this post was submitted on 23 Sep 2023
9 points (90.9% liked)
networking
2814 readers
1 users here now
Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Maybe I can describe my favorite outcome of this:
The Fritzbox serves as modem and connects to my phone and a nextcloud-server. One LAN-connection is plugged into the 'internet-port' of the openWRT-router.
The openWRT-router is connecting all my PCs, Smartphones and my home-assistant-Pi. On the OpenWRT-router every connection to the internet is tunneld through NordVPN to hide my location. And every device connected to the OpenWRT-router uses the Pihole as DNS-Server. And I want to be able to use PiVPN (wireguard) to tunnel into my OpenWRT-network to be able to reach the home-assistant-Pi and to enjoy the benefits of the Pihole and NordVPN while I travel.
Is that even possible? My main concern is the NordVPN-part and if it works together with the Pihole and the PiVPN. I have a very limited understanding of VPNs and DNS-Server and I don't want to make myself vulnerable.
Well I would create 2 networks in your OpenWRT, Net1 would be tunneled over the VPN and Net2 will break out locally.
On Net1 you basically keep what you have.
Then you assign the NC Server to Net2. You can even create a SSID for this network (call it Guest or whatever) for when somebody needs your WiFi. Or if you want to connect a device you don’t care sending outside the VPN.
Afterwards you can go and turn off the WLAN in your Fritzbox. The telephone will continue working over DECT most likely.
You will probably also need to “expose” the OpenWRT on your Fritzbox. What this does is forward all traffic, unfiltered, to your OpenWRT. You need to do your own research to see if you want to do this, otherwise just forward porta as you need them.
Two networks on the OpenWRT is a really good idea, thank you! With the next free weekend and some duckduckgoing I should be able to implement this.