Posted: Fri Nov 19, 2021 12:19 Post subject: Advice about configuring my network
Hi.
Just considering which solution to choose better.
Requirements
I need only two IP's to go through VPN - all other via WAN.
I want to configure: killswitch to cut off internet access on hosts connected via vpn when it comes down (the rest must be unaffected by kill switch - they must have internet access) and later on watchdog too.
So far my configuration looks like this:
ISP Router (almost non configurable) - Subnet 192.168.0-254
DD-WRT Router (192.168.0.2) - working as a gateway with dhcp server - subnet 192.168.1.1.
So basicly two separate VLAN's and WLAN's.
All devices which I do not want to go through VPN are working within ISP Subnet.
Two devices which I want to go through VPN are working within DD-WRT Subnet.
And now I am starting to think about setting this whole mess in one subnet.
ISP Router as a main router serving WAN and DHCP to all clients.
DD-WRT as a transparent AP with configured OpenVPN service only for two clients - one wired the other wireless.
When killswitch will work I do not want all clients loose internet access - only those two via vpn.
Is it possible ?
Which way is better ? Two separate networks or one with above configuration ?
Ok guys that is what I have done so far.
Two separate VLAN's and WLAN's - both "receives" Internet Connection from non configurable ISP Router (192.168.0.1) which is in VLAN1.
Things look as described below, so far:
VLAN1 - 192.168.0.1 - from ISP Router. It distributes IP addresses via DHCP Server in it’s subnet, DD-WRT Router, which is connected via cable form Ethernet port of ISP Router to WAN port, receives IP 192.168.0.2 - and is working as a gateway.
VLAN2 - 192.168.1.1 - from DD-WRT Router - It distributes IP addresses via DHCP Server in it’s subnet.
So far I manage to achive OpenVPN Client configuration on DD-WRT Router. I configured killswitch on it. It cuts off Internet when OpenVPN connection is lost. This affects all devices in this subnet.
So far this solution is good for me.
By now I assume that I achive all from devices that I am dealing with.
I am affraid that I cannot merge this two subnets into one and „play with configuration” futher, because on ISP Router I do not have advanced routing tab to configure.
Am I right ?
Additional info:
ISP Router (Poland’s UPC ConnectBox)
DD-WRT Router (TP-Link WR1042nd v2)
If you have any additional thoughts about this config, maybe there is something what can I change or do it better way - I would appreciate any suggestions.
Best regards.
Is there a way in WR1043nd v2 to do split ethernet/wireless port configuration ?
I am thinking of capability of achiving split vlan's/wlan's on it.
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Sat Nov 20, 2021 20:09 Post subject:
scOOtt wrote:
Is there a way in WR1043nd v2 to do split ethernet/wireless port configuration ?
I am thinking of capability of achieving split vlan's/wlan's on it.
yep its possible, WR1043nd v2 has a vlan capable switch.. as well to split vlan's/wlan's just unbridge the wlan, create a new bridge, assign wlan to it, give it a dhcp and ip range and you are ok _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913