Solved

Sharing a wireless broadband connection and tunneling traffic through OpenVPN?

Posted on 2011-02-25
10
767 Views
Last Modified: 2013-11-15
First ... Here's a list of what I have at my disposal:
Desktop computer with built-in network adapter (Realtek RTL8111DL chipset) running 64-bit Ubuntu 10.10
Mobile broadband adapter Huawei E220 (though it identifies itself as 220/270?)
WLAN router (Linksys WRT54GL) that has been flashed with Tomato firmware 1.27vpn
Number of other stuff that happily interconnects using WLAN; phones, a few laptops etc.

Problem: I wish to share my "wireless broadband" connection (Indonesian prepaid Telkomsel Flash) in my desktop computer through WLAN/WiFi for other computers in my home (a couple of laptops and such). Furthermore, I have signed up for a VPN-account (not for the sake of security, but simply because Telkomsel's DNSs are more often offline or otherwise hindered and simply not working like they should) and would like to have all traffic routed through OpenVPN-tunnel.

I have tried different setups in an attempt to achieve this, but so far with not much success. I can connect to network with the desktop machine, and can manually open a VPN-tunnel, but sharing the connection (with or without VPN-tunneling) has proven to be an exercise in futility. I have found some examples of how things should work, but most of the examples appear to be either outdated or, for some reason, overly complicated (which came as rather a surprise for me, since normally I've found that things with Ubuntu have been extreamely straight-forward) ... often both.

I would wish for the connection to open automatically (setting the "connect automatically" only works sometimes?) and - if possible - start the OpenVPN-tunnel as soon as connection has been established (I don't know why, but Network Manager's VPN setup's "connect automatically" appears to have no effect). Also, I would wish that if the connection gets dropped (seems to happen a lot more often on Ubuntu than for example my MacBook) it would rise again automatically (very often on Ubuntu, when the connection drops, Huawei is unable to connect again before I run through the motions of "disconnect/reconnect USB-cable").

On my opinion, doing all this should really be a piece of cake, but for some reason the solution has managed to avoid me for several days already. I'm counting on you, experts; help me out :)
0
Comment
Question by:DiscoNova
  • 6
  • 4
10 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 34985844
I've used dlink and other routers that have USB ports and the wireless modem works as the wan connection using dd-wrt. The other way to do this is dedicate a computer to have the modem and connect it's network to the wan of the linksys.
0
 
LVL 7

Author Comment

by:DiscoNova
ID: 34986049
While being a rather temptating alternative, unfortunately purchasing additional hardware is not exactly a valid option due to my lack of capital :)

Having a dedicated computer is basically what I am attempting to do ... router/firewall -software I know that are able to do this kind of thing (like pfSense, ZeroShell, IPCop, et all) are simply Linux-boxes (or it would propably be more precise to call them *nix-boxes generally). It seems like such a waste to dedicate a machine for only routing (seeing that I don't have a spare 386 lying around - if I did, I would already have jumped the opportunity), so I just wish to do the thing they do on a "consumer grade" Linux instead that isn't dedicated to routing.
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 34986062
This seems fairly straightforward and current
http://www.server-servers.com/ubuntu-internet-gateway-and-router/

Then just use the linksys as an access point.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 7

Author Comment

by:DiscoNova
ID: 34986899
The link looks good (it's saturday, didn't have time to test it yet) but it seems to me like it is assuming an "always on"-connection (like *DSL or something like that)? The problem I'm having is that since I'm using wireless broadband (3G), the interface is PPP (only available when in use).

Do you think this will cause problems setting up? Because if the interface accessing the Internet were always available, I wouldn't be having the difficulties (at least, not so severe) setting it up...

But as said, I didn't have the time to go through it yet.
0
 
LVL 7

Author Comment

by:DiscoNova
ID: 34986904
Regarding using the Linksys as access point ... shouldn't it be exactly the other way round? I mean ... the PPP-interface being the access point for all other network traffic?
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 34987647
By the linksys be the access point I ment the linksys can be the wifi access point. Turn off it's router and dhcp server etc.  
0
 
LVL 7

Author Comment

by:DiscoNova
ID: 34991359
Unfortunately the provided link didn't prove to be a mystical silver bullet to solve all my problems, but it managed to steer my thoughts some way towards the right direction (I think). Currently I have managed to get my setup into a stage where I can ping a laptop connected through WiFi from the desktop (and vice versa) but I am still unable to access Internet from any other machines than the desktop. I feel like I may be missing something obvious?

Should I be setting up a static route between the eth0 (which connects the desktop computer to WiFi) and tap0 (the VPN-tunnel ... oh yes, I did manage to get the VPN-tunnel to open as soon as the 3G connection starts up by adding a script to /etc/ppp/ip-up.d/ for accomplishing this) or something like that? The problem is that both the PPP-connection (from ISP) and the VPN-tunnel get dynamic IPs every time they reconnect, so I'm not entirely certain what I should do next.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 34991920
I think you should get the desktop working as a gateway with one wired laptop beire you dump wifi and VPN on top of the whole thing.
0
 
LVL 7

Author Comment

by:DiscoNova
ID: 34994433
I think you are right :) Yesterday I spent literally hours trying to get the system to work, and finally managed to get "sort of" working for a little while.

Although I did try a lot of things (including trying to set up iptables to do the masquerading for me manually) I think allowing net.ipv4.ip_dynaddr in sysctl.conf did the biggest trick (after this, the other changes I made appeared to have at least *some* difference in the system - unlike earlier:)

Pinging all the interfaces (both in LAN and WAN) was working splendidly, only problem was that name resolution from computers other than the desktop one (even if I manually inputted DNS servers for the laptops) was not working. I attempted to bypass this by setting up BIND to act as a "DNS proxy", but while doing so I think I broke some important setting; it was working for a shortest period, but stopped as unexpectedly as it had started working. I think I need to go through the settings again to see where the problem lies...

It almost feels like there is another hacker at the ISP's end trying to make things "not working" for me at the same time I'm making changes (a bit paranoid, I know;) to get things working. Of course, it's more likely that since the settings I'm changing are so intertwined, they need to be quite precisely in place in order to work correctly - and I simply lack the experience to keep them all in rank.
0
 
LVL 7

Author Closing Comment

by:DiscoNova
ID: 35072391
Based on the link you provided, I've gotten most of the things working the way I want. Things are not perfect (as there are still some times that the connection cuts and Ubuntu is unable to reconnect without physically dis-/reconnecting the adapter, but those are minor annoyances) but all-in-all my system is now very close to what I expect from it.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question