Setup VPN Bridge

Before proceeding with this tutorial, make sure that you’ve completed the VPN Network tutorial.

In this guide, we will be converting a router into a VPN Bridge. Why you ask? Our Oculus Go VR headset lacks a built-in VPN function. And we need our Oculus Go to join our VPN so that it can communicate with our Cloud Server. To solve this problem, we are adding a 2nd router to our normal network at home. Our 2nd Router will be programmed to join our ZeroTier VPN. When our Oculus Go connects to the Wifi from our 2nd Router, it will automatically be joined to ZeroTier.

For this tutorial, we used a Netgear R6100 802.11ac Router that supports 5 GHz. We like this router because it’s inexpensive and it gives off a rock solid 5 GHz signal. With that said, you’re welcome to try any router that is fully compatible with OpenWRT. OpenWRT is a custom router firmware that supports adding modules for additional functionality. Once OpenWRT is installed on our router, we can program it to connect to our VPN through the ZeroTier module. It basically ends up creating a “bridge” from our home network to our VPN network. As a side benefit, it’s also a great way of connecting any device to your Cloud Server that would normally only work on a local network.

This tutorial is going to specifically cover setting this up for the Netgear R6100. As we said earlier, it should work for other router models, but we can only be very specific with what we have access to. The coding and general guidelines in this tutorial should be easy to implement on most router models. Just be aware that you may have to make some minor tweaks if you’re using something other than the R6100.

Visit the OpenWRT Page for your Router Model. Download the OpenWRT Firmware for your model (the install link, not the upgrade link). This is the link for the R6100. Next download a copy of Putty. Putty is an SSH client for Windows that allows us to send commands to various devices on our network. For this tutorial we will be using it to send commands to our VPN Router. It’s basically how we customize and program it.

  • After you’ve downloaded the necessary software, connect your PC to your VPN Router with an Ethernet Cable (connect it to LAN Port #1). Power up your VPN Router and wait for it to fully boot up.
  • Log into your VPN Router and visit the Firmware Upgrade section (this is often under an Administration setting). If you’re using something other than the R6100, you may need to refer to your router manufacturer’s documentation to figure out where to go.
    • For the R6100 visit http://www.routerlogin.net and log in. The default username is admin and the default password is password.
    • On the left side of the R6100 management window, select Advanced > Administration > Router Update > Browse. Select the OpenWRT Firmware File that you downloaded earlier. Update your Firmware with this file.
    • To see this in action, you can watch this video from Netgear: Firmware Upgrade
    • It will take several minutes to complete the Firmware Upgrade. To be safe, give it about 10 minutes and before you do anything else. The upgrade is complete when all of the lights on the front of the router are solid.
  • Make sure that your VPN Router is connected to your regular home router before taking the next steps (many routers have a dedicated internet port (WAN). Connect an Ethernet Cable from the WAN port of your VPN Router to a LAN port on your normal home router).
  • Visit http://192.168.1.1 to access the OpenWRT web interface. By default the username is admin and the password is left blank. You will be prompted to create a new default password. Accept this prompt and create a new admin password that is at least 8 characters long. Make a note of this password because you will need it later on.
  • At the top of the OpenWRT screen, choose Network > Wireless. Enable the 5 Ghz Wifi. You can also edit this interface to customize your VPN Wireless Signal. I recommend giving it a unique name, WPA2 encryption, and a password. Do not give it the same name as your normal network at home.
  • Go back to Network > Interfaces. Click Edit next to the LAN Interface. On the next screen scroll down and edit the IPv4 address. Change it to the following:
10.99.4.1
  • Change the IPv4 Netmask to the following:
255.255.254.0
  • Choose Save & Apply at the bottom of the page.
  • On your PC open Putty. Type in 10.99.4.1 in the Host Name field and click Open at the bottom of the window.

  • This will bring up a window that prompts you to log in. The username is root and the password is the admin password that you created earlier. At this point, Putty is ready for you to input commands. For the next steps, you can copy and paste each line into Putty. Copy and paste one line at a time and then hit Enter on your keyboard to submit it.
opkg update
opkg install zerotier
/etc/init.d/zerotier stop
uci set zerotier.sample_config.enabled='0'
uci set zerotier.lede_network=zerotier
uci set zerotier.lede_network.interface='wan'
uci set zerotier.lede_network.secret="$(cat /var/lib/zerotier-one/identity.secret)"
  • For the next step, you will need to grab your ZeroTier Network ID from the ZeroTier Network page. This is the page that you configured earlier in the VPN Network Tutorial. Replace NETWORK_ID in the following command with your Network ID number from ZeroTier.
    • Example: uci add_list zerotier.lede_network.join=’8ad5123ed69d6f69′
uci add_list zerotier.lede_network.join='NETWORK_ID'
uci set zerotier.lede_network.enabled='1'
uci commit zerotier
reboot
  • At this point your VPN Router will restart and your Putty session will get disconnected. Give it a few minutes to restart fully. It is ready when the light on the front of the VPN Router is solid. After it’s booted back up, log back into Putty. Leave the Putty window open and go back to the ZeroTier Network page in your browser.
  • Scroll down to the bottom of the page and look for connected devices. You should see your VPN Router listed and ready to be authorized. Before checking the box to authorize it, click the wrench icon and check the boxes for Allow Ethernet Bridging and Do Not Auto-Assign IPs. Next to the + symbol enter 10.99.5.1 and then click the + button to assign it an IP Address. Now put a check in the Auth? checkbox. Within a short time, your VPN Router should show that it’s online.

  • In your browser visit http://10.99.4.1 and log into your VPN Router. Click on Network > Interfaces. Click the Add new interface button. Configure it so that it looks like the picture below:

  • Click Submit at the bottom of the page. Go back to Network > Interfaces and click Edit next to LAN. Choose the Physical Settings tab. Make sure that zt0 is checked in the interface list. Click Save & Apply at the bottom of the page.
  • Choose Network > Firewall. Click the Add button to add a new zone with the following settings:
    • Name: zero
    • Input: accept
    • Output: accept
    • Forward: accept
    • Masquerading: unchecked
    • MSS clamping: unchecked
    • Covered Networks: ZT0 checked (everything else unchecked)
    • Inter-Zone Forwarding
      • Allow forward to destination zones: LAN checked (everything else unchecked)
      • Allow forward from source zones: LAN checked (everything else unchecked)
  • Click Save & Apply at the bottom of the page. Go back to Putty and enter:
reboot
  • When your VPN Router boots back up, it should be ready to use. Proceed to the Putting It All Together tutorial to finish everything up.
Spread the love
  •  
  •  
  •  
  •  
  •  
  •