How to set up a two Wifi Router home Network, with one providing regular internet Access and the other VPN...












1















In my home network, i am running two Wifi Routers,




  • a Buffalo WHR-HP-G300N running DD-WRT v24-sp2 (07/24/13) std (192.168.1.2)

  • a Linksys WRT320N running Shibby Tomato 1.28.0000 MIPSR2-121 K26 Max (192.168.1.3)


The Buffalo is providing a 2.4ghz Wifi Network, it maintains the PPPOE connection via my ADSL Line, provides DHCP Adress assignment (192.168.1.*) and has several devices connected to it (VoIP Phone etc.)



The Linksys is connected to the Buffalo through a LAN connection - WAN connection is disabled and the WAN port used as LAN, it provides a 5ghz Wifi Network and the devices supporting GBit Lan (Home Server, NAS) are connected via LAN to it, since the Linksys also does GBit switching.



I recently subscribed to a VPN Provider called Mullvad to enhance general privacy on outgoing connections / geolocation bypassing. Shibby Tomato is configured to establish the VPN connection and as far as i can tell, the connection is up and running - at least the logs don't provide information that anything goes wrong, i got a TUN (tun11) device in the routing tables etc.



I want to achieve the following:




  • The Linksys Wifi Network provides access to the internet over the VPN
    connection

  • The Buffalo Router provides access to the non-VPN Internet Link

  • On the Linksys, some devices on certain LAN ports should route all their internet
    traffic over the VPN

  • On the Linksys some devices should route ther traffic over the "normal" DSL
    connection

  • On the Buffalo all devices conncted to the LAN ports can use the regular DSL connection (no VPN needed for the LAN ports)

  • All devices should be able to connect to each other over the internal
    network (192.168.1.*)


Right now, no traffic is going out over the VPN, my assumption is, that since the Buffalo Router (192.168.1.2) assings the adresses over DHCP, it also announces itself as the default gateway... No matter if i turn on DHCP on the Linksys as well, anything that connects will get a default gateway of 192.168.1.2...



The routing table of the Linksys looks like this:
Routing Table Linksys



I have very limited knowledge of networks in this complexity, so i don't know what the best solution is, maybe using VLANs, maybe it involves a manual IPTables config on the router, this is beyond my understanding. Or maybe what i wish to do cannot be done at all?



Edit - In response to the Answer by Iszi:



I was wondering, if VLAN's wouldnt allow this type of behaviour? Both dd-wrt and Shibby's Tomato allow setting up VLAN's on a "per port" basis. I could set up a private Network for the Buffalo - distributing a DHCP adress space of 192.168.1.50-100 and NAT'ting these to the ADSL connection. All the traffic for that Network could be tagged with a VLAN ID, i.e. VLAN1



Then i could set up dual private Networks on the Linksys, i.e. distributing a DHCP adress space of i.e. 192.168.1.10-49 and tagging all the ports / interfaces that should connect with this as VLAN1 as well. From my limited understanding of the purpose of VLAN's, they are supposed to support exactly this use case of networks distributed on different routers, making them being handled as IF on the same network, according to their VLAN tagging.



Then i would set up and a second Network, distributing an DHCP adress space of 10.8.0.* tagging all the traffic on the desired ports / interfaces with i.e. VLAN2 ...



If i can achieve setting up the VPN as a gateway for the 10.8.0.* / VLAN2 network and the PPPOE connection as the gateway for 192.168.1.* / VLAN1 for that, it basically would allow me to assign VPN access per port / interface basis. So, again in theory, i could also set-up a primary 5ghz Wifi Connection routed into the 192.168.1.* network and Virtual Wireless AP routed into the a 10.8.0.* network...



