I have some smart home devices (security cam etc), which opens a connection to a internet service for to access via app. So it is like an VPN into my network.
So I want to put them into the guestwifi of my main Router (Fritzbox cable).
But I want to access these devices from other software in my normal LAN network.
The main router does not allow to access the guestlan from the normal network.
So my idea was: to install openwrt on a raspberry pi. The openwrt has a LAN interface in my home network (Zone lan) and a wifi client interface to the guestWifi (Zone wifiguest).
For every device I want to access in the guestwifi I create an alias interface (lanX) with seperate IP on the home network interface.
So far it works....
I tried to create a route from interface lan1 (192.yyy.xxx.13) to the target IP of the security cam, but I could not access it.
I there anything else to do ? I only use the UI not the command lines or config files.
Even if you create a route, your computers have not been told to use it. You would need to add it on the DHCP server (not the device with the DHCP server) so it announces the new route to the clients, but I doubt an original firmware would do that.
On the fritz box you can add additional routes. I have a fritz box as main router and openwrt Access points with guest network. I added these as routes to the fritz box, so I am able to access guest network devices from my normal lan.
So you build up the guestWifi with the openwrt device, right ?
And how did you manage the routing from guestWifi over openwrt so that they cloud not access the local network ?
but does this solution work if my homenet is LAN/WLAN of the Fritzbox and so it is not behind openwrt, so the openwrt is one client of the homenet (=wan interface)....!?
yes, it does. An access point is always behind a router and client of a router. And you connect the AP via lan, not via wan interface. The firewall rules of the AP prevent access to your normal lan, if it is set up correctly (as described in the above link).
Check out the firewall rules, there is a rule called "Block guest access to private network". This is the one you are explicitly asking for.
I work on the guide and it the GuestWifi works fine,
I also create an static route on the fritzbox to route the new subnets (guestWifi) to the openwrt.