TLDR; Use OpenWRT router to build a closed of 10.0.0.0 network within an 192.168.0.0 home network with an ISP Router, driving a Dual-homed PC (!Microsoft!) client.
So far best solution is to change OpenWRT DHCP settings, in such a way that provided LAN standard gateway is identical to the via DHCP received standard gateway of WAN side (in our case network 192.168.0.1 DHCP by ISP Router) and push a default route to the closed NW to all LAN clients.
1. Why
Two locations (flats), each with its own 196.168.0.0 network. We want to set up a shared third network between those two flats, that is closed off to the worldwide internet and to both private homes networks traffics for privacy issues. Within this third 10.0.0.0 network we will use shared clients like sever and other IP services as if they would be on one single local network.
2. System Overview
Note: One Dual-homed PC in each network with two physical NW interfaces
Note: Server and other clients of 10.0.0.0. network are not shown
3. Our Solution
Two Asus Router with OpenWRT and OpenVPN setup with to subnets, no bridge mode. Flat 1 network host the VPN server 10.0.0.1 and the LAN subnet 10.1.0.0 and flat two offers a VPN client 10.0.0.2 with the lan subnet 10.2.0.0.
As we are using windows operation system, our goal is to use them as is. No Microsoft group policies shall be used, no features shall be deactivated (like Windows Defender and such). As those windows machines might be portable and might be swapped, we want to have an as light impact as possible on the windows operation system.
3.a. Regarding OpenVPN
As this is not our issue please see attached config files.
5. Our Issue
As we are using windows, we face a Dual-homed PC / Microsoft network policy issue regarding the standard gateways. As the OpenWRT Asus router provides normally also a default gateway on its subnet (second interface card on windows machine), the windows system now has two standard gateways whereby one is not connected to any internet. That means we will lose the internet connection from time to time.
As far as we know, there are three general ways to fix this issue:
5.a First option is to force openWRT via DHCP setting (DHCP option 3) not to set a default gateway. But now Windows will not recognize this network anymore (NlaSvc recognizes networks by its standard gateway), turns the network profile to public and the firewall will block nearly all traffic. Sidenote: If you are using PING to check your network setup – the firewall will drop the reply! Now one might deactivate this windows service via registry value – but this breaks windows even more. One might also choose to deactivate the windows firewall although.
To disable setting the default gateway
option dhcp_option '3'
networking - How to skip pushing the default gateway via DHCP in OpenWRT? - Super User
5.b Second option , set a static IP address with 192.168.0.1 as standard gateway provided by the ISP router on the PC and the router. For this one might change the adapter properties within windows hard use static ip adress. But this would deactivate dhcp. So any network changes down the road would need to consider this static address.
Now windows would never route any package into the 10.x.x.x networks. As such one must provide a route.
5.c Our preferred option: We would like OpenWRT to provide the same standard gateway on its LAN interface as it is provided by the ISP Router on its WAN interface. With this, the LAN standard gateway is the same as the WAN side (and recognized as the same private network by Microsoft Nla Service).
Known drawback: The now provided LAN interface gateway is now useless for all 10.x.x.x clients, but solves the Microsoft network policy recognition problem. As such we would like now to push the needed route for the 10.x.x.x networks via the DHCP service from the OpenWRT router.
How would this be done on OpenWRT?
Would there be another solution?
Many thanks in advanced to you - BR