first of all, I am aware of the single tutorials, i.e. for setting up a dump AP, separate SSIDs for different usages, incl. firewall rules.
I am just looking for some guidance and expertise, i.e. best practice, ideally from someone with deep knowledge of OpenWRT and ideally the below outlined setup which brings together the various, singular inputs.
Proposed network setup scheme:
Internet provided 5G SIM router (“5G”)
<- connection via LAN cable to 5G -> TP-Link Archer C7 #1 with OpenWRT (“OpenWRT1”)
<- connection via LAN cable to OpenWRT1-> TP-Link Archer C7 #2 with OpenWRT (“OpenWRT2”)
Rationale:
5G: Shall in the future only act as the “modem”, i.e. supply the internet connectivity. I aim to deactivate the internal wifi to have no interference with the OpenWRT setup.
OpenWRT1: Shall be the “main router” and distributor of the internet within the house. This router is required, as I would like to setup a VPN server (Wireguard protocol preffered) and 5G does not offer this opportunity.
OpenWRT2: Shall act as a dump access point only to a separate floor to provide the same Wifi networks as OpenWRT1 for seamless moving around within the house.
Ideal achievements to be done:
Distribute internet signal from 5G to OpenWRT1: done, via LAN cable.
Setup OpenWRT1 with 3 networks and firewall configuration: (1) Internal (for internal usage only), (2) VPN (for internal usage only, connection to utilize a VPN configuration) and (3) Guest (for guest users)
==> QUESTION 1: Is there a good, up-to-date tutorial available for this?
Setup OpenWRT2 with the same 3 networks and firewall configuration as OpenWRT1.
==> QUESTION 2: How to do this best? Copy-paste the configuration of OpenWRT1 to OpenWRT2? I assume this would be too simple…
Thanks a lot ahead for providing some guidance and best practice in how to achieve this (in particular the setup of OpenWRT1 and OpenWRT2). If there is naturally someone out there, who has done the above, it would be great to hear how you’ve done and successfully achieved this.
I'd recommend the Guest Wifi articles on the wiki. The only major difference between those and what you will ultimately implement is that you'll be adding ethernet to the mix to enable the use of the dumb AP. The differences are minor -- you'll create a bridge that includes the ethernet connectivity, and then use the bridge as the device for the new network.
You don't want to copy the settings. You'll use VLANs on top of a dumb AP configuration. The network used to manage the dumb AP will be the only one that has an address... the others will have network definitions that are "unmanaged" (proto none).
IMO, don't try to do everything at once... it becomes complicated and confusing quickly, and if you have any errors in your implementation, you may have the same mistakes made in multiple places... add just a single network to start and get that working. Once you understand the flow, you can add the other.
Thanks a lot - appreciate the sharp and straight forward responses.
Question/ answer #1 is noted and I'll take it from there.
Yet allow me to further elaborate on question/ answer #2: Your proposal is, setting up "OpenWRT2" as a dump AP as per your tutorial, i.e. setting up the 3 SSIDs that I also setup on the "OpenWRT1" there, yet no further configurations, i.e. no additional configuration duplicastion from "OpenWRT1", as those settings should all come via the VLAN (i.e. the VPN configuration, the firewall rules, etc.). Correct?
Would you have a good VLAN tutorial for my purpose on hand as well, so that I could start reading into it as well?
Yes. The main router does all the work. The secondary router just simply broadcasts SSIDs (and optionally provides additional wired connecitivty). The two devices will connect to each other using a "trunk" (a single calbe that carries multiple networks) and the second device will take that trunk and associate each network with the desired SSID. The only thing that will be the same between the two routers is the configuration of the ports that connect them together -- they need to be expecting the same VLANs.
Not sure that I have a good tutorial to point to, but here is info about VLANs.