You could start by not running double NAT
Yep, for this I need a pretty stable releas, that seems to not exist on ddwrt
I'm not so expert on network side, sorry, what do you mean exactly?
If I look into the future I see problems with openwrt ;- )
Your setup is not simple, it’s actually over complicated by using NAT twice. Your demands on VPN and port-forwarding are unclear.
What is clear is that no matter the OS, you should plan on roughly quarterly security updates. Internet-facing devices aren’t ignorable for years.
I tend to agree with previous posters: on the surface, your set-up can be simplified.
Having said that, I also moved my R7800 from dd-wrt to OpenWrt (though, I've got completely different hardware and a different topology now). Based on (fairly) recent experience:
I had all this running on dd-wrt and switched successfully to OpenWrt. Personally, I found VPN Policy-Based Routing + Web UI -- Discussion to be the 'path of least resistance' in terms of PBR.
...also be aware of that there are issues with ethernet performance on the IPQ8XXX platform which may affect you.
Port-forwarding are from pia, each time I connect to pia server (only selected servers) I can have a port opened for my purpose.
Quarterly update, is not a problem, I think. If all works like expected is only an update that in theory is already tested, right? For this reason I prefer a stable release instead a never-ending beta.
I'm not so expert, so I came with this configuration during time.
If I can simplify and I get the same results, why not! But currently I don't know how to do that. I'm happy to learn some new stuff.
The best would be: have a working router, with basics functions, then add time by time my "particular" configuration, so first the OpenVpn server, then the OpenVpn client and the last is experimenting the pia port-forward, maybe already exist some for OpenWrt.
What do you have now?
Why you switched from dd-wrt to OpenWrt?
I'm really don't know problem with Qualcom processor, is some serious or "negligible"?
Agree: good approach. Get the basics running, backing-up your config as you go, and then adding additional functionality
I'm on an APU2D2 board now (still running OpenWrt), with a separate Wireless AP. Switched partially out of curiosity and partially because I was impressed with my GL-iNet travel unit in terms of ease-of-use (I found dd-wrt to be a bit esoteric). Definitely happy with my decision.
You and @jeff previously said that my setup can be simplified ... how I can achieve this?
I don't know any other solutions that don't involve 2 nat
Does the modem provide a "pass-through" or "transparent" mode where another device gets the DHCP assignment?
That's the first question to research carefully and answer. If "yes", that is going to be the simplest approach.
...or simply bridge mode
Actually the main modem is under 192.168.2.1 and:
DHCP is enable and I added the R7800 to a static route 192.168.2.50, the R7800 is also under DMZ. I don't know if there's a kind of pass-through or transparent mode.
Then I connect the modem to WAN router port, so the R7800 hold the lan under 10.0.0.1
What you want to find out is if/how to make your modem give your OpenWrt install the public DHCP address, not to take it for itself.
Some do this "auto-magically", others require some configuration.
I really don't know this and I barely understand this reasoning, I think you meaning that you want that OpenWrt take directly the ip given from my isp? Forgive me if I'm not so expert. I only know that the isp modem is pretty "closed" is a modem/router by Vodafone, I only disabled all to give to R7800 the possibility to take the control over all.
Actually I'm on Gateway mode under dd-wrt, I never played with these settings
Correct -- that your Vodaphone-supplied device serves as a modem only, not as a NAT-ing router. For example, the cable modem I use can either "pass through" the DHCP to my router, or "take it and NAT".
The best I can do is to enable DMZ and use the Vodafone Station Revolution like a simple modem.