R8500.1 serves as an edge router and is the master DHCP (ordinarily).
R8500.2 I have setup wireless virtual APs on it. VAPs are perfectly configured on this router.
Both R8500.2 and R8500.3 have this setup in Commands for Firewall
Code:
# Enable NAT for traffic being routed out br0 so that br1 has connectivity (for WAP's - WAN port disabled)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
Firmwares are: DD-WRT v3.0-r35030M kongac.
R8500.2 is setup for 10.10.3.0/27 for bridged VAPs.
R8500.2 has an IP self assignment for the (br1) bridge as 10.10.3.1.
R8500.3 is setup for 10.10.3.32/27 for bridged VAPs.
R8500.3 has an IP self assignment for the (br1) bridge as 10.10.3.33.
Both R8500.2 and R8500.3 are setup as non-gateway Wireless Access Points and are wired to the main network. WAN port assignments on the R8500.2 and R8500.3 are moved to switch function, and 'Advanced Routing' 'Operating Mode' set to "Router" (not gateway).
Again, everything works flawlessly from the R8500.2 router. Also, everything otherwise works flawlessly from the R8500.3, except the use of the VPN to connect out.
The only difference between R8500.3 from R8500.2, is that R8500.3 is running OpenVPN and it automatically tunnels traffic.
The dilemma is on R8500.3. Wireless devices connecting to R8500.3 end up using the VPN gateway instead of passing traffic onto R8500.1. I would not like these wireless devices using the VPN gateway.
I cannot seem to figure out a way to get the wireless devices connecting to R8500.3 VAPs to NOT use the VPN on that router.
R8500.2 does not use OpenVPN, and all internet traffic proceeds normally.
R8500.3 does use OpenVPN, and all internet traffic goes out the VPN (not wanted).
Everything is working as desired EXCEPT for the VPN traffic dilemma. Only devices on the main network that explicitly point to R8500.3 as a Gateway are meant to use that VPN tunnel.
Sorry that it has confused you. Also, yes, I am aware of the firmware's age.
And I apologize, that yes, the VAPs are unbridged. When I said "bridged" I meant that the VAPs and connected to a bridge (br1) that the VAPs are assigned to.
If it helps, please consider the VAP setup for R8500.3 as 10.10.4.32/27, and 10.10.4.0/27 for the R8500.2.
The firewall/iptables commands I have inserted haven't made a difference.
I have tried this:
iptables -I FORWARD -s 10.10.4.32/27 -d 10.10.4.33 -j DNAT --to 10.10.0.1
And I have tried this:
iptables -t nat -I PREROUTING -o br0 -j DNAT --to 10.10.0.1
Joined: 18 Mar 2014 Posts: 12908 Location: Netherlands
Posted: Tue Jan 24, 2023 7:07 Post subject:
Still not sure why you are using such unorthodox subnetmasks.
It is not needed and makes it difficult to calculate so that overlap can easily take place.
About OpenVPN, as said it is a very old build and lots of things have changed, but by default everything is routed via OpenVPN if it is active.
On a Wireless Access Point that applies to everything behind the router e.g. which is unbridged as you can read in the documentation I pointed to.