I am not totally sure if what I want to do is possible, I assume it is but I do not know how to go about setting it up.
I have a network, with the main router running OpenWRT (it's an EdgeRouter X, but that isn't important). I have a home server, connected to that router that I can access from inside the network over SSH (and other ports/services).
I just installed LXC/Incus on the server and configured a container. The server has 2 physical NICs and they are both connected to the router. One is used for the server's (host's) main connection and the other is "connected" to a bridge device managed by Incus.
This all works and the server and its container both have separate IPs on my main network (192.168.1.0/24).
Now, I want to create a new VLAN/subnet for the containers but I am not totally sure how to do this. On the server, I'm pretty sure I need to tell Incus to use a macvlan device instead of a bridge (still using the 2nd physical NIC on the server). I think I need this so I can tell macvlan to use a specific VLAN tag (whatever number).
I don't know how to set this up on the OpenWRT router. I assume I need to create the new VLAN, but I'm not entirely sure how to do that. I don't know what the "default" VLANs are, assuming there are any.
I see the "VLAN filtering" option on the "br-lan" device, is this what I need? How do I run a separate DHCP server so the new VLAN uses 192.168.2.0/24? Do I need to create a new bridge?
I don't want to set a specific port on the router to the VLAN since the server is physically connected via a switch to another switch to the router with other devices outside that VLAN on those switches.
I assume there is a way to achieve what I want, but I do not know how to correctly set it up.
I hope this question isn't too long/complicated and I hope I explained myself well. Thanks for the help 