Posted: Tue Sep 21, 2021 20:16 Post subject: Advice Please - 2 router setup, VPN, vlan and a server
HI so setting up my home network, I have 2 routers a Netgear r8000 that is connected to a smart switch and to the 2nd router a Netgear r7000 via 5GHz wifi. Both run DD WRT
R7000 currently run an OpenVPN client but I only want the VPN running on the 2.4Ghz wifi and the WAN port. The other LAN ports I want to connect back to the main router with 2 of those 4 LAN ports each being on a separate VLAN that could only communicate with 1 LAN port on the server. The other 2 LAN ports I want to behave as if connected to the r8000.
The server I run a range of VMs on. Would like to provide each LAN port with its own VLAN/subnet
1 port on the server will be virtually split into 2 each on their own subnet/vlan - 1 connecting to the net via the VPN on the r7000(can that be done?) and talking to 1 of the port on the v700 - 1 connecting to 1 of the ports on r7000 but not the internet.
1 port will have access to internet directly and
Code:
Router - r8000 - WAN - 192.168.0.1/22
| |
8 port smart switch Router - R7000 - VPN -
| | | | 192.168.7.1/24
Server Dell R710 4x1Gb ports
I know how to configure the smart switch and the server. Think I know how config the r8000 (though bit confused by the 2 separate tabs for VLAN tagging (switch config and networking). Not sure how to assign a /24 to VLAN and no idea how to configure the r7000 while keep a working VPN(if possible)
192.168.0.1/22 main router subdivided into
192.168.0.1/24 other router and personal devices connected directly to the r8000 (including 2 lan port on r7000)
192.168.1.1/24 for VMs on the server that can communicate with any device on 192.168.0.1/24
192.168.2.1/24 for VMs that can talk to one of the LAN ports on r7000 and the internet via a VPN
192.168.3.1/24 for VMs that can only talk to 1 LAN port on r7000.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue Sep 21, 2021 20:55 Post subject:
although im too tired to get into your set up...ATM
ill put my 2 cents in it...
1. you didn't mention...both routers, witch firmware build number are running, and this matters...
Y does it matter, because...both units in fact they have the same CPU and they both are capable to VLAN's and tagging...on the new builds for Broadcom units, this could be done via switchconfig commands(same as on Atheros) via start up script...as well on Broadcom units(R7000), i still do it via GUI instead...and it works...
2.one thing i didn't get, witch mode you run your R7000? Is it gateway with NAT or just client WAP/switch mode(bridged)?
Why your R8000 is connected to R7000 via wi-fi client bridge, instead of wire...although you can do this, it has its own limitations and its not very rational in terms of functionality...and performance...
3. You also mentioned smart switch, i guess it supports Vlan's too...
So, there are probably few different ways you can approach the situation...
i guess someone else will jump in to help you out...im sorry im not that helpful at the moment, im just too tired... will try again tomorrow...as it looks as a interesting challenge _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Tue Sep 21, 2021 21:36; edited 1 time in total
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Tue Sep 21, 2021 21:18 Post subject:
Regarding VLANs: On older builds, Northstar (ARM) devices required CLI voodoo for vlan assignments, etc. On builds newer than 46446, they don't, but there were still issues until perhaps around 46885 as well as lingering issues on some devices (older WRT/MIPS). _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
I would use a cable to connect them but in rented accommodation so can't drill holes. did think powerline adaptor but was getting good performance over 5ghz and as the r8000 has 2 5ghz networks/bands though I would use one to create a backhaul.
the r7000 is running as a gateway with nat, thought this was best as it also running the VPN and therefore anything I connect to the r7000 will be talking from that router and therefore nat would be helpful?
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Thu Sep 23, 2021 2:06 Post subject:
Powerline adapters are highly dependent on being on the same circuit or same leg of distribution. If both outlets don't tie to the same hot bus, it's going to affect how well they work. At least that has been my own personal experience. #tangent _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Sep 23, 2021 17:10 Post subject:
But the problem is your R7000 is connected wirelessly and you cannot send vlan information this way as wifi does not support vlan (On the router itself you can make a VLAN and bridge the Radio with that VLAN but you cannot get that across to the main router because you are connected wirelessly, at least that is my understanding) _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
just had a quick play and I see what you mean, could it be done by CLI rather than GUI, I.e would the same commands that would be used for each ethernet port work for the wireless interfaces
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Thu Sep 23, 2021 19:55 Post subject:
Cobra1582 wrote:
just had a quick play and I see what you mean, could it be done by CLI rather than GUI, I.e would the same commands that would be used for each ethernet port work for the wireless interfaces
Heaving all those command via CLI (start up script) instead of GUI is better, but it wont make any difference regarding the result....
Hmmm as egc said above, you have to use another way to connect R7000(via cable) and than you'd have more freedom, you can create a vlan and create a new bridge where you can assign wlan1 or wlan0 to it, than use this br on its own subnet...and it will be isolated (kind of),but you tag a port not a br...so, no fun with taggin a wifi, as its an interface..although its a part of the switch... unless im wrong...
You can segregate a physical port(on vlan) and tag it, than connect another router in WAP mode to this port...so, port will be tagged and all devices connected in that wap will be tagged, i believe...
I've never tried tagiin like that, but i've kind of those isolated networks, port to wap... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Thu Sep 23, 2021 21:47 Post subject:
I stopped using my Netgear gigabit powerline adapters as I was getting garbage throughput; 5Mbit/s - 10Mbit/s. I think initially I was getting 50-100 on speedtest.net. I am going to be doing some change-ups this Fall so everything is wired except for mobile devices. Been putting it off too long _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sat Sep 25, 2021 22:43 Post subject:
Cobra1582 wrote:
I would use a cable to connect them but in rented accommodation so can't drill holes.
If you really want a wired connection b/w the two routers which would allow you more options, I'd suggest the Wireless Wire Kit by MikroTik.
Briefly, the kit provides an equivalent 1Gbps full duplex link as if you had a Gigabit ethernet cable running in b/w. They connect over a 60 GHz wireless link with secure AES. Simply point the included devices at one another and power them on. And that's it. And you can take the kit with you when leaving.