What i dont understand is, how - or if, it would be possible to allow access from VLAN1 to VLAN2 (or if thats impossible).... The other thing is, that this is a purely theoretical consideration, since the necessary iptables setup is beyond my knowledge at this point. If somebody could outline the routing necessities or enlighten me IF and HOW this usage of VLANS make sense, i would appreciate it.










share|improve this question





























    1















    In my home network, i am running two Wifi Routers,




    • a Buffalo WHR-HP-G300N running DD-WRT v24-sp2 (07/24/13) std (192.168.1.2)

    • a Linksys WRT320N running Shibby Tomato 1.28.0000 MIPSR2-121 K26 Max (192.168.1.3)


    The Buffalo is providing a 2.4ghz Wifi Network, it maintains the PPPOE connection via my ADSL Line, provides DHCP Adress assignment (192.168.1.*) and has several devices connected to it (VoIP Phone etc.)



    The Linksys is connected to the Buffalo through a LAN connection - WAN connection is disabled and the WAN port used as LAN, it provides a 5ghz Wifi Network and the devices supporting GBit Lan (Home Server, NAS) are connected via LAN to it, since the Linksys also does GBit switching.



    I recently subscribed to a VPN Provider called Mullvad to enhance general privacy on outgoing connections / geolocation bypassing. Shibby Tomato is configured to establish the VPN connection and as far as i can tell, the connection is up and running - at least the logs don't provide information that anything goes wrong, i got a TUN (tun11) device in the routing tables etc.



    I want to achieve the following:




    • The Linksys Wifi Network provides access to the internet over the VPN
      connection

    • The Buffalo Router provides access to the non-VPN Internet Link

    • On the Linksys, some devices on certain LAN ports should route all their internet
      traffic over the VPN

    • On the Linksys some devices should route ther traffic over the "normal" DSL
      connection

    • On the Buffalo all devices conncted to the LAN ports can use the regular DSL connection (no VPN needed for the LAN ports)

    • All devices should be able to connect to each other over the internal
      network (192.168.1.*)


    Right now, no traffic is going out over the VPN, my assumption is, that since the Buffalo Router (192.168.1.2) assings the adresses over DHCP, it also announces itself as the default gateway... No matter if i turn on DHCP on the Linksys as well, anything that connects will get a default gateway of 192.168.1.2...



    The routing table of the Linksys looks like this:
    Routing Table Linksys



    I have very limited knowledge of networks in this complexity, so i don't know what the best solution is, maybe using VLANs, maybe it involves a manual IPTables config on the router, this is beyond my understanding. Or maybe what i wish to do cannot be done at all?



    Edit - In response to the Answer by Iszi:



    I was wondering, if VLAN's wouldnt allow this type of behaviour? Both dd-wrt and Shibby's Tomato allow setting up VLAN's on a "per port" basis. I could set up a private Network for the Buffalo - distributing a DHCP adress space of 192.168.1.50-100 and NAT'ting these to the ADSL connection. All the traffic for that Network could be tagged with a VLAN ID, i.e. VLAN1



    Then i could set up dual private Networks on the Linksys, i.e. distributing a DHCP adress space of i.e. 192.168.1.10-49 and tagging all the ports / interfaces that should connect with this as VLAN1 as well. From my limited understanding of the purpose of VLAN's, they are supposed to support exactly this use case of networks distributed on different routers, making them being handled as IF on the same network, according to their VLAN tagging.



    Then i would set up and a second Network, distributing an DHCP adress space of 10.8.0.* tagging all the traffic on the desired ports / interfaces with i.e. VLAN2 ...



    If i can achieve setting up the VPN as a gateway for the 10.8.0.* / VLAN2 network and the PPPOE connection as the gateway for 192.168.1.* / VLAN1 for that, it basically would allow me to assign VPN access per port / interface basis. So, again in theory, i could also set-up a primary 5ghz Wifi Connection routed into the 192.168.1.* network and Virtual Wireless AP routed into the a 10.8.0.* network...



    What i dont understand is, how - or if, it would be possible to allow access from VLAN1 to VLAN2 (or if thats impossible).... The other thing is, that this is a purely theoretical consideration, since the necessary iptables setup is beyond my knowledge at this point. If somebody could outline the routing necessities or enlighten me IF and HOW this usage of VLANS make sense, i would appreciate it.










    share|improve this question



























      1












      1








      1


      1






      In my home network, i am running two Wifi Routers,




      • a Buffalo WHR-HP-G300N running DD-WRT v24-sp2 (07/24/13) std (192.168.1.2)

      • a Linksys WRT320N running Shibby Tomato 1.28.0000 MIPSR2-121 K26 Max (192.168.1.3)


      The Buffalo is providing a 2.4ghz Wifi Network, it maintains the PPPOE connection via my ADSL Line, provides DHCP Adress assignment (192.168.1.*) and has several devices connected to it (VoIP Phone etc.)



