help trying to setup vlans

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

slowpoke

New Around Here
First time building a home network, I'm trying to separate two devices with vlan, how do I achieve this on AC86U?
this is my setup

scenario1.jpg

on the switch I created 2 untagged vlans that cannot ping each other, but cant figure out how to assign them different IP addresses?
 

Jack Yaz

Part of the Furniture
On that router model, not easily. It's possible but you will most likely see your router log spammed with "protocol is buggy" where VLANs aren't fully compatible, likely due to hardware acceleration
 

slowpoke

New Around Here
thanks for replying, I should of checked better before purchasing.
I need a router that can do vlan and openvpn server up to 500Mbps, could you please recommend a suitable router? Is that possible with d-link DIR-878 maybe?
edit: type error, its 50Mbps openvpn server not 500Mbps.
 
Last edited:

eibgrad

Very Senior Member
FYI. Your OpenVPN server (from the perspective of its OpenVPN clients) is always limited by the upload bandwidth of your ISP, which for many of us is far below 50Mbps. In my own case, my ISP provides only 10Mbps upload. And if your ISP is similarly limiting, it isn't going to matter all that much which router you use, at least wrt this one requirement.
 
Last edited:

slowpoke

New Around Here
Appreciate your advice, didn't even think about the upload speed but it makes sense now.
I only have 5Mbps upload, any reliable router you can recommend that supports openvpn and vlan that's easy for a newbie to setup?
 

nbdwt73

Regular Contributor
I am not completely clear on your ultimate objective but assuming that you are simply trying to separate two (or more) user groups from each other... Have you considered a different approach to your vlan issue? If that is the case look at using a managed switch (like an inexpensive Netgear). I have used those in the past to setup vlans in an Asus environment.

see https://kb.netgear.com/30818/How-to...AR-managed-switch-with-shared-internet-access
 

slowpoke

New Around Here
I am using a L2 managed switch and have them separated but also want to block PC2 from the internet and be able to access it through openvpn, is this possible?
 

nbdwt73

Regular Contributor
Still not clear... Are you trying to access PC2 from a remote client thru ovpn? Obviously that will require internet (or private network...).
 
Last edited:

slowpoke

New Around Here
Yes sorry I'm trying my best to explain very new to this subject, I want to restrict PC2 to all internet access except when I connect thru openvpn.
Do I need a second router just for PC2?
 

eibgrad

Very Senior Member
Yes sorry I'm trying my best to explain very new to this subject, I want to restrict PC2 to all internet access except when I connect thru openvpn.
Do I need a second router just for PC2?

Use PBR (policy based routing) plus a kill switch in the OpenVPN client. That will do exactly what you want. No need for VLANs at all.

P.S. It would help if you were specific when referencing OpenVPN; client or server. My comments assume you're referring to the OpenVPN client. But your original concern was about OpenVPN server. So I'm not 100% sure which is the case here.
 
Last edited:

slowpoke

New Around Here
Hope I can explain it better, this is all new to me I didn't know what's a gateway a week ago.
The ac86u is running vpn server, PC1 is my dekstop and PC2 is basically NVR connected to IP cameras.
I'm using openvpn connect on mobile and get notifications from the cameras, the switch is smart managed TSG105E, is this a safe setup?
Thank you all for your patience.
 

eibgrad

Very Senior Member
Hope I can explain it better, this is all new to me I didn't know what's a gateway a week ago.
The ac86u is running vpn server, PC1 is my dekstop and PC2 is basically NVR connected to IP cameras.
I'm using openvpn connect on mobile and get notifications from the cameras, the switch is smart managed TSG105E, is this a safe setup?
Thank you all for your patience.

So my suggestion about configuring the OpenVPN client is NOT relevant, and your real issue is how to make sure that remote access to the NVR on PC2 is done securely using the OpenVPN server? Or the OpenVPN client was relevant, and you're now addressing a different issue?
 

Jack Yaz

Part of the Furniture
Create/edit /jffs/scripts/firewall-start with the below contents
Code:
#!/bin/sh
for ACTION in -D -I ; do
    iptables $ACTION FORWARD -i br0 -o eth0 -s 10.14.16.81/32 -j REJECT 2>/dev/null
    iptables $ACTION FORWARD -i br0 -o tun1+ -s 10.14.16.81/32 -j REJECT 2>/dev/null
    iptables $ACTION FORWARD -o br0 -i eth0 -d 10.14.16.81/32 -j DROP 2>/dev/null
    iptables $ACTION FORWARD -o br0 -i tun1+ -d 10.14.16.81/32 -j DROP 2>/dev/null
done
Replace 10.14.16.81 with the IP of your NVR, and eth0 with your WAN interface if you're using PPPOE/non-automatic IP setting.

These firewall rules block the NVR from talking to the outside world using the WAN or VPN Clients. VPN Servers use tun21 and tun22, and are implicitly allowed due to the default ACCEPT policy of the FORWARD chain.
 

slowpoke

New Around Here
Yes sir, PC2 does not have an OpenVPN client. The issue is if I block PC2 using 'Client status' bubble I cant access the stream at all.
The second issue is I want to keep receiving notifications when I'm connected to openvpn connect on my phone.
edit: Thank you very much Jack I will do that, was just looking at the amtm guide. should I also install Skynet?
 
Last edited:

slowpoke

New Around Here
Hi fellas I'm trying a different approach. to configure the dual WAN and use secondary WAN just for 'PC2', both connections are pppoe.
I run a speed test and get different results as they should, but have the same public IP and DHCP.
Any way to fix this? another problem is ddns stuck on authorizing, even after turning off dual wan
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top