Hello! As a complete beginner in home networking I am a bit lost with my problem. Maybe someone can help:
Setup: Internet socket in the wall -> Fritzbox-router -> Linksys router with OpenWRT and a VPN (NordVPN)
I have to Networks I can connect to, the Fritzbox-Network (192.168.178.) and the OpenWRT-Network (192.168.1.). Most PCs/Smartphones are connected to the OpenWRT-Network to be a bit more protected with the VPN. Some are connected to the Fritzbox.
Now two questions:
- How can I connect those two networks so that I can e.g. ssh from 192.168.178.10 to 192.168.1.30?
- Who is providing the DNS, when I connect a PiHole to the Fritzbox, set it as DNS-Server and then connect my PC to the other network, which is routing everything to NordVPN? Does NordVPN use its own DNS-Server?
What do I need to learn to understand my own network better?
Well it would depend on how you are routing your traffic. What is your VPN doing? How is it configured? I am a network engineer, happy to give you a hand.
I would have it in one of two ways:
2 different SSIDs/networks, one fully VPN’nd and the other directly connected to internet.
or use 1 network to rule them all and then PBR (policy based routing) for the VPN, meaning that you send only specific traffic through the VPN. This can depend on IP, port, protocol, etc. Definitely the most advanced (and fun!) option.
Maybe I can describe my favorite outcome of this:
The Fritzbox serves as modem and connects to my phone and a nextcloud-server. One LAN-connection is plugged into the ‘internet-port’ of the openWRT-router.
The openWRT-router is connecting all my PCs, Smartphones and my home-assistant-Pi. On the OpenWRT-router every connection to the internet is tunneld through NordVPN to hide my location. And every device connected to the OpenWRT-router uses the Pihole as DNS-Server. And I want to be able to use PiVPN (wireguard) to tunnel into my OpenWRT-network to be able to reach the home-assistant-Pi and to enjoy the benefits of the Pihole and NordVPN while I travel.
Is that even possible? My main concern is the NordVPN-part and if it works together with the Pihole and the PiVPN. I have a very limited understanding of VPNs and DNS-Server and I don’t want to make myself vulnerable.
Well I would create 2 networks in your OpenWRT, Net1 would be tunneled over the VPN and Net2 will break out locally.
On Net1 you basically keep what you have.
Then you assign the NC Server to Net2. You can even create a SSID for this network (call it Guest or whatever) for when somebody needs your WiFi. Or if you want to connect a device you don’t care sending outside the VPN.
Afterwards you can go and turn off the WLAN in your Fritzbox. The telephone will continue working over DECT most likely.
You will probably also need to “expose” the OpenWRT on your Fritzbox. What this does is forward all traffic, unfiltered, to your OpenWRT. You need to do your own research to see if you want to do this, otherwise just forward porta as you need them.
Two networks on the OpenWRT is a really good idea, thank you! With the next free weekend and some duckduckgoing I should be able to implement this.