how to share single computer/printer across both guest and wpa2-personal protected networks

[cuekay]

I was wondering how I might be able to accomplish this. I'm mainly asking such that I can share a printer between both the guest and wpa2-personal protected networks, but figured I'd also describe it as a "computer" since the printer I'm connected has an IP address within the wpa2-protected network as if it were a computer/workstation. Thank you!

 

[Martineau]

I was wondering how I might be able to accomplish this. I'm mainly asking such that I can share a printer between both the guest and wpa2-personal protected networks, but figured I'd also describe it as a "computer" since the printer I'm connected has an IP address within the wpa2-protected network as if it were a computer/workstation. Thank you!

When I originally wrote a script to map SSIDs to VPNs, the top must-have feature that was constantly asked for was "allow access to LAN printers".

Now with the need to use the isolated Guest WiFi SSIDs for (non-VPN) IoT, it is now becoming increasingly common to create custom 'pin-holes' through the firewall.

e.g. Share two "printers" 192.168.1.123 and 192.168.1.222 for the 2.4GHz Guest 1 SSID.

./WiFiVPN.sh   wl0.1   novpn   lanip=192.168.1.123,192.168.1.222

NOTE: The two LAN devices cannot initiate unsolicited outbound connections.

Spoiler: WiFiVPN.sh script help

./WiFiVPN.sh -h

#============================================================================== © 2016-2018 Martineau, v01.08
#
# Configure a WiFi interface to use a VPN Client connection (called from 'vpnclientX-route-up)
#
#          WiFiVPN     [ {'help'} | {'-h'} | status | diag]
#                      { wifi_interface | ssid [ vpn_number | 'del' | 'status'] }  ['nodns'] ['autodnsmasq'] ['nobridge']
#                      ['openlan'] ['novpn'] ['vlan'{X} [notag]] ['debug'] ['brctlopt']
#                      ['lanip='lan_ip[,...]] ['pinhole='lan_ip[:port[:'tcp'|'udp'[:'src'|'dst']][,...]] [log]
# e.g.
#          WiFiVPN
#                      List ALL WiFi interfaces and associated VPN bridges.
#          WiFiVPN     wl0.2 1
#                      Guest 2.4Ghz #2 (wl0.2) is forced to use VPN Client 1 using bridge 1 (br1) and forces VPN 1 DNS
#          WiFiVPN     wl0.2 del
#                      Guest 2.4Ghz #2 (wl0.2) is reset to use the WAN rather than the VPN
#          WiFiVPN     wl0.2 nodns
#                      Guest 2.4Ghz #2 (wl0.2) is forced to use VPN Client 1 using bridge 1 (br1) and uses router DNS.
#          WifiVPN     wl1.3 status
#                      Guest 5Ghz #3 (wl1.3) config is listed in detail.
#          WiFiVPN     br2g24 5
#                      Guest SSID 'br2g24' (could be 2.4GHz Wifi Guest #2!?) is forced to use VPN Client 5 using bridge 5 (br5) and forces VPN 5 DNS
#          WiFiVPN     eth1 1 log
#                      2.4Ghz WiFi network (eth1) is forced to use VPN Client 1 using bridge 1 (br1) and forces VPN 1 DNS,
#                      but ACCEPT/DROP replaced by logaccept/logaccept for diagnostic tracking in Syslog.
#          WiFiVPN     eth2 2
#                      5Ghz WiFi network (eth2) is forced to use VPN Client 2 using bridge 2 (br2) and forces VPN 2 DNS
#          WiFiVPN     wl1.2 2 lanip=10.88.8.131,10.88.8.99:161 pinhole=10.88.8.111:3030:udp:src
#                      Guest 5Ghz #2 (wl1.2) is forced to use VPN Client 2, and bridge 2 (br2) has full access to LAN device 10.88.8.131,
#                      and Port 161 on LAN device 10.88.8.99. Also LAN device 10.88.8.111 with source Port 3030 can access the VPN bridge.
#          WiFiVPN     status
#                      List ALL WiFi interfaces and associated VPN bridges.
#          WiFiVPN     diag
#                      List ALL WiFi interfaces and associated VPN bridges. Prompts to delete/show config.
#          WiFiVPN     wl1.2 novpn
#                      Guest 5Ghz #2 (wl1.2) will be created on next available bridge, and will explicitly use the WAN
#          WiFiVPN     wl1.2 novpn vlan4
#                      Guest 5Ghz #2 (wl1.2) will be created on next available bridge, and will explicitly use the WAN, also
#                      Switch tagged (trunk) Port 4 (br40) will be attached to the WiFi bridge.
#          WiFiVPN     wl1.3 novpn vlan4 notag
#                      Guest 5Ghz #3 (wl1.3) will be created on next available bridge, and will explicitly use the WAN, also
#                      Switch un-tagged Port 4 (br40) will be attached to the WiFi bridge.

If you wish to try out my script let me know.

 

[cuekay]

awesome. thanks, Martineau. That's great to see that this is available as an option. I'll probably loop back to it if I see a pressing need for this since I can already sense that there will be hours spent on debugging as is usually the case when I introduce something new to my router configuration.