Featureless Wireless Router + Linux Machine = VPN Wireless Router
When I tried to access some oversea services on my Milestone, the connection was often reset by the "firewall". I have an OpenVPN account but the Android system only provides PPTP and L2TP connectivity (I do not want it rooted yet). Then I tried to make my laptop PC with VPN connection to be a wireless access point. It was unfortunate that my old Intel wireless network adaptor does not support the Master (Access Point) mode, while the unrooted Android system cannot connect to an Ad-hoc wireless network. I had to configure a VPN enabled wireless router as the access point...
Lots of articles teach you how to configure a VPN wireless router that can break the "firewall" transparently. These techniques are all based on some powerful firmware like OpenWrt. If your featureless router does not support these firmware, it cannot run as a VPN based proxy. But that is not a problem if you can dedicate a Linux machine to running the VPN client. An old desktop or laptop PC is enough.
1. Install the VPN client and the iptables service on the Linux machine. Connect it to the LAN of the wireless router, either by wire or wireless.
2. Configure the VPN client on the Linux machine and ensure it works well. You will see a VPN tunnel device created, like "tun0" for my OpenVPN connection.
3. Make the Linux machine to be a gateway that forwards the LAN traffic to the VPN tunnel. You should write correct IP range and tunnel device name in the command,
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE
and the verify them after executing.
- iptables -t nat -L
If you want the it to be a regular service, you can insert the VPN connecting and IP forwarding commands into /etc/rc.local or other starting-up scripts.
4. Modify the DHCP settings of the wireless router. For most routers, these settings are supplied via a web portal. The gateway should be the IP of the Linux machine that runs the VPN client, and the DNS should be an unpolluted one.
If you do not have the administrative permission to the router, you have to ask the wireless users to perform these settings on their client devices manually.
5. Try to connect to the wireless router from a client device. After connected, check the auto-allocated gateway and DNS. Then try to browse a website showing the client's IP (e.g. ifconfig.me), if it shows the VPN's IP, you made it.





