Configuring OpenWrt to access my home network

Hi,

I'm currently running the following setup:
TV provider's network device that combines modem witharouter.
D-Link DIR-505 AP/repeater

My goal
Access my home network from outside. My TV provider provides the ability to watch his programming through an app, but most of the channels are only available when you're connected to his network. By accessing the home network remotely I will be able to watch all the channels outside the network.

What I did so far

  1. Installed OpenWrt on DIR-505
  2. Installed OpenVPN server on DIR-505
  3. Connected DIR-505 to my provider's router wirelessly (however I'm not able to connect to the internet).

Questions

  1. Should I install and configure relayd to be able to connect to the internet through my DIR-505 or it's just a matter of firewall and network configuration?
  2. How can I proceed further to access my network from outside through my DIR-505 on OpenWrt? Somebody told that in order to succeed I need to turn off the DHCP in OpenWrt for my DIR-505 to get the main router IP and enable port forwarding. However my understanding of OpenWrt configuration and networking in overall is limited. I turned off DHCP and set the router IP to 192.168.1.2 (but I'm only able to access it when I manually set IP on my laptop in the same subnet).

I'd appreciate any help from the community.

Thanks,
B.

I would do this quite a bit differently, if you are able. This mirrors what I have on my own VPN and it works really well.

  1. connect to your upstream network via the ethernet port.
  2. make the ethernet port WAN and the wireless LAN (which will be largely unused)
  3. Make sure that your DIR-505 LAN is defined on a different subnet (so say 10.1.10.0/24, as an example).
  4. use wireguard instead of openvpn (or you can always run both, but WG will be much better performance).
  5. Configure the firewall to allow port 22 (ssh), 80 (web) for easier remote admin, and the related WG and/or OpenVPN ports from WAN. [NOTE: normally it would be a bad idea to open ssh and web access to the router itself from the WAN, but since you are already behind another router, the WAN of your VPN router is actually part of your trusted network].
  6. Setup WG and/or OpenVPN firewall zones and allow forwarding to the WAN zone (which, as stated above, is actually your trusted LAN and it will also permit internet access via the VPN).
  7. Either set the DIR-505 WAN to a static IP, or use DHCP reservations on your primary router to ensure that it always gets the same IP address in your LAN.
  8. forward the WG and/or OpenVPN ports (on your primary router) to the DIR-505's IP address on your network.

I do something very similar to this and it works really well.

Hi psherman,

Thanks for your answer.
I think I will restart my DIR-505 to base OpenWrt settings and proceed with your instructions. I will connect DIR-505 to my master router using the ethernet cable and LAN ports.

However I noticed that you mentioned by DIR-505 should be running on the different subnet, however this instruction for setting up client devices states that I should use the IP range within the same subnet. https://openwrt.org/docs/guide-user/network/openwrt_as_clientdevice

Can you please clarify?

Thanks!

Start up a wifi AP on the DIR-505 and connect it to the DIR-505's internal default LAN network. You may only need this to administer the DIR-505 as you use the single Ethernet port for something else.

The Ethernet connection to the main router should be the WAN. The two subnets need to be different.

You will need to forward a port through the main router so that the incoming connection from your remote VPN client are passed to the DIR-505. This means you need to reserve a DHCP lease in the main router or configure a static IP on the DIR-505 so it is always at the same IP on the main router's LAN. Sometimes there is not the option to forward ports one at a time, in that case look for a "DMZ" option which will forward all incoming ports to one LAN device. This is safe to do to the DIR-505 since it is the WAN network which will be exposed, and the firewall will block everything except VPN clients.

1 Like

@bgkce - the guide you linked assumes a lan-lan connection between the devices. My recommendations is lan (primary router) - wan (OpenWrt router). Since your DIR-505 only has a single Ethernet port, that will be configured as the wan. The LAN of the 505 must therefore be on a different subnet, since a router must have different networks defined on each side of the routing layer.

@mk24 has added some detail that should be useful.

If you’re still confused or having trouble getting the initial setup running, please let us know specifically where you are stuck.

1 Like