Using an OpenWrt Router as a switch

I have two OpenWRT Router. One of this is a Buffalo WZR-HP-G450H/WZR-450HP (OpenWRT 22.03.3) This Router should work as Switch.

  • I did a Factory Reset
  • Changed the Static IP on LAN Interface to another IP 192.168.100.2/24 (.1 is the router to the internet)
  • LAN1 has a wire to the router
  • LAN2 - 4 are connected to other Devices (IP static from 192.168.100.200 and higher)
  • grafik

current Case:

  • All Devices on the switch has access to the Internet and reach devices directly attached to the router
  • Devices on the router has no access to the devices behind the switch (also the swicht is not reachable)
  • Same for the Wireguard VPN the Main Router serve Devices from VPN (192.168.150.1-254) has acces to directly an Router attached devices but not to the switch.

Question:

How could I give all devices access to the devices behind the switch.

reconfigure as https://openwrt.org/docs/guide-user/network/wifi/dumbap ?

4 Likes

@frollic thanks! Following them solvet the issue connecting in Lan.
Now only the Issue about connection in VPN still exist. From Wireguard VPN I'm still not able to connect a device beind the switch.

Where does wireguard live? Is it on your OpenWrt router (being used as a switch) or somewhere else?

If VPN is active my devices get a timeout if they try to connect.

[Edit]
The VPN is on my Router. not on the switch.

So your main router has Wireguard installed, correct? And your secondary router is being used just as a switch?

Does the WG connectivity work in general for things directly connected to the main router? Is the problem purely about devices connected to the second router (switch)?

What port is used on the secondary router to connect to the main router?

Yes, the Problem is only about things behind the switch.

Thans to the Link from @frollic Local Lan now see each other now the VPN is still not possible to do that.
(Local Lan 192.168.100.1-255 and VPN 192.168.150.1-255)
My VPN sees devices connected to the router but not connected to the switch.

Ping from Windows on wireguard VPN client give me a timeout.

Also...

What were you trying to ping? Specifically, what kind of host (windows, linux, mac, something else)? and what IP address?

As you see in my initial post i use the Lan1 Port. I try to ping a Synology NAS.

Check the local firewall on your NAS... make sure it will accept connections from other subnets (this may be prohibited by default).

If that doesn't fix the problem, double check to make sure you can reach the NAS from a host that is directly connected to the main router... if that isn't working, something else is wrong and we need to dig deeper.

No they are correct. It's identically configuarted like other devices.

device on router 192.168.100.122/24
device on switch 192.168.100.222/24

Does a device connected to the main router establish a proper and reliable connection with a device connected to the switch?

And actually, can the main router properly connect to the NAS (for example, an ssh session or a wget/curl page request)?

Yes. Tested with ssh

Yes. Tested with ssh

Based on this, I am 99% certain that the problem is the nas itself. To prove or disprove this, connect the nas directly to the router (instead of the switch) and see what happens.

Currently, I suppose it is the Wireguard VPN. On a Device with Ubuntu I have access to the NAS, but it seems unstable. The File Browser freeze periodically browsing through is a pain.

AllowedIPs = 0.0.0.0/0,::0/0,192.168.100.1/32, 192.168.100.222/32,

You can omit the 192.168.100.0/24 addresses since you already have 0.0.0.0/0 defined (which equates to 'alll IPs').

Can you elaborate? Is this Ubuntu device a remote peer via WG?

1 Like

This Device is local and connected over VPN. (After a Reboot the Connection to My NAS is now stable)
I added 0.0.0.0/0 to test this device as if it were outside.

Currently, I have these devices I tested until now:

  • Android with WireGuard (also setup with 0.0.0.0/0) -> not able to connect to devices behind switch
  • Local Laptop with Windows and WireGuard (also setup with 0.0.0.0/0) -> not able to connect to devices behind switch
  • Family member with Ubuntu and WireGuard -> not able to connect to devices behind switch
  • One Laptop with Ubuntu and WireGuard -> connect to devices behind switch
  • One Desktop with Ubuntu and WireGuard (also setup with 0.0.0.0/0) -> connect to devices behind switch

Just to clarify, "this device" is the ubuntu machine? When connected via the VPN, is being done from inside or outside of the network?

This doesn't make it appear to be outside, if the device is connected locally to the network.

Test using a phone (cellular connection) or from an actual remote network.

With all of the test scenarios, all of the test appear to involve that switch. Please try taking one of the devices that is currently connected to the switch and connecting it to the main router intsead...

Specifically, let's say you have:

  • device A (your phone or you ubuntu machine) connecting to your network from a remote location over Wireguard
  • Device B is currently connected to the switch.
    --> Device A cannot reach device B.
  • now, take device B and connect it directly to the main router.
    --> can device A reach device B??

I played around and found the solution.
On synology NAS I had to add a static route. Now every thing works as wished.