How do I assign different IP ranges to two wireless networks while still letting them acess one another?
So, I have two WAN interfaces (DHCP client and a VPN connection):
config interface 'wan' ... config interface 'l2tp' ...
To allow easy switching between them, I have created two LAN interfaces:
config interface 'lan' option proto 'static' option type 'bridge' option delegate '0' option ifname 'eth0.1' option netmask '255.255.255.0' option ipaddr '192.168.1.1' config interface 'guestlan' option proto 'static' option type 'bridge' option delegate '0' option netmask '255.255.255.0' option ipaddr '192.168.2.1'
Both interfaces are in the same firewall zone.
There are two separate wireless interfaces that are bridged to the LAN interfaces:
config wifi-iface 'wifi1' option network 'lan' ... config wifi-iface 'wifi2' option network 'guestlan'
This way I was able to achieve two things:
- VPN policy routing can route requests from 192.168.2.0/24 via WAN and the rest via L2TP
- To switch VPN on or off on any wireless client you just need to connect to the other AP
However, this set-up has a flaw:
- I have a media server connected to the 'lan' interface and running DLNA
- I now also have a smart TV connected to the 'guestlan' interface
- The TV is unable to access anything connected to the 'lan' interface
Somehow I have to merge my two LAN interfaces while keeping IP ranges distinct between two wireless interfaces.
I tried giving my two LAN interfaces the same config and changing their DHCP config to assign different subranges:
config interface 'lan' (and 'guestlan') option proto 'static' option type 'bridge' option delegate '0' option ifname 'eth0.1' option netmask '255.255.254.0' option ipaddr '192.168.0.1'
config dhcp 'lan' option leasetime '12h' option interface 'lan' option start '100' option limit '150' config dhcp 'guestlan' option leasetime '12h' option interface 'guestlan' option start '356' option limit '150'
This results in clients not changing their DHCP lease when switching between two networks. Is there a way to achieve what I want? To reiterate:
- two APs with distinct DHCP subranges to allow VPN policy routing to route them to WAN vs VPN by IP
- DLNA server on the network must be visible to clients of both APs