Hi all,
To start, this is homelab learning, i could give up and use 802.1q im sure, but i am trying to understand and learn macvlan with respect to openwrt since there's so little info out there so i can create some docs for people. Anyway, after doing a lot of trial and error, i flashed both routers to default, openwrt firmware (24.10.0 Dynalink DL-WRX36), installed kmod-macvlan, tcpdump & ip-full to make sure nothing lingured to mess with the foundation start point.
Topology by device: RouterA -> RouterB -> ISP (in the future i am putting a x86 openwrt router after RouterB to custom build a firewall solution, need this basic MacVlan working first!)
I have RouterA and RouterB, Both have their wan port virtualized using Macvlan in bridge, called VWan1 & VWan2.
Both have replaced the use of the wan port with VWan1, meaning i just replaced the wan device in the wan interfaces with VWan1, no other changes.
At this point, everything works exactly like expected. Wan interfaces get their ip address from upstream and route traffic no issue.
I set VWan2 on both routers into a new static interface, Router A gets the static ip address of 192.168.0.2, Router B gets 192.168.0.1, I make router B the one to get 0.1 because in the future, more physical devices on the virtual network will connect physically to Router B and not A.
I know (some) stuff about the firewall rules, but before i even get to that, i am having a damn hard time trying to figure out why my pings are not showing up on RouterA's VWan2 when i try to ping an address on the 0.0 subnet. I am using the router to ping, not a device connected to it to avoid any other device or rules issues. I watch the Macvlan device using the command tcpdump -i VWan2 icmp
Nothing i did worked until i executed this command using the VWan2 device info from Router B:
Ip neigh add ||ip address of router b|| lladdr ||mac of Router B|| nud permanent dev VWan2
After that, the pings would show up with tcpdump. My mind is going crazy trying to understand why that works, but when i do it using the gui way of adding a route where you have to specify the interface you attached the device to, it does not work. I give it the interface name i called FirewalledNet, ip address 192.168.0.0/24, set the gateway as ending in 0.1 (Router B), change nothing else, everything else is default, no other customizations. Reboot to make sure the manual ip neigh is gone, back to not seeing pings on VWan2 (FirewalledNet)
The only thing i am left to think is the gatway, but if that truly is the problem, then how do i get what will be three openwrt devices using macvlan to use a specific device as their gateway then? But thats if thats even the problem and ive been working on this for over a week now and am running out of ideas.