I wanted to be able to connect to a remote network by just connecting to a different wifi network on my local router. Locally I have FreshTomato on Netgear R8000, and remotely I have OpenWrt 18.06 running on TP-LINK Archer C7 v4. I used SoftEther VPN is used for connection between them.
Software installation
Installing SoftEther VPN on OpenWrt was easy, just installed the softethervpn package from System > Software
On Tomato it was a bit more complicated because I had to install Entware, and then install SoftEther VPN from the shell.
Entware installation guide: https://github.com/Entware/Entware/wiki/Install-on-the-TomatoUSB
To make a LAN-to-LAN bridge, it is enough to install softethervpn5-bridge package
opkg install softethervpn5-bridge
There isn't version from stable branch (4.x) but development branch (5.x) works just fine.
Router and SoftEther configuration
Following SoftEther's guide, OpenWrt is the "headquarter location", and Tomato is a "branch":
https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/3.LAN_to_LAN_Bridge_VPN
OpenWrt
On OpenWrt I created a new hub named bridge42 with one user "tomato" that will be used for cascade connection.
Under the Local Bridge Setting on main window I created a bridge using new tap device, bridge42, which will create new adapter named tap_bridge42.
I'm not sure if this adapter is actually needed, but it makes it easier to manage in LuCI. In addition I had some issues when using SoftEther VPN on Raspberry Pi and using tap adapter with linux bridge sorted that out. So I did the same here, created tap device.
On OpenWrt device, in LuCI under Interfaces > LAN > Physical Settings, I added that new adapter tap_bridge42 to the list so that every device that gets connected on the other side of the bridge becomes a member of this LAN network.
Under Network > Firewall > Traffic Rules I added a new rule to allows inbound traffic for SoftEther. It can be any port that SoftEther is listening to. List of ports is manageable form the main screen in SoftEther VPN Server manager.
Ok, that's all for the "headquarters" now for the "branch".
FreshTomato
Base tutorial for setting up guest wifi network is here: https://learntomato.flashrouters.com/setup-guest-network-guest-wifi-tomato-vlan/
There are two of differences though.
- When creating a new LAN (
Basic > Network) I used the IP address that belongs to the OpenWrt's LAN and disabled DHCP since this is only a bridge to the main network on OpenWrt
- When creating new VLAN (
Advanced > VLAN) I added Port 1 to the new VLAN so that I can use wired connection as well
Since only bridge module is installed it shows only one virtual hub called "BRIDGE".
Under the Local Bridge Setting I just bridged "BRIDGE" virtual hub with br2 adapter that was created in previous step without creating additional tap adapter. Tried it and it worked, without need for tap and scripts to add it into the bridge.
Under Manage Virtual Hub > Manage Cascade Connection I added new connection to my OpenWrt. Entered hostname, port and virtual hub name of OpenWrt router, entered username and password.
After clicking "Online" connection was established. All good.
And that's it. Connecting to new "guest" wifi or Port 1 on Netgear router I get connected to the remote network as if I am there.
Final thoughts
Speed that I'm getting through VPN is around 25/25 which isn't great but C7 is among cheap routers so it is good enough. I'm not an expert in networking so this can probably be done in a better or more secure way. But it works so it's worth sharing.
Top comments (0)