I have a rather unusual setup and can't find the right tutorial for this:
I have a router (wireless and LAN) which has some devices, but no internet connection. This router acts as DHCP-Server for its clients.
Let's call this the G-router.
On the other side I have a LTE-router connecting to a mobile network. This router is wired-only and has a DHCP-server as well.
Further called 'LTE-router'
Now to the problem:
I need a Zerotier connection so I can access the G-router's network from outside. And no, I can't just combine LTE and G router to a single subnet, both have to stay as they are.
My solution in theory:
Place a OpenWRT-router in the middle. On it's WAN Port it has the LTE-Router, and it connects to the G-router as wireless client.
The Zerotier package will then connect through WAN-Port->LTE-Router to internet and give access to devices in the G-router's network.
But let's leave the Zerotier-thing by side for starters (already did that in a simple test without bridging).
Question:
How do I configure the LAN-settings and Wifi-settings of the OpenWRT-Router? I guess it should not act as DHCP-server, instead it should get itself an IP of the G-router and act as a switch with its LAN ports.
So every device that is plugged into a LAN-port of OpenWRT-router would get an IP of G-router's network.
None of the clients needs internet-connection, this is only needed for Zerotier.
Given IP-ranges:
G-router:
172.16.x.x
LTE-Router:
10.0.1.1
OpenWRT:
to be configured... momentarily 192.168.1.1, but with own DHCP-server
I hope someone can help, maybe there is a documentation for exactly this scenario somewhere?
(That zero-stuff offers some kind of VPN when you don't have a public IP)
Unfortunately I can't hook the G-router's WAN anywhere, since there simply isn't any WAN-port (proprietary system with no internet-access, no possibility to change anything on that side besides the wpa2 passphrase).
So the only option is to have something acting as client that connects to the G-Router.
Same thing with the LTE-Router, has to be left as is.
Only point of configuration would be the OpenWRT-router, this would have to do this:
get internal IP (LAN & wifi side bridged) from G-Router.
on WAN side get IP from LTE-Router (double NAT but works so far)
route internet-traffic from LAN/wifi to LTE-Router and not the one who serves as DHCP.
Problem here, the DNS-server is usually defined by the DHCP-server.
But:
Since all clients on LAN / wifi do not need internet-access, it would be sufficient to route the Zerotier-traffic to the LTE-Router. Since the Zerotier thing is configured in OpenWRT as separate network, that would be possible.
Plug laptop into LAN ports of OpenWRT router - it gets an IP from the LTE-router.
It doesn't matter if OpenWRT and LTE router are connected via LAN or Wifi, both works now.
And I can reach the OpenWRT Router via Zerotier VPN.
But: I see no other deveices over VPN. I can ping and reach Webportal of OpenWRT but nothing else, seems there is something wrong with bridging / routing from VPN to LAN.
These are my firewall-settings:
config rule
option dest_port '9993'
option src '*'
option name 'Allow-ZeroTier-Inbound'
option target 'ACCEPT'
list proto 'udp'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option output 'ACCEPT'
option network 'ZeroTier'
config forwarding
option dest 'lan'
option src 'vpn'
config forwarding
option dest 'wan'
option src 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
Network settings:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdd8:e2e4:9a5e::/48'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config device
option name 'eth0'
option macaddr 'c6:3d:c7:97:80:a1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option ipaddr '172.16.100.1'
option netmask '255.255.0.0'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option blinkrate '2'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5'
config switch_port
option device 'switch0'
option port '1'
option led '6'
config switch_port
option device 'switch0'
option port '2'
option led '9'
config switch_port
option device 'switch0'
option port '5'
option led '2'
config interface 'wwan'
option proto 'dhcp'
config interface 'repeater_bridge'
option proto 'relay'
option ipaddr '172.16.0.225'
list network 'lan'
list network 'wwan'
config interface 'ZeroTier'
option proto 'none'
option device 'zt6ovr4nf3'
Let's set this aside for the time being because that's an entirely different kettle of fish. Because a wifi client (the only connection you have to the G router's network) can't be in a bridge, that want is a problem.
So look at the other situation of routing from Zerotier to the G network. Here OpenWrt would have a wifi client of G (a separate interface from wan and lan, and not a bridge), holding one IP on the G network. Meanwhile there is a Zerotier interface, in a different subnet, and forward between them. The wan network is your link to the Internet, and lan is still there for administration, but isn't part of the routing from VPN to G. Zerotier is a layer 3 network, so you have to route it not bridge it. This means that all the interfaces are in separate subnets, so the routing table can be built based on IP ranges. (there is also layer 2 zerotier, but it doesn't hold any advantage here).
ok I can temporarily connect G-router via LAN. I should get this going first.
So, over Zerotier I can reach Ip of OpenWRT, but no further. Where do I have to set the routes, in the Zerotier settings (online dashboard) I have this route:
172.16.0.0/16 via 10.147.18.212 (OpenWRT routers IP on VPN side)
Or do I have to change / add routes in OpenWRT? Can you give me a hint where and what?