That's a quick layout of the network.
Using packet tracer I am able to successfully configure the static routing and ping any IP from any PC.
Both of my routers are using Openwrt and I am not too sure about how to configure a LAN port on both routers to be able to assign them each an IP and therefore do the static routing.
I tried to find videos online but I only found videos of routers with different firmware. I created another vlan that included just one port and added it as an interface for br-lan on both routers (assigned the 192.168.2.x IPs) and then added the static routes on the appropriate page which is just like how I had it on packet tracer and I get no luck.
Any info and/or push in the right direction would be greatly appreciated (:
On the left hand router, you'll set a static route for target 10.0.0.0/24 via gateway 192.168.2.4 of type unicast.
On the right router, you'll set 192.168.1.0/24 via 192.168.2.2
(I'm assuming /24's here).
Your firewalls need to be configured correctly, too... if you want wide open routing, you can add the network on each device that is in the 192.168.2.0/24 subnet to the same zone as the respective lan, and then ensure that the zone-rule for forward = accept.
If you'd like us to review, please post the following for each router:
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
EDIT: it should be noted that the two routers in question must be the default gateway for the hosts connected on each one of these networks. If it is not, the process is more complex (and may or may not be easily achieved).
This is from the 10.0.0.1 router. The other one is currently in use by others at the moment. But I'm sure if I can figure out what I did wrong on this router I can replicate and mirror on the 192.168 router.
I'm not sure if it matters, but I would avoid using the word "bridge" as the interface here. Bridge is a word with a special meaning/interpretation in OpenWrt and using it as a human readable name might cause an issue (at the very least, it can be confusing to see used in this way given that it has a very specific use). Instead, maybe use something like "xconnect" so that it is clear what it is/does, but doesn't risk causing a conflict.
The main issue is probably related to the fact that you've just connected this special network to the br-lan device. You need a unique device for this... fortunately, you can use VLAN techniques for this.
I am assuming that the each router is using its WAN port for an uplink to an ISP or some upstream connection. If this is not the case, please correct me.
Here are the recommended edits:
remove the description from this:
Figure out which of the logical ports corresponds to the physical port used for the interconnect (it will be 2, 3 ,or 4). Remove that logical port number from this stanza
Then create a new VLAN definition for that port. In this case, I'll assume logical port 4 corresponds to the physical interconnect (and that you will have removed 4 from above):
And finally, remove the interface declaration for the static route from below (simply remove the entire line)
Don't forget to change (or verify) the firewall assignment of the xconnect network into the lan zone -- it should now read as 'xconnect' instead of 'bridge'
What you're trying to do by making another interface called "bridge" will not work. In particular you can't have the same "real hardware" device (br-lan) in two interfaces (though you can put additional IP addresses on it by using an alias)
This network should be built around lan->wan routing, with the top of the diagram being the wan side.
Usually the 192.168.2.0 network is controlled by another router (not shown) which issues DHCP to the wan ports of the two sub routers and also provides a link to the Internet. If there isn't another router,. connect the two wan ports with a cable and set the wan interfaces to static IPs of 192.168.2.2/24 and 192.168.2.4/24.
Then in the firewall, turn off masquerading on the wan and add a forward rule wan to lan so there is symmetric forwarding in both directions.
@mk24 - your suggestions require a very different topology than the OP currently uses. I am working on the idea that a cross-connect should work, provided that these two routers are the main routers for their respective network. Do you see an error (or impossibility) in this approach?
I had only read the OP's post. What you are proposing looks like it would work.
If both of these routers have an independent connection to the Internet and want to keep it that way, I'd deploy the "connect two apartments" use case which is simpler.
Router B needs an independent interface which holds an IP address on router A's LAN: it is connected to that lan by Ethernet or a wifi client. This interface should be in the lan firewall zone or in a new zone with appropriate forwarding rules. If this is the main router in apartment B, that is all that needs to be done there since having such an interface establishes a route to the other lan.
Then the main router in apartment A needs a route to lan B via the IP that router B has on lan A. All firewalling (if any) needs to be done in router B.
I will give some extra clarification with the network. For the next few days (until additional additional isp install) both routers are on same subnet and share internet and a plex server. Starting next week they both will have their own internet and the routing is needed to still be able to access the plex server.
