Why so many routers? What is the purpose of each? Are the 1, 2, 3 routers operating as APs or something else?
That can be done with a bunch of /24 networks with the existing address schemes.
If you want keep them all on a single subnet -- a method I would not recommend based on your 'group' scheme -- I suggest at least consolidating them to a /20 (or a /21 if you stay at 8 groups or fewer), instead of spreading them out to a /16. This would necessitate changing addresses so that they are in the 192.168.0.x - 192.168.7 (or 15).x ranges.
I'm not surprised. Like I said, you must fix the larger issue with your wan/lan subnets overlapping. That is a firm prerequisite.
I thought so, but wanted to be sure I wasn't missing something.
AP and physical access. Distance and ports factor in. The routers aren't bought to provide extra ports, but rather have been repurposed as a new router was purchased. A couple were bought (over the years) as upgrades to other routers, but for the most part, just about every router on the network has been used as the main router at some point (even before getting FIOS to replace Xfinity). If it were possible to rewire things (in the house/walls), I would have a similar layout as now with just a couple of changes. Having "1" being a router with more LAN ports would be one of those changes. Even though the children routers (1-2-3) have all ports bridged, the WAN port is used for as the link to the previous router, but only to easily know what its purpose is. So not from feeling like it's required. (Just mentioning it so you get where I'm coming from.)
Router 1 is in a closet and provides a physical link to two TV's in nearby rooms, as well as chaining to R2. I believe there is one free port, which I prefer to have free in case I need to use it for troubleshooting on the stop (if it cannot be done via network). R2 connects to a computer and used to connect to a printer (upgraded printer since then and it only supports wireless), and chains to R3. R3 is on the third floor and connects to 1+ physical devices (it's in someone else's room and how they decide to connect to things is up to them).
If I could make changes, which would cost a bit of $$ to do, I would have R1 have like 8+ LAN ports, connecting to R2, R3, and R4 (instead of to R2, and R2 to R3, and there being no R4). Another spot would be consider R3, and R4 would be the room upstairs. R4 would also have 8+ ports to alone the person there to have more wiggle room if needed. All would still offer wireless.
Just to clarify something, the "Just shoot me now" was about needing to fix a mistake again, not about the fact that it didn't fix the issue. I originally said "Fixed it" and left it at that, but I thought maybe it would come off as fixing the issue, rather than my simply fixing the mistake.
Doing /20 is the lowest I can go (number of unused bits) without 200.x having to be altered. If I do /21, then my 200.0 (home server) would have to be moved to 200.1. I like having the ".x" be used for VM's or other things related to the server. I might consider moving all that to 100.x, which would allow for /21, but not /22.
I know that as far as routers are concerned, it doesn't care what the purpose of a client is or where it's at. But I'm a little bit OCD with it, liking to group things and have them make some sort of sense. I think I chose "200" for the server since it was originally in a room on the second floor, and would have a group number that is far from the other group numbers.
Is there a guide on having the main router (WRT, not FIOS) handling multiple subnets while allowing them to all intermingle with one another? I'll need to refresh my memory on how to reset the STB's (I know it requires physically connecting them to the router). I could give it another try to change the FIOS LAN, maybe to 172.16.0.x? (JK, maybe 10.0.0.x, or 192.168.254.x or 172.16.1.x, etc.)
But if you really want to keep the existing scheme with the 3rd octet as the 'group' -- that is best done either by consolidating the groups to contiguous ranges (i.e. 1, 2, 3, 4...), or by making each a /24 subnet.
You've still got a massive problem, IMO, insofar the wan and lan overlap and you don't seem to have a means to address that easily without changing something. This whole problem would be easy to address if it weren't for the fact that you are using this huge subnet... this is yet another reason why /24s are so great... it's really easy to work with and there are many available so you don't have to worry about overlaps.
It sounds like the easiest thing to do would be to change the FIOS router to use some other subnet entirely -- a /24 is all it needs. Maybe you make the FIOS lan address 10.0.5.1/24. Hopefully the STBs get their addresses via DHCP and will be fine with a change like this (just power cycle them and make sure they still work, revert if they don't). You'll obviously need to change the wan address of your OpenWrt router, too.
