"
Sorry -- I mistyped. Indeed I meant behind, not in front of.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Virtual private networks / Re: Separate device as VPN client on small network?
April 26, 2022, 09:46:03 PM #2
Virtual private networks / Re: Separate device as VPN client on small network?
April 26, 2022, 09:10:08 PM
Ah, some light is beginning to come on; thanks!
One question (for now): suppose there are two LAN devices plugged in to the OPNsense/Wireguard device ("VCD"), and that in turn is connected to the router. Say that for now, but not necessarily always, I want one LAN device to be tunneled, and the other not. I configure that in OPNsense's GUI. Now with respect to the not-tunneled device, the VCD is acting as a mere switch -- is effectively transparent -- in front of the router, correct?
One question (for now): suppose there are two LAN devices plugged in to the OPNsense/Wireguard device ("VCD"), and that in turn is connected to the router. Say that for now, but not necessarily always, I want one LAN device to be tunneled, and the other not. I configure that in OPNsense's GUI. Now with respect to the not-tunneled device, the VCD is acting as a mere switch -- is effectively transparent -- in front of the router, correct?
#3
Virtual private networks / Re: Separate device as VPN client on small network?
April 26, 2022, 03:37:43 PMQuote from: pmhausen on April 26, 2022, 03:19:46 PMPlease bear with me; I need more detail to understand how a VPN client device ("VCD") behind the router would work. In your suggestion, wouldn't all the devices which are candidates for use of the VPN client, including Wi-Fi devices, have to connect to the VCD? I would dynamically change which of them actually uses the VPN client by using the VCD's UI? The VCD would have one connection to the router?
You can place the Wireguard or OpenVPN device in your LAN behind your router, add a static route in your router for the remote network and be done with it. Why would you put the VPN device between router and modem?
#4
Virtual private networks / Re: Separate device as VPN client on small network?
April 26, 2022, 02:39:36 PM
Thanks, Bart. This helps me clarify my question.
There are disparate devices on my LAN: printer, tablets, mobile phones, five or so entertainment system devices, a small special-purpose server, etc. They mostly communicate, through the router, with the external internet rather than with each other. Some use ethernet and some use Wi-Fi to connect to the router. I assign devices that are eligible to use the VPN for internet communication static local IPs in the router's DHCP server. Then I can dynamically connect/disconnect such devices to the router's VPN client using the router's VPN Director feature. The VPN server is in the cloud.
I definitely want to avoid altering each LAN device's network configuration. Rather, I am wondering whether I could insert a new Wireguard client device between the router and the cable modem. As I said in my OP, I don't see how that could work, but I'm not a networking expert so maybe my vision is limited.
The alternative is replacing the current router with a new router+Wireguard client, such as a device running OPNsense and its Wireguard plugin, perhaps demoting the current router to a Wi-Fi access point.
There are disparate devices on my LAN: printer, tablets, mobile phones, five or so entertainment system devices, a small special-purpose server, etc. They mostly communicate, through the router, with the external internet rather than with each other. Some use ethernet and some use Wi-Fi to connect to the router. I assign devices that are eligible to use the VPN for internet communication static local IPs in the router's DHCP server. Then I can dynamically connect/disconnect such devices to the router's VPN client using the router's VPN Director feature. The VPN server is in the cloud.
I definitely want to avoid altering each LAN device's network configuration. Rather, I am wondering whether I could insert a new Wireguard client device between the router and the cable modem. As I said in my OP, I don't see how that could work, but I'm not a networking expert so maybe my vision is limited.
The alternative is replacing the current router with a new router+Wireguard client, such as a device running OPNsense and its Wireguard plugin, perhaps demoting the current router to a Wi-Fi access point.
#5
Virtual private networks / Separate device as VPN client on small network?
April 26, 2022, 02:07:57 AM
I'm happy with my ASUS/Merlin router except that I'd like to run a Wireguard client instead of OpenVPN. Can I put a separate device running OPNsense/Wireguard into/onto my LAN? I can't see a way to do it, but maybe you can! Right now I have a bunch of wired and Wi-Fi clients going into the router, and the router connected to a cable internet "modem." The router is applying policy rules about which LAN hosts use the OpenVPN client in the router.
Pages1
