Advice Please - 2 router setup, VPN, vlan and a server

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Cobra1582
DD-WRT User


Joined: 29 Nov 2011
Posts: 104

PostPosted: Tue Sep 21, 2021 20:16    Post subject: Advice Please - 2 router setup, VPN, vlan and a server Reply with quote
HI so setting up my home network, I have 2 routers a Netgear r8000 that is connected to a smart switch and to the 2nd router a Netgear r7000 via 5GHz wifi. Both run DD WRT

R7000 currently run an OpenVPN client but I only want the VPN running on the 2.4Ghz wifi and the WAN port. The other LAN ports I want to connect back to the main router with 2 of those 4 LAN ports each being on a separate VLAN that could only communicate with 1 LAN port on the server. The other 2 LAN ports I want to behave as if connected to the r8000.

The server I run a range of VMs on. Would like to provide each LAN port with its own VLAN/subnet

1 port on the server will be virtually split into 2 each on their own subnet/vlan - 1 connecting to the net via the VPN on the r7000(can that be done?) and talking to 1 of the port on the v700 - 1 connecting to 1 of the ports on r7000 but not the internet.

1 port will have access to internet directly and

Code:
                 Router - r8000 - WAN - 192.168.0.1/22
                    |                    |
     8 port smart switch           Router - R7000 - VPN -
     |   |    |   |                    192.168.7.1/24
Server Dell R710 4x1Gb ports



I know how to configure the smart switch and the server. Think I know how config the r8000 (though bit confused by the 2 separate tabs for VLAN tagging (switch config and networking). Not sure how to assign a /24 to VLAN and no idea how to configure the r7000 while keep a working VPN(if possible)
192.168.0.1/22 main router subdivided into

192.168.0.1/24 other router and personal devices connected directly to the r8000 (including 2 lan port on r7000)

192.168.1.1/24 for VMs on the server that can communicate with any device on 192.168.0.1/24

192.168.2.1/24 for VMs that can talk to one of the LAN ports on r7000 and the internet via a VPN

192.168.3.1/24 for VMs that can only talk to 1 LAN port on r7000.

Any advice would be greatly received.

Many Thanks

Damien
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue Sep 21, 2021 20:55    Post subject: Reply with quote
although im too tired to get into your set up...ATM
ill put my 2 cents in it...
1. you didn't mention...both routers, witch firmware build number are running, and this matters...
Y does it matter, because...both units in fact they have the same CPU and they both are capable to VLAN's and tagging...on the new builds for Broadcom units, this could be done via switchconfig commands(same as on Atheros) via start up script...as well on Broadcom units(R7000), i still do it via GUI instead...and it works...
2.one thing i didn't get, witch mode you run your R7000? Is it gateway with NAT or just client WAP/switch mode(bridged)?
Why your R8000 is connected to R7000 via wi-fi client bridge, instead of wire...although you can do this, it has its own limitations and its not very rational in terms of functionality...and performance...
3. You also mentioned smart switch, i guess it supports Vlan's too...

So, there are probably few different ways you can approach the situation...

have a look at those ones
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327810

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

i guess someone else will jump in to help you out...im sorry im not that helpful at the moment, im just too tired... Cool will try again tomorrow...as it looks as a interesting challenge Cool

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Tue Sep 21, 2021 21:36; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Tue Sep 21, 2021 21:18    Post subject: Reply with quote
Regarding VLANs: On older builds, Northstar (ARM) devices required CLI voodoo for vlan assignments, etc. On builds newer than 46446, they don't, but there were still issues until perhaps around 46885 as well as lingering issues on some devices (older WRT/MIPS).
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Cobra1582
DD-WRT User


Joined: 29 Nov 2011
Posts: 104

PostPosted: Wed Sep 22, 2021 22:43    Post subject: Reply with quote
thank you both of you. I am using

Router Model
Netgear R8000
Firmware Version
DD-WRT v3.0-r47381 std (09/08/21)
Kernel Version
Linux 4.4.283 #4029 SMP Wed Sep 8 06:24:06 +07 2021 armv7l

Router ModelNetgear R7000
Firmware VersionDD-WRT v3.0-r47381 std (09/08/21)
Kernel VersionLinux 4.4.283 #4024 SMP Tue Sep 7 09:20:59 +07 2021 armv7l

I would use a cable to connect them but in rented accommodation so can't drill holes. did think powerline adaptor but was getting good performance over 5ghz and as the r8000 has 2 5ghz networks/bands though I would use one to create a backhaul.

the r7000 is running as a gateway with nat, thought this was best as it also running the VPN and therefore anything I connect to the r7000 will be talking from that router and therefore nat would be helpful?
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Sep 23, 2021 2:06    Post subject: Reply with quote
Powerline adapters are highly dependent on being on the same circuit or same leg of distribution. If both outlets don't tie to the same hot bus, it's going to affect how well they work. At least that has been my own personal experience. #tangent
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Sep 23, 2021 6:22    Post subject: Reply with quote
I do not think wireless supports vlan tagging.

