Configuring a OpenWRT VPN network parallel to the main router's normal network

I'm trying to figure out how to configure a newly flashed OpenWRT device in a specific way. Details below.

What's my setup:

The main router (running proprietary firmware) is providing "normal" internet access via Ethernet or Wi-Fi.

The OpenWRT router (Xiaomi AX3000T) is connected to the main router via LAN. It's accessible to all devices in my local network. Currently, it doesn't have WAN access to the global net.

What I want to achieve:

The main router is providing regular ol' internet access, fast and reliable.

The OpenWRT is providing a different wireless network, tunnelling all traffic through VPN with some fancy encryption (?) going on (e.g. socks). It may not to sit on the same subnet the main router provide, if that's easier to realize.

In my quest to realize this setup, I was pointed to a certain Wiki article: https://openwrt.org/docs/guide-user/network/wifi/wifiextenders/bridgedap It looks close enough to my ideal setup, but I don't like how the "dumb AP" isn't left to think for itself. This comes in the way of VPN, doesn't it? With that in mind, I'm utterly confused as to how to proceed in my configuration. Is my idea even achieavable? Any advice would be great, thank you.

Where is the other end tunneling to? Is it going to a commercial VPN provider? Another device you own?

You actually want the AP to be as dumb as possible, so all the important network management stuff happens on the router, as it should. Or do you want to tunnel wireless traffic between the AP and the router through a VPN?

Can you tell us the end goal you want to achieve that you think would be solved with a VPN? It's not completely clear to me what it is you want, and it appears at first glance there's some confusion regarding the purpose of VPNs.

Where is the other end tunneling to? Is it going to a commercial VPN provider? Another device you own?

The former, pretty much. A rented server.

Can you tell us the end goal you want to achieve that you think would be solved with a VPN?

Access to some websites that I otherwise don't have. Having a router-side network would heavily reduce the amount of configuration required client-side.

Setup a guestwifi on your bridged ap:
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap

Then setup on OpenVPN client the regular way.
Only clients using the guest wifi will use the vpn.
Other connected clients will just bypass the router.

Can the same be done with sing-box in place of OpenVPN?

I think so but never had any need to use a proxy

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.