Unless you ate limited by wireguard - I would highly recommend it, especially on low power (cheap device). In my experience I get, 3-5x better traffic through them when connecting home while traveling.
One thing to note - you will most likely need some place with public IP/registered-name as a gateway. My home IP is not stable, so I hop through my publicly reachable linode instance with .org name. If you do not want to maintain your public infrastructure to connect through. I would recommend checking: https://tailscale.com/ openwrt (as well as about almost nay linux distro) has package for it: https://tailscale.com/ hope that helps, Tomas On Sun, 2022-02-20 at 19:53 -0800, Russell Senior wrote: > this is a uci-defaults script for an openvpn client (from circa May > 2018, you need to provide your own value for > openvpn.foo.remote=${your-openvpn-server}, and you need to provide > your own /etc/openvpn/keys/ca.crt, /etc/openvpn/keys/client.crt, and > /etc/openvpn/keys/client.key'): > > #!/bin/sh > > uci batch <<EOF > > delete openvpn.custom_config > delete openvpn.sample_server > delete openvpn.sample_client > > set openvpn.foo=openvpn > set openvpn.foo.enabled=1 > set openvpn.foo.client='1' > set openvpn.foo.dev='tun' > set openvpn.foo.proto='udp' > set openvpn.foo.remote=${your-openvpn-server} > set openvpn.foo.resolve_retry='infinite' > set openvpn.foo.nobind='1' > set openvpn.foo.persist_key='1' > set openvpn.foo.persist_tun='0' > set openvpn.foo.keepalive='10 120' > set openvpn.foo.remote_cert_tls=server > set openvpn.foo.ca='/etc/openvpn/keys/ca.crt' > set openvpn.foo.cert='/etc/openvpn/keys/client.crt' > set openvpn.foo.key='/etc/openvpn/keys/client.key' > set openvpn.foo.compress='lzo' > > commit openvpn > > add firewall zone > set firewall.@zone[-1].input='ACCEPT' > set firewall.@zone[-1].forward='REJECT' > set firewall.@zone[-1].output='ACCEPT' > set firewall.@zone[-1].name='vpn' > set firewall.@zone[-1].masq='1' > set firewall.@zone[-1].mtu_fix='1' > set firewall.@zone[-1].network='vpn' > > add firewall forwarding > set firewall.@forwarding[-1].dest='vpn' > set firewall.@forwarding[-1].src='lan' > > commit firewall > > EOF > > No warranty! > > On Sun, Feb 20, 2022 at 7:10 PM Russell Senior > <russ...@personaltelco.net> wrote: > > > > I am not sure what it's called, tunnel maybe? It is feasible. These > > days wireguard is maybe the "cooler" option. Over at Personal Telco > > land, we are still using OpenVPN because it can handle broadcast or > > multicast traffic or something, which wireguard can't, and we need > > it > > for the dynamic routing protocol (OLSR) we use. But, I could > > probably > > give you an OpenWrt config that would work (not from memory, but > > looking at previous examples). > > > > -- > > Russell Senior > > russ...@personaltelco.net > > > > On Sun, Feb 20, 2022 at 6:57 PM Eric House <eeho...@eehouse.org> > > wrote: > > > > > > I'm visiting my daughter in Spain next month, and thought it'd be > > > fun to > > > leave her with a little device that takes her home, as it were: a > > > GL-MT300N-V2 that when connected via Ethernet to her ISP's WAN > > > port becomes > > > a wifi access point that routes all its traffic through our place > > > in > > > Corvallis. > > > > > > I've joined residences using OpenVPN before, but a quick look at > > > the docs > > > suggests that most users of VPNs on OpenWRT are connecting to a > > > commercial > > > VPN host rather than to another OpenWRT instance. > > > > > > First question: is what I want to do feasible/possible? (I > > > suspect that the > > > $25 device I'm starting with will not support a heavy load very > > > well. > > > That's ok: she can upgrade if the concept works out.) > > > > > > Second, is there a name for what I'm trying to do? Usually when I > > > can't > > > find answers on Google it's because I don't know what to ask for. > > > > > > Thanks! > > > > > > --Eric
