• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 777
  • Last Modified:

Sharing a wireless broadband connection and tunneling traffic through OpenVPN?

First ... Here's a list of what I have at my disposal:
Desktop computer with built-in network adapter (Realtek RTL8111DL chipset) running 64-bit Ubuntu 10.10
Mobile broadband adapter Huawei E220 (though it identifies itself as 220/270?)
WLAN router (Linksys WRT54GL) that has been flashed with Tomato firmware 1.27vpn
Number of other stuff that happily interconnects using WLAN; phones, a few laptops etc.

Problem: I wish to share my "wireless broadband" connection (Indonesian prepaid Telkomsel Flash) in my desktop computer through WLAN/WiFi for other computers in my home (a couple of laptops and such). Furthermore, I have signed up for a VPN-account (not for the sake of security, but simply because Telkomsel's DNSs are more often offline or otherwise hindered and simply not working like they should) and would like to have all traffic routed through OpenVPN-tunnel.

I have tried different setups in an attempt to achieve this, but so far with not much success. I can connect to network with the desktop machine, and can manually open a VPN-tunnel, but sharing the connection (with or without VPN-tunneling) has proven to be an exercise in futility. I have found some examples of how things should work, but most of the examples appear to be either outdated or, for some reason, overly complicated (which came as rather a surprise for me, since normally I've found that things with Ubuntu have been extreamely straight-forward) ... often both.

I would wish for the connection to open automatically (setting the "connect automatically" only works sometimes?) and - if possible - start the OpenVPN-tunnel as soon as connection has been established (I don't know why, but Network Manager's VPN setup's "connect automatically" appears to have no effect). Also, I would wish that if the connection gets dropped (seems to happen a lot more often on Ubuntu than for example my MacBook) it would rise again automatically (very often on Ubuntu, when the connection drops, Huawei is unable to connect again before I run through the motions of "disconnect/reconnect USB-cable").

On my opinion, doing all this should really be a piece of cake, but for some reason the solution has managed to avoid me for several days already. I'm counting on you, experts; help me out :)
0
DiscoNova
Asked:
DiscoNova
  • 6
  • 4
1 Solution
 
Aaron TomoskyTechnology ConsultantCommented:
I've used dlink and other routers that have USB ports and the wireless modem works as the wan connection using dd-wrt. The other way to do this is dedicate a computer to have the modem and connect it's network to the wan of the linksys.
0
 
DiscoNovaAuthor Commented:
While being a rather temptating alternative, unfortunately purchasing additional hardware is not exactly a valid option due to my lack of capital :)

Having a dedicated computer is basically what I am attempting to do ... router/firewall -software I know that are able to do this kind of thing (like pfSense, ZeroShell, IPCop, et all) are simply Linux-boxes (or it would propably be more precise to call them *nix-boxes generally). It seems like such a waste to dedicate a machine for only routing (seeing that I don't have a spare 386 lying around - if I did, I would already have jumped the opportunity), so I just wish to do the thing they do on a "consumer grade" Linux instead that isn't dedicated to routing.
0
 
Aaron TomoskyTechnology ConsultantCommented:
This seems fairly straightforward and current
http://www.server-servers.com/ubuntu-internet-gateway-and-router/

Then just use the linksys as an access point.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
DiscoNovaAuthor Commented:
The link looks good (it's saturday, didn't have time to test it yet) but it seems to me like it is assuming an "always on"-connection (like *DSL or something like that)? The problem I'm having is that since I'm using wireless broadband (3G), the interface is PPP (only available when in use).

Do you think this will cause problems setting up? Because if the interface accessing the Internet were always available, I wouldn't be having the difficulties (at least, not so severe) setting it up...

But as said, I didn't have the time to go through it yet.
0
 
DiscoNovaAuthor Commented:
Regarding using the Linksys as access point ... shouldn't it be exactly the other way round? I mean ... the PPP-interface being the access point for all other network traffic?
0
 
Aaron TomoskyTechnology ConsultantCommented:
By the linksys be the access point I ment the linksys can be the wifi access point. Turn off it's router and dhcp server etc.  
0
 
DiscoNovaAuthor Commented:
Unfortunately the provided link didn't prove to be a mystical silver bullet to solve all my problems, but it managed to steer my thoughts some way towards the right direction (I think). Currently I have managed to get my setup into a stage where I can ping a laptop connected through WiFi from the desktop (and vice versa) but I am still unable to access Internet from any other machines than the desktop. I feel like I may be missing something obvious?

Should I be setting up a static route between the eth0 (which connects the desktop computer to WiFi) and tap0 (the VPN-tunnel ... oh yes, I did manage to get the VPN-tunnel to open as soon as the 3G connection starts up by adding a script to /etc/ppp/ip-up.d/ for accomplishing this) or something like that? The problem is that both the PPP-connection (from ISP) and the VPN-tunnel get dynamic IPs every time they reconnect, so I'm not entirely certain what I should do next.
0
 
Aaron TomoskyTechnology ConsultantCommented:
I think you should get the desktop working as a gateway with one wired laptop beire you dump wifi and VPN on top of the whole thing.
0
 
DiscoNovaAuthor Commented:
I think you are right :) Yesterday I spent literally hours trying to get the system to work, and finally managed to get "sort of" working for a little while.

Although I did try a lot of things (including trying to set up iptables to do the masquerading for me manually) I think allowing net.ipv4.ip_dynaddr in sysctl.conf did the biggest trick (after this, the other changes I made appeared to have at least *some* difference in the system - unlike earlier:)

Pinging all the interfaces (both in LAN and WAN) was working splendidly, only problem was that name resolution from computers other than the desktop one (even if I manually inputted DNS servers for the laptops) was not working. I attempted to bypass this by setting up BIND to act as a "DNS proxy", but while doing so I think I broke some important setting; it was working for a shortest period, but stopped as unexpectedly as it had started working. I think I need to go through the settings again to see where the problem lies...

It almost feels like there is another hacker at the ISP's end trying to make things "not working" for me at the same time I'm making changes (a bit paranoid, I know;) to get things working. Of course, it's more likely that since the settings I'm changing are so intertwined, they need to be quite precisely in place in order to work correctly - and I simply lack the experience to keep them all in rank.
0
 
DiscoNovaAuthor Commented:
Based on the link you provided, I've gotten most of the things working the way I want. Things are not perfect (as there are still some times that the connection cuts and Ubuntu is unable to reconnect without physically dis-/reconnecting the adapter, but those are minor annoyances) but all-in-all my system is now very close to what I expect from it.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now