      The Linksys is connected to the Buffalo through a LAN connection - WAN connection is disabled and the WAN port used as LAN, it provides a 5ghz Wifi Network and the devices supporting GBit Lan (Home Server, NAS) are connected via LAN to it, since the Linksys also does GBit switching.



      I recently subscribed to a VPN Provider called Mullvad to enhance general privacy on outgoing connections / geolocation bypassing. Shibby Tomato is configured to establish the VPN connection and as far as i can tell, the connection is up and running - at least the logs don't provide information that anything goes wrong, i got a TUN (tun11) device in the routing tables etc.



      I want to achieve the following:




      • The Linksys Wifi Network provides access to the internet over the VPN
        connection

      • The Buffalo Router provides access to the non-VPN Internet Link

      • On the Linksys, some devices on certain LAN ports should route all their internet
        traffic over the VPN

      • On the Linksys some devices should route ther traffic over the "normal" DSL
        connection

      • On the Buffalo all devices conncted to the LAN ports can use the regular DSL connection (no VPN needed for the LAN ports)

      • All devices should be able to connect to each other over the internal
        network (192.168.1.*)


      Right now, no traffic is going out over the VPN, my assumption is, that since the Buffalo Router (192.168.1.2) assings the adresses over DHCP, it also announces itself as the default gateway... No matter if i turn on DHCP on the Linksys as well, anything that connects will get a default gateway of 192.168.1.2...



      The routing table of the Linksys looks like this:
      Routing Table Linksys



      I have very limited knowledge of networks in this complexity, so i don't know what the best solution is, maybe using VLANs, maybe it involves a manual IPTables config on the router, this is beyond my understanding. Or maybe what i wish to do cannot be done at all?



      Edit - In response to the Answer by Iszi:



      I was wondering, if VLAN's wouldnt allow this type of behaviour? Both dd-wrt and Shibby's Tomato allow setting up VLAN's on a "per port" basis. I could set up a private Network for the Buffalo - distributing a DHCP adress space of 192.168.1.50-100 and NAT'ting these to the ADSL connection. All the traffic for that Network could be tagged with a VLAN ID, i.e. VLAN1



      Then i could set up dual private Networks on the Linksys, i.e. distributing a DHCP adress space of i.e. 192.168.1.10-49 and tagging all the ports / interfaces that should connect with this as VLAN1 as well. From my limited understanding of the purpose of VLAN's, they are supposed to support exactly this use case of networks distributed on different routers, making them being handled as IF on the same network, according to their VLAN tagging.



      Then i would set up and a second Network, distributing an DHCP adress space of 10.8.0.* tagging all the traffic on the desired ports / interfaces with i.e. VLAN2 ...



      If i can achieve setting up the VPN as a gateway for the 10.8.0.* / VLAN2 network and the PPPOE connection as the gateway for 192.168.1.* / VLAN1 for that, it basically would allow me to assign VPN access per port / interface basis. So, again in theory, i could also set-up a primary 5ghz Wifi Connection routed into the 192.168.1.* network and Virtual Wireless AP routed into the a 10.8.0.* network...



      What i dont understand is, how - or if, it would be possible to allow access from VLAN1 to VLAN2 (or if thats impossible).... The other thing is, that this is a purely theoretical consideration, since the necessary iptables setup is beyond my knowledge at this point. If somebody could outline the routing necessities or enlighten me IF and HOW this usage of VLANS make sense, i would appreciate it.










      share|improve this question
















      In my home network, i am running two Wifi Routers,




      • a Buffalo WHR-HP-G300N running DD-WRT v24-sp2 (07/24/13) std (192.168.1.2)

      • a Linksys WRT320N running Shibby Tomato 1.28.0000 MIPSR2-121 K26 Max (192.168.1.3)


      The Buffalo is providing a 2.4ghz Wifi Network, it maintains the PPPOE connection via my ADSL Line, provides DHCP Adress assignment (192.168.1.*) and has several devices connected to it (VoIP Phone etc.)



