It probably comes down to some kind of routing confusion that I am having trouble sorting out, I would greatly appreciate any tips. Details below.
I have a custom home router with several ethernet ports and wifi, and a raspberry pi with one ethernet port and builtin wifi.
The goal is to give the raspi to someone I trust as a physical bridge onto my home network from anywhere. The raspi gets a normal DHCP connection over its ethernet port, and serves up a hostapd wifi access point. Anyone on that wifi should be transparently bridged onto my network, just as if they connected to my normal wifi access at home. I want to be able to play LAN-based games without special networking hacks, hence the need for layer 2 bridging.
I have been testing this *at* my home, plugging the raspi into the ethernet on my router and letting it establish a VPN connection "over the internet" to serve up its own wifi AP. I don't know if this testing situation adds to the problem.
For the most part it all works. I can connect to the "kcghost89s LAN" access point and it gets a DHCP address from my dnsmasq server and it can operate on my network. It just can't actually talk to my DNS or web service at 192.168.1.1. It can talk to any other IP on the network, including a 192.168.1.2 web server address that actually is an alias IP of the router. And it can talk to the internet web server at 1.1.1.1, and if I configure a static IP and DNS to 8.8.8.8 I can browse the internet normally. So I guess something about the fact that it has 192.168.1.1 as the eth0 gateway is confusing it when it tries to access 192.168.1.1 from inside the bridge?
Using OpenVPN version 2.4 on both sides.
I simplified the following snippet so there aren't a ton of LAN interfaces. eth0 represents WAN. eth1 and wlan0 represents LAN.
server init script snippet:
Code: Select all
brctl addbr br0
brctl addif br0 eth1
openvpn --mktun --dev tap0
brctl addif br0 tap0
# hostapd adds wlan0 to the bridge itself (bridge=br0 in hostapd.conf)
hostapd -B /etc/hostapd.conf
ip a add 192.168.1.1/24 dev br0
ip a add 192.168.1.2/24 dev br0
ip link set dev br0 up
ip link set dev eth1 up
ip link set dev tap0 up
ip link set tap0 promisc on
ip link set br0 promisc on
ip link set eth1 promisc on
ip link set wlan0 promisc on
...
dnsmasq --dhcp-range=br0,192.168.1.100,192.168.1.250,72h
...
openvpn --daemon --cd /etc/openvpn --config server.conf
Code: Select all
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server-bridge
keepalive 10 120
compress lz4
persist-key
persist-tun
status openvpn-status.log
verb 3
client init script snippet:
Code: Select all
brctl addbr br0
openvpn --mktun --dev tap0
brctl addif br0 tap0
# hostapd adds wlan0 to the bridge itself (bridge=br0 in hostapd.conf)
hostapd -B /etc/hostapd.conf
ip link set br0 up
ip link set tap0 up
ip link set br0 promisc on
ip link set tap0 promisc on
ip link set wlan0 promisc on
openvpn --cd /etc/openvpn --config client.ovpn --daemon
Code: Select all
client
dev tap0
proto udp
resolv-retry infinite
nobind
remote my-vpn-server-domain.com
persist-key
persist-tun
keepalive 10 120
compress lz4
<ca>
...
</ca>
<key>
...
</key>
<cert>
...
</cert>
remote-cert-tls server
verb 3
float
Code: Select all
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 scope link src 192.168.1.240
I also tried 'server-bridge nogw' in the server configuration but it didn't make a difference. I am guessing the route-gateway it pushes when 'nogw' is missing is not actually necessary.
Thanks in advance for any help!