Posted: Sat Aug 10, 2019 9:40 Post subject: 2 VPN-dedicated R7000s in the same network (SOLVED)
My network is powered by two R7000s. The primary R7000 (router) runs a VPN client and (policy based) routes private and guest network traffic through the VPN.
I would like to use the secondary R7000 as an VPN client as well, set to a different geografic location.
My TV set (which is LAN-connected to the primary R7000) would then connect to an VPN client connected to a server in the USA. While the rest of the networks VPN traffic is router through the other client connected to a server closer to home, for more network speed.
Is it possible to forward the traffic from a specific port/or IP in the primary R7000 to the VPN client on the secondary R7000?
My current working setup is as follows:
• two R7000s connected LAN-LAN
• both devices are running the DD-WRT v3.0-r39960M kongac (06/08/19) firmware.
• the primary R7000 (1st floor) functions as a router, WAN-port is connected to modem.
• the secondary R7000 (3rd floor) functions as access point.
• Raspberry Pi running pi-hole acts as DHCP and DNS server.
• Private wireless network (wl0 & wl1) on both R7000s
Guest wireless network (wl0.1 & wl1.1) on both R7000s, traffic is routed through an VPN (Open VPN client in DD-WRT). I had help with getting the guest network operational on the secondary R7000 here: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1166356#1166356 and which using the pi-hole on the guest network as DNS-server and routing the guest network traffic on the secondary R7000 through the OpenVPN client on the primary router using the Simple PBR script by @egc here: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320761
Last edited by Mozzy77 on Sun Aug 11, 2019 7:40; edited 1 time in total
Is it possible to forward the traffic from a specific port/or IP in the primary R7000 to the VPN client on the secondary R7000?
You can either setup routing from one r7000 to the other , or easier configure the tv gateway if possible to route out via the second r7000.
There is a third option you can just run 1 r7000 and have multiple openvpn clients running. But maybe throughput is an issue? If you are just using the VPN to change GEO location for the TV you could run it unencrypted to greatly improve throughput.
Thank you! I was thinking way to complicated: iptables, firewall rules and stuff
Manually setting the gateway in the TV itself to the secondary R7000 did the trick. Together with the IP of the TV in the Policy Based Routing field of the OpenVPN client.
I will look in to the unencrypted part for video streaming purposes.
Under the services/openvpn tab there is various encryption options like Encryption Cipher,Hash Algorithm,TLS Cipher and (not encyption but) LZO Compression. Set them all to none or disabled, which may or may not disable depending on your vpn providers policies set( I think you can check in the log what happens). If they do disable your vpn load should reduce to very little, enough to easily run it on the one router.
