NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBK852 behind DDWRT VPN
Hi network gurus. Bit of a confused networking novice here.
I've got an R7000 running DDWRT mainly for the policy based routing for specific IPs through a VPN client. I'd like to relieve it of DHCP duties and leave that up to the RBK852 with IP reservations. Is it possible to have:
Internet modem -- R7000 (DDWRT VPN client) -- RBK852 (DHCP server)
I've previously run the RBK852 in AP mode, but that leaves the R7000 running the VPN client, policy routing, and DHCP server. I've also tried putting the RBK852 behind a VPN-routed IP (LAN port on R7000 connected to WAN on RBK852), but that puts every device connected to the RBK852 behind the VPN (essentially double NAT...ed?)
The question is, am I able to put the R7000 running DDWRT into bridge mode and keep the policy based VPN routing and VPN client settings, but leave the rest off the router functionalities to the RBK852, or is there some other way of offloading the R7000? I could run two LANs, one behind a VPN and one not, but how do I allow the local devices to talk to each other? Would giving the RBK852 the same DHCP range as the R7000 work (e.g. make R7000 192.168.1.1, connect to the WAN port of the RBK852 and make it 192.168.1.2, and make the DHCP range 192.168.1.xxx) to allow all local devices to communicate?
11 Replies
Something you'll need to ask the DD-WRT community about regarding there product since you have the R7000 loaded with it.
Bridge mode on most most routers sets up a wireless brige mode client.
Most common configuration for Orbi is:
Internet modem -- R7000 (DDWRT VPN client/Router mode) -- RBK852 (DHCP server/Router mode) Using the R7000 DMZ for the RBR.
or
Internet modem -- R7000 (DDWRT VPN client/Router mode) -- RBK852 (AP Mode) Using the R7000 as host router for the RBR.
- DHCP is a minimal work load. (very close to zero)
I did not mean to be abrupt on the previous answer, but was "out and about" typing on a cell phone.
The DHCP protocol for managing IP addresses consists of six tiny packets of data:
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
The default lease time for residential routers is typically one day (86,400 seconds). Devices seek to renew the lease when it is half expired (43,200 seconds). So, if there are 100 devices on the network, they will create 1,200 tiny data packets in a full day (add in some more for devices that get turned off/on or leave and come back, and the total is still well under 2,000 packets per day.
Processing a couple of thousand DHCP packets is practically nothing compared to routing all the VPN traffic and processing every packet that goes to/from the internet.
If DD-WRT has logging enabled, that will consume far more resources than DHCP management.
p.s. I am 99% certain that placing any router in "bridge" or "passthrough" mode renders it incapable of any routing functions, such as that VPN management which is the primary reason for placing this router ahead of the Orbi.
Thanks for the quick replies! I'll look into those suggestions
For a completely different approach have you considered using Pihole as your dns/dhcp server? You can run it in a container on any system or pick up a RaspberryPI Zero and set it up there.
Hmmm...that's an interesting solution. What would be the benefit (appart from add blocking) of using pihole as the dhcp server? I'd assume I'd still have to put the R7000 and the RBK852 into AP/bridge mode and might not be able to get the policy based routing on the R7000 still? I'd forgotten that pihole can also be a dhcp server. I've got a couple of piholes as dns servers (primary and backup) but don't have the dhcp enabled. Thanks for the reply!
