I am looking for a way to setup OpenWrt as a bridge / modem between WAN (ISP) and LAN (another main router) like the following :
ISP (Fiber ONT) <––––> OpenWrt Bridge <––––> Main Router
OpenWrt Bridge: Basically a simple TP-Link router with OpenWrt installed. I want to setup this one as a bridge (called half-bridge, I guess?). The WAN interface is in charge of ISP fiber authentication through DHCP, and the LAN1 port is connected to the Main Router.
Main Router: A more powerful router to serve all clients (Ethernet + Wi-Fi) using DHCP / NAT.
On the OpenWrt Bridge, I would like to "duplicate" / "passthrough" my public ISP IP to the LAN ports, so my Main Router can get the public IP on his WAN interface, and thus I avoid double-NAT or DMZ-like pseudo-bridging on my setup.
Do somebody have an idea how to do that with OpenWrt?
Is there a specific reason you don’t want the main router to handle the isp authentication?
You can’t “duplicate” the ip address between two interfaces on a router, so you’d have to nat anyway. And if you do that, your performance would potentially be limited by the openwrt device that you said is not as powerful as your main router. What exactly are you hoping to achieve by “bridging” through the openwrt router?
My Main Router (Synology RT2600AC) cannot authenticate to my ISP unfortunately. I need exotic / custom DHCP options and vlan priorities. Only OpenWrt-like firmwares or the official router of my ISP can authenticate. The official router of my ISP is not an option (no bridge mode, no NAT loopback, no gigabit, no AC WiFi...).
The OpenWrt Router is fast enough to handle 300 Mbps Ethernet, but has poor and unstable Wi-Fi compared to Synology (+ has other issues), so I would like my private network to be entirely managed by the Synology Router.
Regarding "duplicating" (exposing) the public IP to the Main Router through the OpenWrt Bridge, are you sure this is not possible? I did some tests with other ISPs in my country (with neighbors and friends), some of them offer a way to setup the official ISP router as "Bridge", and the Synology Router successfully get the ISP public IP on the WAN interface, automagically. I don’t know how to get the same behavior with OpenWrt.
This would be common in the case of DSL or cable, or even fiber optic modems when the device acts as a media converter between the delivery medium and Ethernet.
You could use the OpenWrt router as a smart switch so you can set VLANs (presumably tagged on the ISP side, untagged out to your Synology)... that would at least help with half the issue. Does your Synology have the capability to handle the necessary DHCP options?
Unfortunately not. I need custom VLAN tagging, some DHCP options with custom value, I need to set exotic CoS priorities (0 for all packets except DHCP ones), etc... This is a pain. People much expert than me did not succeed to make it work with Synology, so I guess it is not possible for now...
At high ISP speeds it usually works out best with this configuration:
ISP-->(wired)Main Router(wired)--->one or more dumb APs-->wireless users.
Wired users are of course connected to the LAN side of the main router possibly adding a switch if the main router has no internal switch or too few ports. The dumb APs are selected for wifi performance only, they don't have to NAT or firewall anything. Stock firmware is usually possible to configure into a dumb AP role.
Well, the VLAN tagging could be handled in a pass-through type configuration as a smart switch, but the DHCP options would still need to be on the other device if you want to avoid double NAT.
But I agree with @mk24 that you might just want to make your Synology into a dumb AP. The OpenWrt device would become the main router. Even if there isn't an explicit mode for a dumb AP on the Synology, it is pretty easy to do -- just set the LAN address to something different than the OpenWrt device and turn off DHCP. Connect LAN <-> LAN and you're golden.
