Creating a unique lan subnet for VPN on a Pi

is it possible to create a standalone subnet with pi as the default gateway (with IP address like 192.168.8.1) so that users no longer need to configure their connection to pi's hotspot?

For example, I need to use VPN occasionally on my phone. When I need to turn on VPN, the only thing I need to do is connect to the pi's hotspot. In other times, I can simply connect to the main router. Is this possible?

I found this post Raspberry pi to ISP Router on different subnet (Question) [Solved] - Installing and Using OpenWrt - OpenWrt Forum and it's very similar to what I want to do. Currently the only available hardware for me is a raspberry pi.

I tried to create a new WAN interface (DHCP client) with eth0 as device but it won't get an IP address from my main router :frowning:

Sure... this is of course possible. Keep in mind, though, that the Pi's wifi is very limiting (range and bandwidth).

But sure, as long as your Pi is connected to the main router by ethernet, you can use it in standard routing mode, setup the VPN, and then broadcast the new new SSID (for the Pi's lan) on the Pi itself. When you connect to the Pi's wifi, you can have everything route through the VPN.

The above configuration will be fine as long as you don't also need to be able to connect to other computers/devices on your main network... depending on the types of connections and the upstream router's capabilities, this may be a bit more work or in some cases impossible.

How should I configure my interfaces on Pi? Could you be a little more specific?

I've tried the following configurations:

  • lan interface:
    • protocol: Static address
    • device: br-lan
    • IPv4: 192.168.8.1
  • wan interface (manually created):
    • Protocol: DHCP client
    • device: eth0

However, my Pi couldn't get an IP address from my main router and neither my devices connected to the Pi hotspot nor the Pi itself could connect to the Internet.

I also tried this configuration:

  • lan interface:
    • protocol: Static address
    • device: br-lan
    • IPv4: 192.168.8.1
  • wan interface (manually created):
    • Protocol: DHCP client
    • device: br-lan
  • firewall:
    • IP Masquerading enabled on lan=>wan

With this config, my device connected to the Pi hotspot is able to connect to the Internet but the IP address is assigned by the main router DHCP (like 192.168.31.123 instead of 192.168.8.123). The Pi would not route my traffic and it seems only to forward my traffic to the main router unless I manually set my laptop gateway to 192.168.8.1.

The easiest way to do this is as follows:

You'll start with a default configuration of OpenWrt on the Pi. You'll connect the ethernet directly between the Pi and your computer, login, and then configure and enable wifi.

From there, you'll use wifi to connect and you'll remove the ethernet port (eth0) from br-lan and assign it to a new wan network interface (probably with protocol dhcp client).

--> we need to know what the main router's subnet is... you have mentioned 192.168.31.123 as the IP address the Pi is getting -- can you confirm that this is the case? If so, the existing lan configuration on the Pi is fine (192.168.1.0/24).

Then you can connect your Pi to one of your router's ethernet ports and you should be able to browse the internet on a wifi connected device (connected to the Pi's SSID).

With all of that working, you can setup the VPN, and once that is complete, your wifi client should go through the VPN.

The actual subnets for my network are 192.168.1.0/24 (optical modem) and 192.168.31.0/24 (my main router).

I think the key point would be to remove eth0 from br-lan and assign it to a new wan network interface :thinking:

You shouldn't need to change the subnet of your OpenWrt Pi, but you certainly can. It should work with the default 192.168.1.1 address, but if it doesn't, change it to something else.

This should be an extremely easy fix though it costs me (and chatGPT) 2 days to configure it :smiling_face_with_tear: and many thanks to @psherman !!!!

For people who face the same issue, consider configuring the interfaces this way:

  • lan interface:
    • protocol: static address
    • device: phy0-ap0 (the wireless network, or you can also remove eth0 from the br-lan via Network-Interface-Device-br-lan as suggested by @psherman)
    • IPv4: 192.168.8.1 (or any other address)
  • (create a new) wan interface:
    • protocol: DHCP client
    • device: eth0

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.