is it possible to create a standalone subnet with pi as the default gateway (with IP address like 192.168.8.1) so that users no longer need to configure their connection to pi's hotspot?
For example, I need to use VPN occasionally on my phone. When I need to turn on VPN, the only thing I need to do is connect to the pi's hotspot. In other times, I can simply connect to the main router. Is this possible?
Sure... this is of course possible. Keep in mind, though, that the Pi's wifi is very limiting (range and bandwidth).
But sure, as long as your Pi is connected to the main router by ethernet, you can use it in standard routing mode, setup the VPN, and then broadcast the new new SSID (for the Pi's lan) on the Pi itself. When you connect to the Pi's wifi, you can have everything route through the VPN.
The above configuration will be fine as long as you don't also need to be able to connect to other computers/devices on your main network... depending on the types of connections and the upstream router's capabilities, this may be a bit more work or in some cases impossible.
How should I configure my interfaces on Pi? Could you be a little more specific?
I've tried the following configurations:
lan interface:
protocol: Static address
device: br-lan
IPv4: 192.168.8.1
wan interface (manually created):
Protocol: DHCP client
device: eth0
However, my Pi couldn't get an IP address from my main router and neither my devices connected to the Pi hotspot nor the Pi itself could connect to the Internet.
I also tried this configuration:
lan interface:
protocol: Static address
device: br-lan
IPv4: 192.168.8.1
wan interface (manually created):
Protocol: DHCP client
device: br-lan
firewall:
IP Masquerading enabled on lan=>wan
With this config, my device connected to the Pi hotspot is able to connect to the Internet but the IP address is assigned by the main router DHCP (like 192.168.31.123 instead of 192.168.8.123). The Pi would not route my traffic and it seems only to forward my traffic to the main router unless I manually set my laptop gateway to 192.168.8.1.
You'll start with a default configuration of OpenWrt on the Pi. You'll connect the ethernet directly between the Pi and your computer, login, and then configure and enable wifi.
From there, you'll use wifi to connect and you'll remove the ethernet port (eth0) from br-lan and assign it to a new wan network interface (probably with protocol dhcp client).
--> we need to know what the main router's subnet is... you have mentioned 192.168.31.123 as the IP address the Pi is getting -- can you confirm that this is the case? If so, the existing lan configuration on the Pi is fine (192.168.1.0/24).
Then you can connect your Pi to one of your router's ethernet ports and you should be able to browse the internet on a wifi connected device (connected to the Pi's SSID).
With all of that working, you can setup the VPN, and once that is complete, your wifi client should go through the VPN.
You shouldn't need to change the subnet of your OpenWrt Pi, but you certainly can. It should work with the default 192.168.1.1 address, but if it doesn't, change it to something else.
and many thanks to