Raspberry Pi + OpenWRT + OpenConnect + LAN Connection

my old friend

Why ?

When you are living in Iran you most know the network technologies very well , as Iran and china internet censorship consider vast services include streaming and news and almost everything outside of country. another painfull story is sanctions , almost every service outside of Iran fear to service Iranian because of us sanctions. its funny that if AWS recognize you with Iran IP ban you and disable your account.

for that problems iranian use proxy and VPN tunnels everyday even grandmas has a little knowledge about VPN types.

so its a funny and in same time sad story of internet in Iran.

coronavirus now cause of a lot of problems so as a DevOps Enginner I am working remotely and I am not get used to that very fast , every technological thing in house as my LG WebOs tv and my old raspberry pi are now seems interesting , you know everything except Microsoft windows and macOS are interesting 😂.

buying stuff in Iran because of high Inflation (about 40% per year ) are now is harder than before for example iam buy the rasbpery pi 3 b+ about 200/000 toman ( toman have a lesser zero than iranian rial ) now 3 years after that you most buy the same model about 700/000 toman that is isnane and does not have a rational reason for create a home router or just play with retropie (that is my motivation for create my home console as I am a fan of nostalgic nes and sega megadrive games) or a kodi distribution like osmc , xbian , libreELEC.

retropie performance is great

the problem is that LG WebOs does not support my beloved opencconect vpn and even a HTTP proxy or anything else ( l2tp , pptp , ipsec , wireguard,shadowsocks,openvpn,tinyproxy,tor … ) its designed for none Iran and china countries with a happily ever after free internet access.

maybe you are a geek with passion or a gamer with a region on gaming console that you want your region vpn or simply you do it because you can.

lets start the technical guideline for create a free internet hotspot in home.

pre requirement:

• an RJ 45 cable with internet access or if you are a geek with more money setup a LTE module and using WWAN
• a raspberry pi ( 3b+ or 4 ) because of this two model have wifi module and ethernet module in same time.
• an anyconnect(openconnect) vpn account

flash openWRT on raspberry pie

first of all you most download the latest version of openWRT for your device in this address.

then using dd or etcher for push image on sd card.

sudo gzip -dc /home/your_username/image.gz | dd bs=4M of=/dev/sdb

after that plug the power and waiting for rassbery to up and running.

Config Time

the config is accessible trough openWRT webGUI luCI with default address 192.168.1.1. for access that page conecct to wifi ssid openWRT ( we need ethernet as a dhcp client to cable network )

the default username and password is

the openwrt login page

user: root
password: root

on the network > interface section you can see a LAN network with 192.168.1.0/24 range.

the default config is not sutible for our work, the default config is a open wifi with openWRT ssid and a LAN network 192.168.1.0/24 dhcp server for automatic assigned IP. so we dispatched the LAN ethernet from interface from physical drive and change network range because for my case my vpn range is also 192.168.1.0/24 and it have impact on routing tables because of same network range.

LAN wireless interface

so after save and apply the config you most using the new address for access the webGUI 192.168.3.1 .

its time for setup a DHCP client for getting network from ethernet .

click on add new interface and setup a dhcp client as picture below

dhcp client for getting internet

and give edit WAN interface and give it a firewall label

so as if everything goes well you can go to page of diagnostic page and ping openWRT website

so we have internet for now if you have a free internet access or don't want use a vpn you can simply in network > firewall section forward LAN to WAN interface

firewall forwarding rule to WAN

install and setup openconnect on openWRT

so if everything goes well you can install openconnect package on openWRT in system > software section , update list and search for openconnect and install openconnect and luci-proto-openconnect

install openconnect on openWRT

then reboot the system for loading openconnect in interfaces in system > reboot.

after booting up going to network > interface and setup a new interface and setup OpenConnect interface.

and edit interface

for getting SHA-1 from your openconnect server using this script

openssl s_client -connect yourserver -showcerts 2>/dev/null </dev/null | awk '/-----BEGIN/,/-----END/ { print
$0 }' | openssl x509 -noout -fingerprint -sha1 | sed 's/Fingerprint=//' | sed 's/://g'

and paste that on vpn certificate section . then labed the interface on firewall setting with anything you want.

then going to network > firewall and forward LAN to openconnect label.

tada now you have the vpn access trough your wifi network.

for better security its better to change network SSID and set password on wifi

you can find it in network > wireless

change ssid and password

so after all this steps you have a secure wifi network in your home its can be done for almost every openWRT devices with this hardware capabilities.