Hello,
currently I am living in dorm like apartment with three other roommates. Everyone has his own Internet connection coming from a static gigabit WAN port in the wall. I wan't to create one big Wifi (same SSID) where the clients decide to which AP (Lede C7 Router) they want to connect. But I also want that all (w)lan clients can communicate with each other regardless to which AP/Router they are connected .
As I can't lay cables, haven't access to the wan Switch (providing the wall ports) and also a wifi mesh is bad idea as well (due to many wifis), I decided to realize a bridged VPN.
I think one DHCP Server without Subnets would be best, so I can walk through the apartment without long connection changes and all devices would remain their IP.
Therefore I set my router as the OpenVPN-Server and the other routers as OpenVPN-Clients. I am able to access all lan clients through the VPN but the problem is that I am loosing my Internet connection (or even sometimes I get Internet through the VPN-Server, depending on the manually restarted the services). I still want the devices to use the wan port for internet the current connected router is connected to.
To make things a little bit clearer I made a schematic:
Server Config:
etc/config/openvpn
config openvpn 'WGVPN'
option enabled '1'
option verb '3'
option proto 'udp'
option port '1194'
option dev 'tap0'
option mode 'server'
option tls_server '1'
option keepalive '10 120'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/my-server.crt'
option key '/etc/openvpn/my-server.key'
option dh '/etc/openvpn/dh2048.pem'
option status '/var/log/openvpn-status.log'
/etc/config/network
...
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option _orig_ifname 'eth1 wlan0 wlan1 wlan1-1'
option _orig_bridge 'true'
option ifname 'eth1 tap0'
config interface 'vpn0'
option ifname 'tap0'
option proto 'none'
option auto '1'
...
Client Config:
/etc/config/openvpn
config openvpn 'WGvpn'
option enabled '1'
option proto 'udp'
option verb '3'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/my-client-115.crt'
option key '/etc/openvpn/my-client-115.key'
option client '1'
option remote_cert_tls 'server'
option dev_type 'tap'
option port '1194'
list remote ''
option dev 'tap0'
option log 'openvpn.log'
option tls_client '1'
/etc/config/network
...
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option _orig_ifname 'eth1 wlan0 wlan1 wlan1-1'
option _orig_bridge 'true'
option ipaddr '192.168.1.3'
option ifname 'eth1 tap0'
option gateway '192.168.1.3'
config interface 'vpn0'
option ifname 'tap0'
option proto 'none'
option auto '1'
...
/etc/config/dhcp
config dhcp 'lan'
option interface 'lan'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
option ignore '1'
To mention every detail: I also have mwan3 installed as I need some policy based routing for a guest wifi using an external VPN to access the Internet
Thank you in advance