      The Linksys is connected to the Buffalo through a LAN connection - WAN connection is disabled and the WAN port used as LAN, it provides a 5ghz Wifi Network and the devices supporting GBit Lan (Home Server, NAS) are connected via LAN to it, since the Linksys also does GBit switching.



      I recently subscribed to a VPN Provider called Mullvad to enhance general privacy on outgoing connections / geolocation bypassing. Shibby Tomato is configured to establish the VPN connection and as far as i can tell, the connection is up and running - at least the logs don't provide information that anything goes wrong, i got a TUN (tun11) device in the routing tables etc.



      I want to achieve the following:




      • The Linksys Wifi Network provides access to the internet over the VPN
        connection

      • The Buffalo Router provides access to the non-VPN Internet Link

      • On the Linksys, some devices on certain LAN ports should route all their internet
        traffic over the VPN

      • On the Linksys some devices should route ther traffic over the "normal" DSL
        connection

      • On the Buffalo all devices conncted to the LAN ports can use the regular DSL connection (no VPN needed for the LAN ports)

      • All devices should be able to connect to each other over the internal
        network (192.168.1.*)


      Right now, no traffic is going out over the VPN, my assumption is, that since the Buffalo Router (192.168.1.2) assings the adresses over DHCP, it also announces itself as the default gateway... No matter if i turn on DHCP on the Linksys as well, anything that connects will get a default gateway of 192.168.1.2...



      The routing table of the Linksys looks like this:
      Routing Table Linksys



      I have very limited knowledge of networks in this complexity, so i don't know what the best solution is, maybe using VLANs, maybe it involves a manual IPTables config on the router, this is beyond my understanding. Or maybe what i wish to do cannot be done at all?



      Edit - In response to the Answer by Iszi:



      I was wondering, if VLAN's wouldnt allow this type of behaviour? Both dd-wrt and Shibby's Tomato allow setting up VLAN's on a "per port" basis. I could set up a private Network for the Buffalo - distributing a DHCP adress space of 192.168.1.50-100 and NAT'ting these to the ADSL connection. All the traffic for that Network could be tagged with a VLAN ID, i.e. VLAN1



      Then i could set up dual private Networks on the Linksys, i.e. distributing a DHCP adress space of i.e. 192.168.1.10-49 and tagging all the ports / interfaces that should connect with this as VLAN1 as well. From my limited understanding of the purpose of VLAN's, they are supposed to support exactly this use case of networks distributed on different routers, making them being handled as IF on the same network, according to their VLAN tagging.



      Then i would set up and a second Network, distributing an DHCP adress space of 10.8.0.* tagging all the traffic on the desired ports / interfaces with i.e. VLAN2 ...



      If i can achieve setting up the VPN as a gateway for the 10.8.0.* / VLAN2 network and the PPPOE connection as the gateway for 192.168.1.* / VLAN1 for that, it basically would allow me to assign VPN access per port / interface basis. So, again in theory, i could also set-up a primary 5ghz Wifi Connection routed into the 192.168.1.* network and Virtual Wireless AP routed into the a 10.8.0.* network...



      What i dont understand is, how - or if, it would be possible to allow access from VLAN1 to VLAN2 (or if thats impossible).... The other thing is, that this is a purely theoretical consideration, since the necessary iptables setup is beyond my knowledge at this point. If somebody could outline the routing necessities or enlighten me IF and HOW this usage of VLANS make sense, i would appreciate it.







      vpn openvpn tomato






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 30 at 16:54









      Hennes

      59.3k793143




      59.3k793143










      asked Sep 8 '14 at 8:59









      Hans MeiserHans Meiser

      14419




      14419






















          1 Answer
          1






          active

          oldest

          votes


















          1














          I strongly doubt you'll be able to get the configuration exactly as you want it, while having the router(s) handle the VPN connection. Particular challenges (if not flat-out impossibilities), are going to be:




          • Getting some ports on the Linksys to use the VPN, while others don't.

