Sharing Internet between two apartments, advice needed on the setup and the router

[slickpaladin]

Currently I have two apartments on the same floor with separate Internet connections (fiber and cable) and want to get rid of one of them and connect both apartments to the same Internet (fiber).

The main apartment has the following setup:
- Modem (192.168.1.1), 50/4 Mb fiber connection with one IP address + one IP for TV box on a dedicated port
+ TV Box
+ TP-Link TL-WR841N v7 (running DD-WRT, 192.168.2.1)
++ Synology NAS
++ PC
++ wireless devices: 4x phone, 2x tablet, 1x laptop, 1x raspberry pi
++ another router, TP-Link TL-WR800N (10.10.10.1) acts as Astrill VPN router, all the wireless devices switch between this router and the main router, also all guests connect to this router (no access to PC and NAS)

Second apartment 20 meters away
- Cable Modem (192.168.1.1), 10Mb connection with one IP
+ TP-Link TL-WR841N v8 (no DD-WRT support)
++ 3x PC
++ wireless devices: 4x phones, 1x tablet

So the plan is to connect the second apartment to the main apartment but with separate address space so that there is no access to either of the networks. And I have two options in mind, first one (see the attachements) being that I connect the second apartment to the main router with cat6 cable (about 20 meters) . The main router is TP-Link TL-WR841N v7 with DD-WRT and it has one free port left (100Mb), though I feel that this is a moment to do an upgrade to the main router as the current one is coming to the end of its life (freezes sometimes, maybe due to too many devices connected to it) and has no gigabit ports which I would like.

Second option is to get a wired router, and connect main router, VPN router and the second apartment router as well as PC and NAS to it. The old main router would be in bridge mode so that the wireless devices can still access PC and NAS. VPN router and second apartment router don´t need to have access to them.

Any opinions that which option makes more sense? The cable Internet has a yearly cost of about 90 euros, which I can now use towards the new gear (plus a bit more if need to be).

 

[thiggins]

http://www.smallnetbuilder.com/lanwan/lanwan-howto/24428-howtotwoprivlan

Very old article, but the basic principle still applies.

Another method is to use VLANs.
http://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan

 

[System Error Message]

3 ways to connect them. Wire some ethernet, use power line or point to point wifi. If you wish to use point to point wifi you need 2 APs with directional antenna, as this is to ensure the best connection through walls especially if you use 5Ghz.

The main router does the balancing and than the rest would just be switches/wifi APs. If performance isnt needed you can re-purpose your wifi routers as AP and 4 port switch. Technically you can have the main router handle the first apartment so you wouldnt need a seperate switch/ AP if you have enough ports.

So you can reuse all you have if performance isnt your goal, the only thing you would need to spend is for hardware to connect, either powerline or some wires and permission with someone to install them or 2 APs and the antennas.

If you are familiar with dd-wrt and want something better there are various aside from buying hardware that supports tomato, openwrt and dd-wrt. On the consumer side you have some ARM based routers whereas on the non consumer side you have mikrotik, ubiquiti as embedded configurable routers that are low cost, or even x86 for pfsense and there are some embedded x86 that are the size of an embedded router but with multiple ports, good for making your own router.

 

[slickpaladin]

Two private networks works best for me (or actually three as the VPN router will create the third). Plan is to put ethernet cable between the apartments, and then it is just to make the setup work. For the main router, I think the current one is potentially not able to manage all the traffic from both apartments, so I think of upgrading the main wifi router (my option 1 in the previously attached diagram) or get a wired router (option 2). I am leaning towards the wired router as there seems to be plenty of inexpensive options available. The second apartment has its own wireless router so it will create its own private network.

My thinking for the network:
- Modem (192.168.1.1)
+ TV Box
+ Wired router, DHCP on 192.168.2.1, the following devices connected to it
++ TP-Link TL-WR841N (old main router) on bridge mode and serving all the wireless devices (so wireless devices will get 192.168.2.x address)
++ Synology NAS (192.168.2.x)
++ PC (192.168.2.x)
++ VPN router, takes the 192.168.2.x address but creates its own new private network 10.10.10.1 (this address comes from the installed software)
++ second apartment router, takes the 192.168.2.x address but set the DHCP to create new private network 192.168.30.1 that all the second apartment devices use

Does this still make sense? Three networks which can't access each others, and main point is that my wireless devices, PC and NAS are in the same network and accessible. Or is there any concern about creating two nested private networks (first is the wired router network and and the VPN and the second apartment routers under this)?

 

[sfx2000]

Does this still make sense? Three networks which can't access each others, and main point is that my wireless devices, PC and NAS are in the same network and accessible. Or is there any concern about creating two nested private networks (first is the wired router network and and the VPN and the second apartment routers under this)?

Sounds reasonable - not sure what the level of trust is between the different tenants of the apartments, but just be aware that one might have to put some firewall rules in place - also note that since you've got two NAT'ed networks, anything behind them will be double NAT'ed as a default until ports are specifically mapped out.

As SEM mentioned - the upstream router is a good candidate for Microtik, EdgeRouter, or pfSense perhaps - as stability is going to be very important, and these will give you more options compared to a consumer router, even running with DD-WRT - more CPU, and more importantly, more memory to support the large NAT state tables with that many clients behind it.

 

[slickpaladin]

Actually I think I came up with better solution while pondering this. Just by following the example from private LAN article, I will get a wired router, then connect all three wireless routers (old main router, VPN router, and second apartment router) to it so they all create their own private LAN. And instead of connecting the NAS and PC to the wired router, I will connect them to the old main router and the private LAN there (hence retaining the accessibility to wireless devices).

Question regarding the wired router. sfx200 mentioned that memory is important for this device, is there any way to estimate how much is necessary and what kind of device should I use. I have an old 100Mb wired router available, planning to give it a try, but if it is not stable, then need to order another one. Quickly looked at Mikrotik, and seems that their routers are almost too feature rich, with PoE and more. Not a bad thing, but guess I'll be looking at routers without extra bells and whistles.

 

[sfx2000]

Quickly looked at Mikrotik, and seems that their routers are almost too feature rich, with PoE and more. Not a bad thing, but guess I'll be looking at routers without extra bells and whistles

MicroTik and pfSense appliances - very flexible/powerful - but a deep ramp up, like OpenWRT, these things imply that one knows what one is doing - eating babies is nothing for these boxes... rightfully so...

the EdgeRouter Lite - might be a good solution - good power, still a bit of a ramp up on the knowledge site - but an EdgeRouter Lite might be a good solution here... And still enough knobs/levers to get one into deep trouble - with your proposed network, you'd be smart to do some investigation before deploying things into production...