I found this tutorial online https://kiljan.org/2020/03/27/vpn-as-wan-for-guest-network-on-openwrt/ which was pretty much what I needed.
It clearly explains how to separate two internal networks, and how to force traffic from one of the networks to only go through VPN.
My use case is the following: I am running a home assistant server and I put the server and all the third-party managed/untrusted devices on a network in which they don't communicate with my personal devices and don't access the internet outside of VPN tunnel, guest network being the untrusted and lan being the trusted. This works greats.
For the sake of convenience, I would like to access my server (fixed IP 192.168.41.111 in the guest network) from any host in the LAN network. But I am having hard time to figure out what is the simplest way to achieve this.
Do you guys have any tips? I am quite new in doing network stuff and openwrt
I could also move my server to LAN, but in this case I would like to force the server to not communicate with wan and only communicate with the vpn interface. I tried to achieve this by implementing https://openwrt.org/docs/guide-user/firewall/firewall_configuration#redirects but I failed.
I am not keen on a particular way of solving this, what I basically would like is
- Keep untrusted devices segregated and not connecting directly to the internet
- Keep my personal devices isolated from the untrusted ones (I am opened to ignore this point)
- On the untrusted networks never reach wan directly, always using vpn tunnel.
- Easy access to the server from my lan (I don't want put my server on the internet)