Two networks with separate IP ranges but visible to each other (incl DLNA/UPnP)

orthoxerox · November 15, 2020, 12:40pm

How do I assign different IP ranges to two wireless networks while still letting them acess one another?

So, I have two WAN interfaces (DHCP client and a VPN connection):

config interface 'wan'
  ...

config interface 'l2tp'
  ...

To allow easy switching between them, I have created two LAN interfaces:

config interface 'lan'
        option proto 'static'
        option type 'bridge'
        option delegate '0'
        option ifname 'eth0.1'
        option netmask '255.255.255.0'
        option ipaddr '192.168.1.1'

config interface 'guestlan'
        option proto 'static'
        option type 'bridge'
        option delegate '0'
        option netmask '255.255.255.0'
        option ipaddr '192.168.2.1'

Both interfaces are in the same firewall zone.

There are two separate wireless interfaces that are bridged to the LAN interfaces:

config wifi-iface 'wifi1'
        option network 'lan'
		...

config wifi-iface 'wifi2'
        option network 'guestlan'

This way I was able to achieve two things:

VPN policy routing can route requests from 192.168.2.0/24 via WAN and the rest via L2TP
To switch VPN on or off on any wireless client you just need to connect to the other AP

However, this set-up has a flaw:

I have a media server connected to the 'lan' interface and running DLNA
I now also have a smart TV connected to the 'guestlan' interface
The TV is unable to access anything connected to the 'lan' interface

Somehow I have to merge my two LAN interfaces while keeping IP ranges distinct between two wireless interfaces.

I tried giving my two LAN interfaces the same config and changing their DHCP config to assign different subranges:

config interface 'lan' (and 'guestlan')
        option proto 'static'
        option type 'bridge'
        option delegate '0'
        option ifname 'eth0.1'
        option netmask '255.255.254.0'
        option ipaddr '192.168.0.1'

config dhcp 'lan'
        option leasetime '12h'
        option interface 'lan'
        option start '100'
        option limit '150'

config dhcp 'guestlan'
        option leasetime '12h'
        option interface 'guestlan'
        option start '356'
        option limit '150'

This results in clients not changing their DHCP lease when switching between two networks. Is there a way to achieve what I want? To reiterate:

two APs with distinct DHCP subranges to allow VPN policy routing to route them to WAN vs VPN by IP
DLNA server on the network must be visible to clients of both APs

vgaetera · November 15, 2020, 12:56pm

Modify the routing policy adding remote/destination !192.168.1.0/24.
Add firewall forwardings between the LAN and guest zones.

orthoxerox · November 15, 2020, 1:04pm

I don't have a separate guest zone
Could you please explain what you mean by modifying the routing policy? Exclude the subnet so it won't get routed to WAN?

vgaetera · November 15, 2020, 1:05pm

uci show vpn-policy-routing

orthoxerox · November 15, 2020, 1:12pm

vpn-policy-routing.@policy[0]=policy
vpn-policy-routing.@policy[0].interface='wan'
vpn-policy-routing.@policy[0].name='guest'
vpn-policy-routing.@policy[0].src_addr='192.168.2.0/24'
vpn-policy-routing.@policy[0].dest_addr='!192.168.0.0/16'
vpn-policy-routing.@policy[0].proto='all'

Thanks to your help, I can now access the computers in the 'lan' network from 'guestlan', including my media server, but it's not visible as a DLNA server, I guess it broadcasts its presence only to its own subnet. Any idea how to fix that?

vgaetera · November 15, 2020, 4:59pm

I guess, it should be similar to the following:
Routing Multicast between vlans