Ok... so yes, if there are two independent internet connections, you'll probably want to setup the interconnect. There are alternative ways of handling this (such as a single upstream router like you have now, but with policy based routing to utilize the internet connections as 1-per network), but I think the topology you're suggesting should work once the network configurations are configured correctly.
Feel free to post your second router's config for review. And, after you make the edits I've suggested, I'd recommend that you post the results to make sure we got everything right.
The port for the physical interconnect is 5. It's port 4 on the router page but becomes 5 in the config.
Is making a new vlan of 3 necessary? Could I edit the vid 2 vlan?
Are you certain? Logical port 5 is currently assigned to eth0.2, but eth0.2 is being used for the WAN... see below:
Based on your description, it sounds like you need to have a port configured for the WAN since each router will have an independent internet connection. Therefore, you should probably make verify the logical port number for the WAN port (as labeled on the device) and then use that in the VLAN2 definition.
Since you will have the LAN on eth0.1 and the WAN on eth0.2, you will need eth0.3 to make the interconnect work properly.
Yes, you can use the route without an interface. There should be an option under the interface to select 'unspecified' (that should effectively remove this line in the config file).
the target needs to be '10.0.0.0/24' and remove the option interface in the route stanza (same answer as above -- use 'unspecified' if you're configuring via the web interface).
Otherwise I think the config on this router seems okay.
Okay I see that the WAN is using eth0.2. I'm not too sure where to go from here but I did this to try and help what port is what. (10.0.0.1) router. The descriptions are referring to what port is shown on the browser page.
The physical > logical port mapping can be tricky... sometimes it is 1=1, 2=2, etc, other times it might be 1=4, 2=3, 3=2, etc. or in certain cases in can appear random. For some hardware, you will find the mapping described in the device info page here on the OpenWrt site.
I have a little trick that I have used successfully to identify the ports:
Use the LuCI web interface switch page to observe the link status as you plug in/unplug a cable (this will help determine if the mapping of the port numbers on the case corresponds to the LuCI numbers). Then, for that port you'll probably have one of your VLANs listed as untagged... from there you can set it to 'off' and see which number disappears from the VLAN in the text config.
Meanwhile, what you have done in your previous post is to set each port to its own VLAN. This will work, but means that each port will be entirely independent (no two ports will have the same network on it). I don't really recommend this path for your use case -- I'd suggest reverting to your previous configuration.
It's reverted already. I was just getting all the port numbers. After I get back home I will check if the visual representation of the port on the page matches up correctly with the port on the back of the router as well.
Edit: oh I think I see the mishap when you thought that port 5 was tied to the wan.It was because I had 5t instead of 5. Yea I had tried tagged ports for the vlan just because I was literally trying everything last night
Your wan network interface is set for eth0.2 and you had port 5 in VLAN 2 (and yes, port 5 was tagged). But regardless, you should use VLAN2 for the wan and then create VLAN 3 for the crossconnect.
Oh I think I understand. I have to create a vlan to use my wan port. I didn't have to do that on my 192.168.1.1 router. The wan port isn't even visible on the switch page. On the 10.0.0.1 router the wan port is visible and isn't premapped I guess.
Yeah, it appears that one of your routers has the wan port as just another port on the switch... by default, this works by using VLANs to set 4 of the ports to the lan and the 5th port as the wan).
The other router seems to have a separate, individually routed ethernet port as the wan, and then a switch for the other ports.
Is it an option to reset to defaults on each of the routers? From there, you can provide the default network config files and we can make the appropriate edits, ensuring that things are relatively close to defaults except where you want/need them to be different.
If you can take the router offline but only for a few mins, simply make a backup, reset to defaults, dump the /etc/config/network file, and then restore the backup. That would only be about 5 mins of downtime (or less), and then we can work with the default files.
I have it working now.
On the 10.0.0.1 router it apparently has a hidden vlan with id of 2 reserved for the WAN. It didn't matter what I would put down for the vlan it would be completely ignored if the id was 2. I changed the id to 3 and left it at that.
I also had to choose the xconnect interface for the static route. I couldn't get a single ping without it. Everything seems to work fine (file sharing, plex streaming, router logins) from any PC/device.
So until Monday (new isp install) I will backup all the configs and revert to old config so I can continue to use the single internet on both networks.
I appreciate the help. I had no clue I had to select the tagged port as well on my bridged vlan.