          • Getting anything from one router to talk over the LAN to devices on the other, while the Linksys is connected to the VPN.

          • Getting devices not on the VPN to communicate internally with devices which are on the VPN.


          I'm guessing your VPN provider only allows you to have one connection at a time, which is why you want to use a router to distribute access to that connection across multiple devices. Given that, here's the best I can come up with:





          Connect your routers as below.



          [Gateway]---WAN:[Buffalo]:LAN---WAN:[Linksys]


          Make sure both routers are configured to act as routers - not in a "bridge mode". Both routers should be getting WAN IPs via DHCP, and serving IPs to their respective LANs with DHCP. Make sure the LAN side of each router is on a different subnet (e.g.: Buffalo LAN on 192.168.1.0/24 and Linksys LAN on 192.168.2.0/24).



          Connect anything that needs to be on the VPN to the Linksys router, and everything else to the Buffalo router. Then, configure the VPN on the Linksys.





          With that configuration, everything behind the Linksys should be sending its traffic out the VPN while everything attached to the Buffalo will not. Depending on whether or not the VPN rules (or the Linksys VPN client itself) allows for split-tunneling, your devices may not be able to communicate internally. If split-tunneling is supported, devices behind the Linksys will probably be able to make outbound connections to devices connected to the Buffalo, but you will need to configure port forwarding for any connections inbound to the Linksys (even then, the VPN may or may not allow it).



          In short:




          • Subnet 1 to Internet: Direct

          • Subnet 2 to Internet: VPN

          • Subnet 2 to Subnet 1: Theoretically possible, depending on split-tunneling support.

          • Subnet 1 to Subnet 2: Unlikely possible. Will depend on split-tunneling support, and will require port forwarding and/or DMZ settings on the Linksys.




          What you should do, if you can, to set things up the way you want is to set up individual clients and connections for each of the devices you want to have on the VPN. That way, regardless of how you lay out your network infrastructure and other devices, those will be the only devices using the VPN and the others should be able to communicate freely between one another. Then, the only local connectivity problems you might have will be between the few devices that are on the VPN and those that aren't. This will also give those devices the ability to use the VPN outside of your local network.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f808677%2fhow-to-set-up-a-two-wifi-router-home-network-with-one-providing-regular-interne%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            I strongly doubt you'll be able to get the configuration exactly as you want it, while having the router(s) handle the VPN connection. Particular challenges (if not flat-out impossibilities), are going to be:




            • Getting some ports on the Linksys to use the VPN, while others don't.

            • Getting anything from one router to talk over the LAN to devices on the other, while the Linksys is connected to the VPN.

            • Getting devices not on the VPN to communicate internally with devices which are on the VPN.


            I'm guessing your VPN provider only allows you to have one connection at a time, which is why you want to use a router to distribute access to that connection across multiple devices. Given that, here's the best I can come up with:





            Connect your routers as below.



            [Gateway]---WAN:[Buffalo]:LAN---WAN:[Linksys]


            Make sure both routers are configured to act as routers - not in a "bridge mode". Both routers should be getting WAN IPs via DHCP, and serving IPs to their respective LANs with DHCP. Make sure the LAN side of each router is on a different subnet (e.g.: Buffalo LAN on 192.168.1.0/24 and Linksys LAN on 192.168.2.0/24).



            Connect anything that needs to be on the VPN to the Linksys router, and everything else to the Buffalo router. Then, configure the VPN on the Linksys.





            With that configuration, everything behind the Linksys should be sending its traffic out the VPN while everything attached to the Buffalo will not. Depending on whether or not the VPN rules (or the Linksys VPN client itself) allows for split-tunneling, your devices may not be able to communicate internally. If split-tunneling is supported, devices behind the Linksys will probably be able to make outbound connections to devices connected to the Buffalo, but you will need to configure port forwarding for any connections inbound to the Linksys (even then, the VPN may or may not allow it).



            In short:




            • Subnet 1 to Internet: Direct

            • Subnet 2 to Internet: VPN

            • Subnet 2 to Subnet 1: Theoretically possible, depending on split-tunneling support.

