Mikrotik RB760iGS & Netgear Orbi with VPN/PiHole/VLANs Setup Question

Hi All

First post, hoping someone can help or sense check my idea please.

I’m trying to achieve a network at home whereby two wireless networks are broadcast using Netgear Orbis (2 in a mesh setup), one network which is using a VPN (using NordVPN) and PiHole for ad blocking, with the other network using neither of these (in case I need to switch over to it in order to access something in particular that doesn’t like VPNs).

I’ve currently got a mesh by the way of Netgear Orbis, and I was thinking of using a Mikrotik Hex S (RB760iGS) with OpenWRT to achieve this.

Mikrotik dealing with routing, Netgear Orbi (+1 satellite) managing wireless connections. PiHole connected to Mikrotik via eth.

I think I can set up two VLANs broadcast as two different SSIDs, Netgears both in AP point mode, Mikrotik doing the DHCP duties and pointing the first VLAN at the PiHole (as well as over the VPN).

Is this possible or have I missed a simpler solution?

Many thanks for taking the time to read through

This is possible.


Interestingly, I was also pondering the use of Mikrotik Hex S for the wired part of the setup (potentially with VPN). I like it has the PoE out so one can use the switch / access point downstream with no need for DC power. But I am still struggling to figure out how to better stitch this together with my Linksys WRT1900ACS (wireless access point and AdGuard Home server).

Not much of the answer to your question, sorry.

Do you plan to have PiHole installed on Hex S with OpenWrt?

1 Like

Thank you, I've now realised that the Netgear Orbi cannot manage Wireless VLANs unfortunately. I'll look into replacing them with Access Points instead potentially.

Aside from this, have I missed anything obvious that may not work? PiHole within a NordVPN connection shouldn't cause any DNS issues?

Thank you


I already have a RPi 4 setup and running PiHole, and it works really well. My current setup of just the Orbi Mesh, cannot manage dnsmasq and I'd like to be able to opt in/out certain devices from using the PiHole.

Didn't realise PiHole on the Hex was even possible!