LAN and Wifi on separate networks + VLAN3 (Port4) behind OpenVPN client

Hi all,

I'm completely new to OpenWRT, after too many years under TomatoUSB. And I'm starting to find out the almost unlimited possibilities with this wonderful firmware.

Well, ideally, what I would like to acheive is as follow

  1. Have LAN and Wifi on separate networks, the reason for this is that I want to put a pi-hole as primary DNS only on the Wifi network.
  2. A Secondary and separate Wifi network on a virtual wlan for my IoT devices, still reachable from LAN/Wifi above, but with no access to internet.
  3. A separate VLAN3 on Port4, optionnaly reachable from LAN, but not from Wifi.
  4. Setup an OpenVPN client with masquarading/forwarding, VLAN3 only should access internet through the VPN connection (regular LAN and Wifi will access the internet as per normal)

That makes a lot of things to do for a new comer, any one tried to acheive something similar ?

Mentioning your router model would be useful, as the switch hardware differs form device to another.

However, generally speaking, I would suggest that leave the pre-configured interface as it's (that's LAN Bridge covering both Ethernet and WiFi), typically with VLAN 1, WAN VLAN 2, and then you can add VLANs and more WiFis as you want. The WiKi talks about creating VLANs and guest WiFi, and also there are several topics on the forum about it. So you could look at that, give it a try then if you have any problems people will be happy to help.

Generally speaking, all those that you mentioned can be achieved. I surely hope you won't find any obstacles in the hardware of your router.

Almost there

  1. Done
  2. Done
  3. Done, but still accessible from wifi for now
  4. Done, still need to figure out how to route vlan3 only through the vpn (separate thread below)

You need to somehow separate the LAN from the Wifi. Breaking the bridge and having 2 different interfaces would be one solution.

Will reply there.