Posted: Thu Jul 15, 2021 2:59 Post subject: Trying to create a network with 1st SSID on VPN not the 2nd
I am setting a network up for my wife's family in Brazil and I want to have a Brazil network and USA network. I have a Netgear R6400v2 and TP-Link Archer A7-V5 both running DDWRT. The Netgear is the router and I have it currently working with OpenVPN. 4 SSID's Brazil2G, Brazil5G, USA2G, USA5G. The two Brazil SSID's are unbridged with different subnets not going across the VPN. For the USA SSID's, I configured a /26 subnet in the OpenVPN policy based routing section so that only the IP's in my DHCP pool go across the VPN. All of this works fine for me.
Now the problem is getting both USA and Brazil on the TP-Link router. It is configured as an access point and the USA network works fine. I can statically configure an IP outside of the DHCP range which I have specified in the OpenVPN policy based routing section and it will work fine on the Brazil (non VPN) network. How can I get another SSID on the 2nd router that is not in the VPN?
My initial plan was to create two vlans, except I'm not sure how to put all traffic on one of the VLAN's on the VPN. That's why I configured it as described.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Thu Jul 15, 2021 6:07 Post subject: Re: Trying to create a network with 1st SSID on VPN not the
slackeruh wrote:
I am setting a network up for my wife's family in Brazil and I want to have a Brazil network and USA network. I have a Netgear R6400v2 and TP-Link Archer A7-V5 both running DDWRT. The Netgear is the router and I have it currently working with OpenVPN. 4 SSID's Brazil2G, Brazil5G, USA2G, USA5G. The two Brazil SSID's are unbridged with different subnets not going across the VPN. For the USA SSID's, I configured a /26 subnet in the OpenVPN policy based routing section so that only the IP's in my DHCP pool go across the VPN. All of this works fine for me.
Now the problem is getting both USA and Brazil on the TP-Link router. It is configured as an access point and the USA network works fine. I can statically configure an IP outside of the DHCP range which I have specified in the OpenVPN policy based routing section and it will work fine on the Brazil (non VPN) network. How can I get another SSID on the 2nd router that is not in the VPN?
My initial plan was to create two vlans, except I'm not sure how to put all traffic on one of the VLAN's on the VPN. That's why I configured it as described.
Any suggestions?
It is always a good idea if you state the build number(s) you are using.
You can work with vlans, newer R6400 also use swconfig and although this is the most elegant solution it can be difficult to setup.
You can just make a new unbridged SSID on the TP link and as its subnet is not in the PBR field it will not use the VPN, if you want it to use the VPN just add that subnet to the PBR field.
PBR documentation can be found in the link about OpenVPN in my signature at the bottom.
For completeness I attach my personal notes how to setup a VAP, there is a paragraph about how to setup a VAP on WAP (love this alliteration )
Firmware: DD-WRT v3.0-r47033 std (07/08/21) on both the router and WAP.
Yes, second router (TP-link) is setup as a WAP.
My initial thought was to have 2 vlans. One on the VPN and one not. Using Cisco or Meraki, I would have had a trunk port containing the two vlans connected between the router and wap and then bridged the SSIDs to the appropriate VLAN however I'm not sure how to handle this with DDWRT. Is this possible?
Another issue that came up is Netflix Brazil was not working on the Brazil network. I changed the DNS to that of the ISP and it worked but then the same problem happened on an iPhone. I noticed a feature, SmartDNS, and when I enabled it, the Netflix DNS issues went away.
I assume VAP on WAP from your notes is what I need but I'm a bit confused with that.
My ultimate goal at the house is to connect a ring doorbell that is connected to the TP-Link WAP and have it show up on the screens of two Amazon Echo Shows. One of them is connected to the Netgear router and one is connected to the TP-Link WAP.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Sun Jul 18, 2021 7:38 Post subject:
slackeruh wrote:
Firmware: DD-WRT v3.0-r47033 std (07/08/21) on both the router and WAP.
Yes, second router (TP-link) is setup as a WAP.
My initial thought was to have 2 vlans. One on the VPN and one not. Using Cisco or Meraki, I would have had a trunk port containing the two vlans connected between the router and wap and then bridged the SSIDs to the appropriate VLAN however I'm not sure how to handle this with DDWRT. Is this possible?
Another issue that came up is Netflix Brazil was not working on the Brazil network. I changed the DNS to that of the ISP and it worked but then the same problem happened on an iPhone. I noticed a feature, SmartDNS, and when I enabled it, the Netflix DNS issues went away.
I assume VAP on WAP from your notes is what I need but I'm a bit confused with that.
My ultimate goal at the house is to connect a ring doorbell that is connected to the TP-Link WAP and have it show up on the screens of two Amazon Echo Shows. One of them is connected to the Netgear router and one is connected to the TP-Link WAP.
You can use two VLAN's and use a trunk port to connect between the two routers, i even have an example of how to do that but the way we handle vlans has recently been changed we now use swconfig and I have no experience with that (will be next on my list) so it must be doable but I cannot help with that but i know others can
But even if you use vlan's you have to setup a VAP on a WAP but instead of the br1 on its own subnet you set the br1 of the WAP in the subnet of br1 of the primary router just as you are doing now with br0.
Regarding Netflix (also applies to Amazon and other streaming sites), they check if the DNS is coming form the same IP address as your request so you have to also route the DNS the same.
See the chapter about Different routing of DNS server and destination in https://forum.dd-wrt.com/phpBB2/download.php?id=46561
Although this is written for OpenVPN the same applies to WireGuard.
For WireGuard you have an input box to put the DNS servers(s) you want to route via the VPN (see the WG guide) _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
)