            • Subnet 1 to Subnet 2: Unlikely possible. Will depend on split-tunneling support, and will require port forwarding and/or DMZ settings on the Linksys.




            What you should do, if you can, to set things up the way you want is to set up individual clients and connections for each of the devices you want to have on the VPN. That way, regardless of how you lay out your network infrastructure and other devices, those will be the only devices using the VPN and the others should be able to communicate freely between one another. Then, the only local connectivity problems you might have will be between the few devices that are on the VPN and those that aren't. This will also give those devices the ability to use the VPN outside of your local network.






            share|improve this answer




























              1














              I strongly doubt you'll be able to get the configuration exactly as you want it, while having the router(s) handle the VPN connection. Particular challenges (if not flat-out impossibilities), are going to be:




              • Getting some ports on the Linksys to use the VPN, while others don't.

              • Getting anything from one router to talk over the LAN to devices on the other, while the Linksys is connected to the VPN.

              • Getting devices not on the VPN to communicate internally with devices which are on the VPN.


              I'm guessing your VPN provider only allows you to have one connection at a time, which is why you want to use a router to distribute access to that connection across multiple devices. Given that, here's the best I can come up with:





              Connect your routers as below.



              [Gateway]---WAN:[Buffalo]:LAN---WAN:[Linksys]


              Make sure both routers are configured to act as routers - not in a "bridge mode". Both routers should be getting WAN IPs via DHCP, and serving IPs to their respective LANs with DHCP. Make sure the LAN side of each router is on a different subnet (e.g.: Buffalo LAN on 192.168.1.0/24 and Linksys LAN on 192.168.2.0/24).



              Connect anything that needs to be on the VPN to the Linksys router, and everything else to the Buffalo router. Then, configure the VPN on the Linksys.





              With that configuration, everything behind the Linksys should be sending its traffic out the VPN while everything attached to the Buffalo will not. Depending on whether or not the VPN rules (or the Linksys VPN client itself) allows for split-tunneling, your devices may not be able to communicate internally. If split-tunneling is supported, devices behind the Linksys will probably be able to make outbound connections to devices connected to the Buffalo, but you will need to configure port forwarding for any connections inbound to the Linksys (even then, the VPN may or may not allow it).



              In short:




              • Subnet 1 to Internet: Direct

              • Subnet 2 to Internet: VPN

              • Subnet 2 to Subnet 1: Theoretically possible, depending on split-tunneling support.

              • Subnet 1 to Subnet 2: Unlikely possible. Will depend on split-tunneling support, and will require port forwarding and/or DMZ settings on the Linksys.




              What you should do, if you can, to set things up the way you want is to set up individual clients and connections for each of the devices you want to have on the VPN. That way, regardless of how you lay out your network infrastructure and other devices, those will be the only devices using the VPN and the others should be able to communicate freely between one another. Then, the only local connectivity problems you might have will be between the few devices that are on the VPN and those that aren't. This will also give those devices the ability to use the VPN outside of your local network.






              share|improve this answer


























                1












                1








                1







                I strongly doubt you'll be able to get the configuration exactly as you want it, while having the router(s) handle the VPN connection. Particular challenges (if not flat-out impossibilities), are going to be:




                • Getting some ports on the Linksys to use the VPN, while others don't.

                • Getting anything from one router to talk over the LAN to devices on the other, while the Linksys is connected to the VPN.

                • Getting devices not on the VPN to communicate internally with devices which are on the VPN.


                I'm guessing your VPN provider only allows you to have one connection at a time, which is why you want to use a router to distribute access to that connection across multiple devices. Given that, here's the best I can come up with:





                Connect your routers as below.



                [Gateway]---WAN:[Buffalo]:LAN---WAN:[Linksys]


                Make sure both routers are configured to act as routers - not in a "bridge mode". Both routers should be getting WAN IPs via DHCP, and serving IPs to their respective LANs with DHCP. Make sure the LAN side of each router is on a different subnet (e.g.: Buffalo LAN on 192.168.1.0/24 and Linksys LAN on 192.168.2.0/24).



