Hello everyone,
I need to deploy a centralized architecture of:
- 1 central router: VPN hub (OpenVPN, ethernet mode), hotspot
- 3 remote sites: VPN customers, local DHCP server, differents wi-fi name at each location
VPN is working fine.
The problem is that when i enable hotspot on a vpn interface PING between routers (central and remote router) is not working. I have tried walled garden and walled garden ip but is not working.
Some one have achieve this installation before ?
Thanks
Re: Multiples OpenVPN Clients + Hotspot [SOLVED]
i assume you use hotspot captive portal on the central router while the remote sites only handle connection, right?
in this configuration, you need to setup like this:
this actually connect/extend the bridge between central router and remote sites.
note that for this config to work, you must have a layer 2 domain connected between your wifi client to central router. if you want to use different captive portal per each location, make different bridge and hotspot on the central router.
alternatively you can use capsman on the central router and link all the access points to capsman controller. i've wrote how to do this on separate post on wireless section.
if you want to use local dhcp server on each remote sites, the captive portal hotspot must be located on that remote router too. captive portal does not work on layer 3 because the ip & mac address of the router will be registered as client, not the ip & mac address of the client device.
so if you want to use centralize hotspot captive portal, the client and the hotspot controller must be connected in layer 2 (mac address of the client must be visible to the controller. so the dhcp almo must be centralized on the central router where the hotspot resides.
if you want to use local dhcp, the hotspot controller must be located on the remote device also. the uplink from the controller then can be routed to the vpn link.
make sure you set ap isolation (disable client to client forwarding) when using this setup to reduce broadcast packet over the vpn link.
in this configuration, you need to setup like this:
- create a bridge on core router, set ip address, dhcp and hotspot to this bridge. make sure the hotspot is working on this bridge, you may use direct conenct on ethernet interface assigned to the bridge to test it.
- create ppp profile with bridge assigned to this bridge, like this:
Code: Select all
/ppp profile add bridge=name-of-your-bridge change-tcp-mss=yes name=name-of-the-ppp-profile use-encryption=yes - assign above profile to a user.
- setup & enable openvpn server.
- on the remote sites, apply step 1-2 on each routers.
- assign the wlan interface to the bridge.
- create openvpn client with profile as above.
- connect the vpn, make sure the link is active. you may optionally set dhcp-client on the the bridge just to verify that it can obtain ip from the central router.
- setup wlan configuration (ssid, password etc.) and verify the ssid appear on the wifi scan list.
this actually connect/extend the bridge between central router and remote sites.
note that for this config to work, you must have a layer 2 domain connected between your wifi client to central router. if you want to use different captive portal per each location, make different bridge and hotspot on the central router.
alternatively you can use capsman on the central router and link all the access points to capsman controller. i've wrote how to do this on separate post on wireless section.
if you want to use local dhcp server on each remote sites, the captive portal hotspot must be located on that remote router too. captive portal does not work on layer 3 because the ip & mac address of the router will be registered as client, not the ip & mac address of the client device.
so if you want to use centralize hotspot captive portal, the client and the hotspot controller must be connected in layer 2 (mac address of the client must be visible to the controller. so the dhcp almo must be centralized on the central router where the hotspot resides.
if you want to use local dhcp, the hotspot controller must be located on the remote device also. the uplink from the controller then can be routed to the vpn link.
make sure you set ap isolation (disable client to client forwarding) when using this setup to reduce broadcast packet over the vpn link.
Re: Multiples OpenVPN Clients + Hotspot
Thanks alexanwar
The established OpenVPN function in layer2 mode.
I will give a try with your setup.
Do you think CapsMan will work through OpenVPN tunnel ?
Thanks
Yes is that.i assume you use hotspot captive portal on the central router while the remote sites only handle connection, right?
The established OpenVPN function in layer2 mode.
I will give a try with your setup.
Do you think CapsMan will work through OpenVPN tunnel ?
Thanks
Re: Multiples OpenVPN Clients + Hotspot
Thanks alexanwar
I got it right with your setup.
Thanks again
I got it right with your setup.
Thanks again
Re: Multiples OpenVPN Clients + Hotspot
you're welcome
yes, capsman works in vpn tunnel too. i've deployed many remote access point with this setup and it works.
there are 2 scenarios to setup capsman over vpn:
yes, capsman works in vpn tunnel too. i've deployed many remote access point with this setup and it works.
there are 2 scenarios to setup capsman over vpn:
- using vpn bridge as i wrote above
- using layer 3 vpn using udp connection to capsman
Re: Multiples OpenVPN Clients + Hotspot
Ok thans.you're welcome
yes, capsman works in vpn tunnel too. i've deployed many remote access point with this setup and it works.
there are 2 scenarios to setup capsman over vpn:the method 1 requires mikrotik to mikrotik vpn (i've tested on ipip, pptp and openvpn, haven't test on l2tp), while method 2 you can use any vpn solution as long as the ip address of capsman controller can be reached. never use plain internet connection for connecting ap to capsman, while it works it may cause security issues.
- using vpn bridge as i wrote above
- using layer 3 vpn using udp connection to capsman
Who is online
Users browsing this forum: GWarrior5595 and 18 guests