You could start by not running double NAT
2 Likes
Yep, for this I need a pretty stable releas, that seems to not exist on ddwrt
I'm not so expert on network side, sorry, what do you mean exactly?
If I look into the future I see problems with openwrt ;- )
Your setup is not simple, it’s actually over complicated by using NAT twice. Your demands on VPN and port-forwarding are unclear.
What is clear is that no matter the OS, you should plan on roughly quarterly security updates. Internet-facing devices aren’t ignorable for years.
4 Likes
I tend to agree with previous posters: on the surface, your set-up can be simplified.
Having said that, I also moved my R7800 from dd-wrt to OpenWrt (though, I've got completely different hardware and a different topology now). Based on (fairly) recent experience:
and
I had all this running on dd-wrt and switched successfully to OpenWrt. Personally, I found VPN Policy-Based Routing + Web UI -- Discussion to be the 'path of least resistance' in terms of PBR.
Have fun!
2 Likes
...also be aware of that there are issues with ethernet performance on the IPQ8XXX platform which may affect you.
Port-forwarding are from pia, each time I connect to pia server (only selected servers) I can have a port opened for my purpose.
Quarterly update, is not a problem, I think. If all works like expected is only an update that in theory is already tested, right? For this reason I prefer a stable release instead a never-ending beta.
I'm not so expert, so I came with this configuration during time.
If I can simplify and I get the same results, why not! But currently I don't know how to do that. I'm happy to learn some new stuff.
The best would be: have a working router, with basics functions, then add time by time my "particular" configuration, so first the OpenVpn server, then the OpenVpn client and the last is experimenting the pia port-forward, maybe already exist some for OpenWrt.
@tectonic
What do you have now?
Why you switched from dd-wrt to OpenWrt?
I'm really don't know problem with Qualcom processor, is some serious or "negligible"?
Agree: good approach. Get the basics running, backing-up your config as you go, and then adding additional functionality
I'm on an APU2D2 board now (still running OpenWrt), with a separate Wireless AP. Switched partially out of curiosity and partially because I was impressed with my GL-iNet travel unit in terms of ease-of-use (I found dd-wrt to be a bit esoteric). Definitely happy with my decision.
3 Likes
@tectonic
Good setup!
You and @jeff previously said that my setup can be simplified ... how I can achieve this?
I don't know any other solutions that don't involve 2 nat
Does the modem provide a "pass-through" or "transparent" mode where another device gets the DHCP assignment?
That's the first question to research carefully and answer. If "yes", that is going to be the simplest approach.
1 Like
...or simply bridge mode 
1 Like
Actually the main modem is under 192.168.2.1 and:
DHCP is enable and I added the R7800 to a static route 192.168.2.50, the R7800 is also under DMZ. I don't know if there's a kind of pass-through or transparent mode.
Then I connect the modem to WAN router port, so the R7800 hold the lan under 10.0.0.1
What you want to find out is if/how to make your modem give your OpenWrt install the public DHCP address, not to take it for itself.
Some do this "auto-magically", others require some configuration.
I really don't know this and I barely understand this reasoning, I think you meaning that you want that OpenWrt take directly the ip given from my isp? Forgive me if I'm not so expert. I only know that the isp modem is pretty "closed" is a modem/router by Vodafone, I only disabled all to give to R7800 the possibility to take the control over all.
Actually I'm on Gateway mode under dd-wrt, I never played with these settings
Correct -- that your Vodaphone-supplied device serves as a modem only, not as a NAT-ing router. For example, the cable modem I use can either "pass through" the DHCP to my router, or "take it and NAT".
The best I can do is to enable DMZ and use the Vodafone Station Revolution like a simple modem.