                Connect anything that needs to be on the VPN to the Linksys router, and everything else to the Buffalo router. Then, configure the VPN on the Linksys.





                With that configuration, everything behind the Linksys should be sending its traffic out the VPN while everything attached to the Buffalo will not. Depending on whether or not the VPN rules (or the Linksys VPN client itself) allows for split-tunneling, your devices may not be able to communicate internally. If split-tunneling is supported, devices behind the Linksys will probably be able to make outbound connections to devices connected to the Buffalo, but you will need to configure port forwarding for any connections inbound to the Linksys (even then, the VPN may or may not allow it).



                In short:




                • Subnet 1 to Internet: Direct

                • Subnet 2 to Internet: VPN

                • Subnet 2 to Subnet 1: Theoretically possible, depending on split-tunneling support.

                • Subnet 1 to Subnet 2: Unlikely possible. Will depend on split-tunneling support, and will require port forwarding and/or DMZ settings on the Linksys.




                What you should do, if you can, to set things up the way you want is to set up individual clients and connections for each of the devices you want to have on the VPN. That way, regardless of how you lay out your network infrastructure and other devices, those will be the only devices using the VPN and the others should be able to communicate freely between one another. Then, the only local connectivity problems you might have will be between the few devices that are on the VPN and those that aren't. This will also give those devices the ability to use the VPN outside of your local network.






                share|improve this answer













                I strongly doubt you'll be able to get the configuration exactly as you want it, while having the router(s) handle the VPN connection. Particular challenges (if not flat-out impossibilities), are going to be:




                • Getting some ports on the Linksys to use the VPN, while others don't.

                • Getting anything from one router to talk over the LAN to devices on the other, while the Linksys is connected to the VPN.

                • Getting devices not on the VPN to communicate internally with devices which are on the VPN.


                I'm guessing your VPN provider only allows you to have one connection at a time, which is why you want to use a router to distribute access to that connection across multiple devices. Given that, here's the best I can come up with:





                Connect your routers as below.



                [Gateway]---WAN:[Buffalo]:LAN---WAN:[Linksys]


                Make sure both routers are configured to act as routers - not in a "bridge mode". Both routers should be getting WAN IPs via DHCP, and serving IPs to their respective LANs with DHCP. Make sure the LAN side of each router is on a different subnet (e.g.: Buffalo LAN on 192.168.1.0/24 and Linksys LAN on 192.168.2.0/24).



                Connect anything that needs to be on the VPN to the Linksys router, and everything else to the Buffalo router. Then, configure the VPN on the Linksys.





                With that configuration, everything behind the Linksys should be sending its traffic out the VPN while everything attached to the Buffalo will not. Depending on whether or not the VPN rules (or the Linksys VPN client itself) allows for split-tunneling, your devices may not be able to communicate internally. If split-tunneling is supported, devices behind the Linksys will probably be able to make outbound connections to devices connected to the Buffalo, but you will need to configure port forwarding for any connections inbound to the Linksys (even then, the VPN may or may not allow it).



                In short:




                • Subnet 1 to Internet: Direct

                • Subnet 2 to Internet: VPN

                • Subnet 2 to Subnet 1: Theoretically possible, depending on split-tunneling support.

                • Subnet 1 to Subnet 2: Unlikely possible. Will depend on split-tunneling support, and will require port forwarding and/or DMZ settings on the Linksys.




                What you should do, if you can, to set things up the way you want is to set up individual clients and connections for each of the devices you want to have on the VPN. That way, regardless of how you lay out your network infrastructure and other devices, those will be the only devices using the VPN and the others should be able to communicate freely between one another. Then, the only local connectivity problems you might have will be between the few devices that are on the VPN and those that aren't. This will also give those devices the ability to use the VPN outside of your local network.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 8 '14 at 16:45









                IsziIszi

                7,4583691158




                7,4583691158






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f808677%2fhow-to-set-up-a-two-wifi-router-home-network-with-one-providing-regular-interne%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Сан-Квентин

                    8-я гвардейская общевойсковая армия

                    Алькесар