If you do the above, you will resolve the overlap that is causing the problem in the first place. I still believe you have made suboptimal decisions regarding the logical topology of your network, but it will technically work, as long as you fix the overlap.
R1 and R2 are using DD-WRT. It helps to distinguish them from the main router, and R3 is using OpenWRT. Each is using a different them so each router has a unique look to it.
Only the main router is offering DHCP services. Is there a specific setting to make them act as "dumb AP's?" Or is it just making sure there are no conflicting services?
I would have to plug the STB's (at least all that use wireless) into the FIOS hub directly so that it can learn the configuration. I believe this would be the case even if the wireless information remains unchanged. Again, I will need to look into this.
DD-WRT should support VLANs on most hardware, but the details of implementing that would need to be asked on their forums.
The dumb AP is really just this:
DHCP disabled
lan-lan connection (not using the wan port, or bridging the wan port with all the other lan ports)
address in the same subnet as the main router/management network, outside the DHCP range, and not conflicting with any other static IP devices.
Well, something is going to need to change either on your FIOS side or your OpenWrt side. Which is easiest will depend on how the STBs respond to the change and/or your willingness to reconsider your logical organizational scheme in favor of a more efficient utilization of the network address space.
I use DDWRT for my Broadcom routers and recent builds have an easy to use GUI for setting up vlans.
So that should be doable (there are a few exceptions of really old routers which do not support vlans)
If you want your WireGuard peer to be your default route to the internet, you need to set a more discrete route than 0.0.0.0/0 for the routing to prefer your WireGuard rather than the default, i.e configure Allowed IPs:
172.16.0.1/24 FIOS
172.16.1.1/24 WireGuard
192.168.0.1/16 LAN
Set my WG address and client to be 172.16.1.11/32 (looked just now to double verify it).
Still not working.
By the way, the change in and of itself (FIOS) wasn't a big problem. Getting it to let me MAKE that change was a bit of a nuisance. It kept fussing at me about incompatibilities with DHCP even when DHCP was set to be disabled. Finally set the DHCP to have a HUGE range and then it decided to work. Obviously it's designed to prevent issues by creating other issues to prevent people from making changes.
There are some major issues here... seems like the config has taken several steps backwards...
Please remind me how this device is connected to the upstream network -- via one of the lan ports or the wan port?? (this thread is too long for me to find that info with a guarantee that it is current/correct).
You have wireguard in two zones... remove it from the lan zone:
remove STP:
Your WG interface config lacks the private key -- this needs to be added or it will never work. The DNS does nothing (remove it), and the peer stanza is missing entirely.
Remove all of this:
While not an actual problem, why would you have a 5m lease time... that's just silly.
And a /16 with just 64 addresses in the DHCP pool... very odd to me.
Remove this:
And you probably should remove this, too (why is it there?):
FIOS to WRT (wan port). Main router (WRT) does NOT have the WAN port treated like a regular LAN port. I refer to the WRT router as the main router as it's the one controlling the LAN that is used within the household. The FIOS is treated like a modem with exception to the STB devices.
Is STP useless? I tend to enable it in case I do something that creates a network loop without realizing it.
As said before, it allows me to use the 3rd octet as a group identifier. I know that in the world of 1's and 0's, it doesn't matter, but visually it helps me with grouping.
It has the private key, I just removed it before pasting. Same with the clients.
And can you remind me... the FIOS router is still running something the 192.168.0.0/16 network?
I know... just reiterating that it is really unnecessary to work with a /16.
These are critical... in the future, please keep them intact, but redact the keys and any public IPs.
I'm not sure if we discussed this previously (the thread goes back quite a ways).... please remind me -- did you bring this up before? Is OpenVPN operating as a server or client? And what subnet is being used for OpenVPN?
Changed to 172.16.0.1/24, with WireGuard on 172.16.1.1/24.
I might not have mentioned about having OpenVPN installed. Either way, it's not actively in use. One of the VM's is connecting to a VPN via the OpenVPN client. Originally I was using the router to connect to the VPN and handle traffic to/from that VM.