Do not know if power line does?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Sep 23, 2021 12:17    Post subject: Reply with quote
I don't know of any powerline adapters that do as they are akin to unmanaged switches.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Cobra1582
DD-WRT User


Joined: 29 Nov 2011
Posts: 104

PostPosted: Thu Sep 23, 2021 13:08    Post subject: Reply with quote
forgot to say yes the smart switch support vlan and vlan trunking.

looking at the gui seem I can use vlan trunking on any connection be it a port or a wifi adator.

just know there a different between what one can do and what one should do
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Sep 23, 2021 17:10    Post subject: Reply with quote
But the problem is your R7000 is connected wirelessly and you cannot send vlan information this way as wifi does not support vlan (On the router itself you can make a VLAN and bridge the Radio with that VLAN but you cannot get that across to the main router because you are connected wirelessly, at least that is my understanding)
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Cobra1582
DD-WRT User


Joined: 29 Nov 2011
Posts: 104

PostPosted: Thu Sep 23, 2021 18:17    Post subject: Reply with quote
just had a quick play and I see what you mean, could it be done by CLI rather than GUI, I.e would the same commands that would be used for each ethernet port work for the wireless interfaces
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Thu Sep 23, 2021 19:55    Post subject: Reply with quote
Cobra1582 wrote:
just had a quick play and I see what you mean, could it be done by CLI rather than GUI, I.e would the same commands that would be used for each ethernet port work for the wireless interfaces


Heaving all those command via CLI (start up script) instead of GUI is better, but it wont make any difference regarding the result....

Hmmm as egc said above, you have to use another way to connect R7000(via cable) and than you'd have more freedom, you can create a vlan and create a new bridge where you can assign wlan1 or wlan0 to it, than use this br on its own subnet...and it will be isolated (kind of),but you tag a port not a br...so, no fun with taggin a wifi, as its an interface..although its a part of the switch... Sad unless im wrong...

You can segregate a physical port(on vlan) and tag it, than connect another router in WAP mode to this port...so, port will be tagged and all devices connected in that wap will be tagged, i believe...
I've never tried tagiin like that, but i've kind of those isolated networks, port to wap...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Sep 23, 2021 20:07    Post subject: Reply with quote
Mixed reviews regarding powerline adapters, I think the key is to have a managed switch on either end or vlan-capable devices:

https://www.reddit.com/r/HomeNetworking/comments/k6ick1/powerline_adapters_with_vlan_tagginguntagging/

https://www.reddit.com/r/homelab/comments/602v6v/vlan_tags_and_powerline_adapters/

https://community.tp-link.com/us/home/forum/topic/213812

https://yhoo.it/3ABVaPL

I had to satisfy my own curiosity Twisted Evil

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Thu Sep 23, 2021 20:22    Post subject: Reply with quote
good find KP-69 i haven't looked for those, ages ago...
now i'm triggered...something new to play with....thanks for those finds... Shocked Shocked Rolling Eyes

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Sep 23, 2021 21:47    Post subject: Reply with quote
I stopped using my Netgear gigabit powerline adapters as I was getting garbage throughput; 5Mbit/s - 10Mbit/s. I think initially I was getting 50-100 on speedtest.net. I am going to be doing some change-ups this Fall so everything is wired except for mobile devices. Been putting it off too long Rolling Eyes
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Sat Sep 25, 2021 22:43    Post subject: Reply with quote
Cobra1582 wrote:

I would use a cable to connect them but in rented accommodation so can't drill holes.


If you really want a wired connection b/w the two routers which would allow you more options, I'd suggest the Wireless Wire Kit by MikroTik.

Briefly, the kit provides an equivalent 1Gbps full duplex link as if you had a Gigabit ethernet cable running in b/w. They connect over a 60 GHz wireless link with secure AES. Simply point the included devices at one another and power them on. And that's it. And you can take the kit with you when leaving.

See: https://www.amazon.com/Mikrotik-Wireless-RBwAPG-60ad-wireless-duplex/dp/B077992GG3#customerReviews

I installed Netgear routers (running DD-WRT) and MikroTik products in many setups. Both have pros and cons.

Cheers

_________________
Life is a journey; travel alone makes it less enjoyable and lonely.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum