Question

Greetings

is there a way to use multiple bridges? Or maybe create another solution for the following use-case:

Our use-case is having three WIFIs on a RUT951 with each WIFI having its own RADIUS server and the WIFI´s traffic routed over its individual openvpn tunnel to different gateways / networks The openvpn tunnels are tun and tap. On other hardware (different manufacturer) we were able to create and use three bridges and connect them separately. Altogether this demand is applicable to about 100+ RUT951s.

So is there a way to create a solution in WebUI, or do we have to use the SDK? How much effort might that be?
I am willing to put quite some work into it respectively provide you with more information as long there is a solution in sight.

Thanks in advance for any answers!

Answer 1

Hello,

Apologies for the delayed response.

Based on my understanding, each VPN would act as a default route for its respective network. However, achieving this configuration purely through the WebUI might be challenging (or even impossible).

The process involves a lot of configurations and I haven't personally attempted it. However, RutOS is built on OpenWRT. If you are comfortable using the command-line interface (CLI) and have experience with OpenWRT, it should be possible to achieve the desired results with some additional effort.

Here's an approach you can try (though I have not tested this): 

First, within the WebUI, you can create multiple wireless SSIDs for different networks. When adding a new wireless instance, assign a different network to each SSID and set a static IP address within a distinct subnet for each instance. RADIUS can be enabled by changing the encryption in the security settings of the wireless instance. Also, make sure you enable the DHCP server for that instance.

Then, configure multiple OpenVPN client instances. By default, all these instances are placed in the same firewall zone, so you will need to separate them into different zones by editing the firewall configuration in /etc/config/firewall. It would be a good idea to also restrict traffic from one network to another if you do not want those networks to communicate. You can refer to the OpenWRT page here for guidance. 

OpenVPN configuration examples are available here.

Next, try creating multiple routing tables and rules. Based on the source IP, route the traffic using different tables. For example, packets from the first wireless network would use routing table 'A,' while packets from the second network would use routing table 'B,' and so on. Each of these routing tables should have a default route via the appropriate OpenVPN tunnel interface (ifconfig to see interface/tunnel names). To learn how to create new tables, rules, and routes through the CLI, I recommend referring to the OpenWRT page here.

Additionally, there is another useful feature that can be useful. In the System -> Custom Scripts section, you have the option to add commands or scripts of your own. These commands or scripts will be executed after the device reboots, allowing you to automate certain tasks or configurations.

The best approach would be to research how to configure this setup on OpenWRT and then adapt it to RUT951.

Please note that it's also possible to install OpenWRT packages on RUT devices. For instance, you can explore the PBR (policy-based routing) package, which can be installed on RUT951. However, please be aware that WebUI support for this package may not be available. Nonetheless, it should work fine through the CLI. You can also refer to this thread here.

It would be great if you could share the results.

Kind Regards,

Andzej