So I lied in the title you do need a public ip but not at your house or your office.
The trick is to have something that does. Thankfully renting a vps server to run the "core" of your network has never been easier or cheaper. I am renting a 2.49/month vps to do it for work.
Equipment needed:
1x edgerouter (per site)
1x vps
open vpn on any road warrior configs
On the VPS install pivpn to get started. Its a single line command to install the VPS. You can quickly test the VPS installing openvpn onto your computer and then checking your ip (it should be that of the VPS server).
Create a client with or without a password for the edgerouter.
pivpn -a nopass
enter the user details to continue
Copy the contents of the ovpn file made here: /home/user/ovpn/profile.ovpn
Log into the cli of the edgemax router.
Do: sudo su
This will bring you into a super user of the router.
cd /config/auth
This will change directory, now you can
cat > wifi_engineering.ovpn
Right click to paste the contents of the ovpn file created on the vpn server
Press CTRL+C to cancel the command.
cat wifi_engineering.ovpn
it should have the contents of the ovpn file you just pasted.
Type exit and this will bring you back to the router.
Configuring the router to connect to the vpn is so simple.
set interfaces openvpn vtun0 config-file /config/auth/wifi_engineering.ovpn
Type commit (it will attempt to create and start the interface) and save
Now log into the web interface go to the Firewall/NAT then NAT. You need to create an outbound Source NAT. It should look similar to this:
The reason for this is that without it and without creating routing rules on the PiVPN server the connection will try to route your local lan to the server. The server without configuration has no idea who you are or where you came from. This now means that when you go out of this interface your ip will be: 10.8.0.x
Now your edgerouter is connected as a road warrior client, it will recieve a dhcp ip each time. This is ok but it wont be Ok if you are trying to run a mail server or other service that needs to be connected remotely.
The trick is to have something that does. Thankfully renting a vps server to run the "core" of your network has never been easier or cheaper. I am renting a 2.49/month vps to do it for work.
Equipment needed:
1x edgerouter (per site)
1x vps
open vpn on any road warrior configs
On the VPS install pivpn to get started. Its a single line command to install the VPS. You can quickly test the VPS installing openvpn onto your computer and then checking your ip (it should be that of the VPS server).
Create a client with or without a password for the edgerouter.
pivpn -a nopass
enter the user details to continue
Copy the contents of the ovpn file made here: /home/user/ovpn/profile.ovpn
Log into the cli of the edgemax router.
Do: sudo su
This will bring you into a super user of the router.
cd /config/auth
This will change directory, now you can
cat > wifi_engineering.ovpn
Right click to paste the contents of the ovpn file created on the vpn server
Press CTRL+C to cancel the command.
cat wifi_engineering.ovpn
it should have the contents of the ovpn file you just pasted.
Type exit and this will bring you back to the router.
Configuring the router to connect to the vpn is so simple.
set interfaces openvpn vtun0 config-file /config/auth/wifi_engineering.ovpn
Type commit (it will attempt to create and start the interface) and save
Now log into the web interface go to the Firewall/NAT then NAT. You need to create an outbound Source NAT. It should look similar to this:
The reason for this is that without it and without creating routing rules on the PiVPN server the connection will try to route your local lan to the server. The server without configuration has no idea who you are or where you came from. This now means that when you go out of this interface your ip will be: 10.8.0.x
Now your edgerouter is connected as a road warrior client, it will recieve a dhcp ip each time. This is ok but it wont be Ok if you are trying to run a mail server or other service that needs to be connected remotely.
Last edited: