) but I am still unable to access Internet from any other machines than the desktop. I feel like I may be missing something obvious?

Should I be setting up a static route between the eth0 (which connects the desktop computer to WiFi) and tap0 (the VPN-tunnel ... oh yes, I did manage to get the VPN-tunnel to open as soon as the 3G connection starts up by adding a script to /etc/ppp/ip-up.d/ for accomplishing this) or something like that? The problem is that both the PPP-connection (from ISP) and the VPN-tunnel get dynamic IPs every time they reconnect, so I'm not entirely certain what I should do next.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
I think you should get the desktop working as a gateway with one wired laptop beire you dump wifi and VPN on top of the whole thing.
0
 
LVL 7

Author Comment

by:DiscoNova
Comment Utility
I think you are right :) Yesterday I spent literally hours trying to get the system to work, and finally managed to get "sort of" working for a little while.

Although I did try a lot of things (including trying to set up iptables to do the masquerading for me manually) I think allowing net.ipv4.ip_dynaddr in sysctl.conf did the biggest trick (after this, the other changes I made appeared to have at least *some* difference in the system - unlike earlier:)

Pinging all the interfaces (both in LAN and WAN) was working splendidly, only problem was that name resolution from computers other than the desktop one (even if I manually inputted DNS servers for the laptops) was not working. I attempted to bypass this by setting up BIND to act as a "DNS proxy", but while doing so I think I broke some important setting; it was working for a shortest period, but stopped as unexpectedly as it had started working. I think I need to go through the settings again to see where the problem lies...

It almost feels like there is another hacker at the ISP's end trying to make things "not working" for me at the same time I'm making changes (a bit paranoid, I know;) to get things working. Of course, it's more likely that since the settings I'm changing are so intertwined, they need to be quite precisely in place in order to work correctly - and I simply lack the experience to keep them all in rank.
0
 
LVL 7

Author Closing Comment

by:DiscoNova
Comment Utility
Based on the link you provided, I've gotten most of the things working the way I want. Things are not perfect (as there are still some times that the connection cuts and Ubuntu is unable to reconnect without physically dis-/reconnecting the adapter, but those are minor annoyances) but all-in-all my system is now very close to what I expect from it.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now