Hello everyone. I need your help setting up my Wireguard VPN Gateway.
Following problem:
I would like to use a dump ac that is connected to my network via LAN 1 and also connected to the Internet via LAN1 as a Wireguard gateway.
Unfortunately, my knowledge of this is poor.
I have attached a picture for clarity. Every client that is connected somewhere to my network and uses the IP of the Wireguard access point as a gateway should only be able to communicate with the Internet via a VPN.
As soon as there is no active VPN connection on the Wireguard, all data traffic to the Internet should be stopped. Nevertheless, the devices in the home network should be able to reach each other. Can you please explain to me step by step how I should proceed here? Thanks in advance.
So there should be 2 network areas within the home network.
The network with the IP range 192.168.0.0/24 --> for connections to the Internet without VPN
and the network 20.55.1.0/24 --> for connections to the INet via Wireguard VPN only
Don't use arbitrary networks/subnets. Stick to RFC1918 addresses -- otherwise, you may have difficulties with some internet sites/services.
The 20.55.1.0/24 network you appear to be using actually is allocated to Microsoft. You can't mess up their services, but this could well cause problems for you on your own network.
- Is your fritzbox running OpenWrt (or can it -- what model is it?)
- Is your 16-port switch managed?
Hi,
thanks for you're quick reaction.
So i will change the IP Range for the VPN network.
To you're questions ...
It is the original stock firmaware on the main fritzbox...
its managed from the ISP ... i also need on this point the original firmware for telephone and fax reasons ...
Question 2 ... the switch is unmanaged
BR
Your current router and switch will make your configuration options limited
You can give all of your devices static ips on the same network and then just give them different gateway addresses - pointing to either the main router for normal wan egress, or the openwrt system for vpn.
You could also put the openwrt device into normal router mode and put all devices behind the openwrt router. Then use policy based routing to direct the traffic from each set of devices.
Hi again ...
Ok ... i had in the past the config that all client are on the same network ... with the solution that vpn clients point to the vpn router with their gateways ... this works yes. But the problem with this config was that when the vpn router lost the connection to the vpn provider every pointed client connects directly to Inet ... so ... maybe you can block this with some firewall settings? Thanks for your feedback
