my Laptop(Macbook+Linux VM) -- public-internet --- OpenWRT(x86, AMD-APU2/Intel-J1900) -- APs
I would like to control the APs from my laptop through their web GUI.
So far I have managed using a lightweight VPN (n2n) on the OpenWRT and the laptop Linux VM, (works for TP-Link EAPs). Please note, clients/users on the OpenWRT are NOT on the VPN, that's the magical part of n2n, and I would like to keep it that way.
But I am hitting issues with Aruba APs. (I suppose they want to enforce user to Aruba Central, a paid subscription software, IF you want remote access. Local access through Web GUI is free).
So what are my options? Option1
Install a browser on the main OpenWRT. I explored a bit, didn't find something which wouldn't impact the performance, it's already doing NAT and captive-portal. I suspect a browser might be too much for the CPU.
Option2
So can I put another OpenWRT on the LAN.
Do port forwarding to it. Install a browser on it. (yet to find, hoping chromium will work?)..
So the new proposed scheme:
my Laptop(Macbook+ Linux VM) -- public-internet --- OpenWRT(x86, APU2/Intel-J1900) -- APs -- OpenWRT-gateway-PC
Will this work?
Or is there a simpler solution/scheme available already?
EDIT: while writing this post, It occurred to me I haven't yet tried SSH to Aruba APs from the OpenWRT. WIll post how it goes. IME, TP-LINK ssh has very limited control available. Can't even reboot the APs.
Thanks, I will checkout wireguard, though I am already using n2n.
For the benefit of clarity, I will clarify my requirement.
my Laptop(Macbook+Linux VM) -- public-internet --- OpenWRT-1(x86, AMD-APU2/Intel-J1900) -- APs
I am able to ssh into OpenWRT-1 from outside.
i am even able to access it's LuCI GUI.
Question is for APs connected to it.
From within it's LAN I am able to see Aruba web GUI at 192.168.0.10, it redirects to 192.168.0.10:4343.
With WireGuard it is just as you are connected to your home LAN, only thing to take into consideration is that the WireGuard subnet is different, so your LAN equipment has to allow traffic from the WG subnet for that you have to tweak the firewall of your local LAN clients.
An even easier solution for this is to Masquerade the WG subnet going out of the LAN and the traffic appears to come from the local LAN, you loose logging and access control but in a typical SoHo environment and especially if you are the only user that is not a problem.
I fully appreciate your annoyance.
I meant to use the term generically, and I wasn't aware it can cause confusion with a brand name.
I have modified the subject line.
I could be wrong, but your openwrt could be just routing packets from VPN subnet to LAN subnet. Aruba AP will be receiving packets from a VPN subnet address and it might be dropping them as they don't appear from your LAN subnet. One solution is to setup NAT at your openwrt and Aruba will see your openwrt LAN address (192.168.1.1) rather than VPN subnet based IP address. Since this would appear as local, your Aruba should respond.