I started installing the Wireguard VPN software via LUCI without much success (most of the video tutorials are either command line or old LUCI)
Anyway it only dawned on me that Wireguard is layer 3.
What I was really after is for my VPN client to drop into the same subnet as my LAN, and be served an IP address from DHCP. Also for all traffic to be routed over the VPN (not split tunnelling).
Can anyone point me in the direction of simple instructions (hopefully via LUCI) about how to set this up.
You could use OpenVPN in tap mode, but tap mode is not supported by iOS and Android.
Why do you need to use an L2 vpn?
Just ease of config. Only one DHCP pool to manage.
That is not a great reason to use an L2 VPN. The main reason to avoid L2 VPNs (unless actually necessary) is that all the broadcast traffic from all the hosts occurs at L2. As more hosts join the network, the broadcast traffic increases (and it is not a linear relationship). For a LAN, that's not a huge issue (although it can become problematic as you get to networks larger than /24 or /23). For a VPN, where your bandwidth is limited by the up/down speeds for both sides and there is significant additional latency involved because of the internet, L2 VPNs can really reduce performance and use quite a bit of unnecessary bandwidth.
How many hosts are you talking about on the VPN side of the equation?
I understand about the broadcast issue with Layer 2.
This is not for a commercial environment- its for a home network were I need to VPN into home in order to manage devices on the LAN + bypass regional restrictions on Netflix/Prime Video.
I'll try again with wireguard and see if that works. Thanks for your time.
Since you're talking about a home environment, your remote devices are not going to be all that numerous (probably <10, if you're like most). Although Wireguard doesn't have any automatic means of assigning or managing the addresses, it is quite easy to setup unique IPs when you're creating your peer configs -- I just go sequentially.
OpenVPN does offer automatic address assignments (although it is a different subnet relative to your main LAN, of course), but this is at the expense of both performance and ease of setup.
Thanks. Unfortunately I'm setting up the VPN just using youtube videos, which don't really explain how the key pairs work and how to diagnose a VPN which is not working. When I turn on the VPN on my remote device, there are no error message but the tunnel hasn't been setup.
For example in LUCI for Wireguard you can setup a key pair (Public and Private) on the main screen, also when you add a peer you can setup a separate key pair.
I really need an update youtube video for Wireguard setup using LUCI.
Maybe if I figure it out I'll post one. Just getting time to test, test,test.
Have you tried the tutorials here on OpenWrt's wiki?