DEV Community

Miro
Miro

Posted on

Remote network over WiFi

I wanted to be able to connect to a remote network by just connecting to a different wifi network on my local router. Locally I have FreshTomato on Netgear R8000, and remotely I have OpenWrt 18.06 running on TP-LINK Archer C7 v4. I used SoftEther VPN is used for connection between them.

Software installation

Installing SoftEther VPN on OpenWrt was easy, just installed the softethervpn package from System > Software

image-luci_softethervpn

On Tomato it was a bit more complicated because I had to install Entware, and then install SoftEther VPN from the shell.

Entware installation guide: https://github.com/Entware/Entware/wiki/Install-on-the-TomatoUSB

To make a LAN-to-LAN bridge, it is enough to install softethervpn5-bridge package

opkg install softethervpn5-bridge

There isn't version from stable branch (4.x) but development branch (5.x) works just fine.

Router and SoftEther configuration

Following SoftEther's guide, OpenWrt is the "headquarter location", and Tomato is a "branch":

https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/3.LAN_to_LAN_Bridge_VPN

https://www.softether.org/4-docs/1-manual/A._Examples_of_Building_VPN_Networks/10.5_Build_a_LAN-to-LAN_VPN_(Using_L2_Bridge)

OpenWrt

On OpenWrt I created a new hub named bridge42 with one user "tomato" that will be used for cascade connection.

image-bridge42_users

image-bridge42

image-wrt_hub

Under the Local Bridge Setting on main window I created a bridge using new tap device, bridge42, which will create new adapter named tap_bridge42.

image-bridge42_local_bridge_setting

image-bridge42_local_bridge_setting2

I'm not sure if this adapter is actually needed, but it makes it easier to manage in LuCI. In addition I had some issues when using SoftEther VPN on Raspberry Pi and using tap adapter with linux bridge sorted that out. So I did the same here, created tap device.

On OpenWrt device, in LuCI under Interfaces > LAN > Physical Settings, I added that new adapter tap_bridge42 to the list so that every device that gets connected on the other side of the bridge becomes a member of this LAN network.

image-luci_interfaces_lan

Under Network > Firewall > Traffic Rules I added a new rule to allows inbound traffic for SoftEther. It can be any port that SoftEther is listening to. List of ports is manageable form the main screen in SoftEther VPN Server manager.

image-luci_firewall

Ok, that's all for the "headquarters" now for the "branch".

FreshTomato

Base tutorial for setting up guest wifi network is here: https://learntomato.flashrouters.com/setup-guest-network-guest-wifi-tomato-vlan/

There are two of differences though.

  1. When creating a new LAN (Basic > Network) I used the IP address that belongs to the OpenWrt's LAN and disabled DHCP since this is only a bridge to the main network on OpenWrt

image-tomato_lan

  1. When creating new VLAN (Advanced > VLAN) I added Port 1 to the new VLAN so that I can use wired connection as well

image-tomato_vlan

Since only bridge module is installed it shows only one virtual hub called "BRIDGE".

image-tomato_softether

Under the Local Bridge Setting I just bridged "BRIDGE" virtual hub with br2 adapter that was created in previous step without creating additional tap adapter. Tried it and it worked, without need for tap and scripts to add it into the bridge.

image-tomato_local_bridge_settings

Under Manage Virtual Hub > Manage Cascade Connection I added new connection to my OpenWrt. Entered hostname, port and virtual hub name of OpenWrt router, entered username and password.

image-tomato_cascade_connection

After clicking "Online" connection was established. All good.

image-tomato_cascade_connection2

And that's it. Connecting to new "guest" wifi or Port 1 on Netgear router I get connected to the remote network as if I am there.

Final thoughts

Speed that I'm getting through VPN is around 25/25 which isn't great but C7 is among cheap routers so it is good enough. I'm not an expert in networking so this can probably be done in a better or more secure way. But it works so it's worth sharing.

Top comments (0)