Orbi WiFi 7 RBE973
Reply

RBK852 behind DDWRT VPN

sfung83
Aspirant

RBK852 behind DDWRT VPN

Hi network gurus. Bit of a confused networking novice here.

 

I've got an R7000 running DDWRT mainly for the policy based routing for specific IPs through a VPN client. I'd like to relieve it of DHCP duties and leave that up to the RBK852 with IP reservations. Is it possible to have:

 

Internet modem -- R7000 (DDWRT VPN client) -- RBK852 (DHCP server)

 

I've previously run the RBK852 in AP mode, but that leaves the R7000 running the VPN client, policy routing, and DHCP server. I've also tried putting the RBK852 behind a VPN-routed IP (LAN port on R7000 connected to WAN on RBK852), but that puts every device connected to the RBK852 behind the VPN (essentially double NAT...ed?)

 

The question is, am I able to put the R7000 running DDWRT into bridge mode and keep the policy based VPN routing and VPN client settings, but leave the rest off the router functionalities to the RBK852, or is there some other way of offloading the R7000? I could run two LANs, one behind a VPN and one not, but how do I allow the local devices to talk to each other? Would giving the RBK852 the same DHCP range as the R7000 work (e.g. make R7000 192.168.1.1, connect to the WAN port of the RBK852 and make it 192.168.1.2, and make the DHCP range 192.168.1.xxx) to allow all local devices to communicate?

Model: R7000|AC1900 Smart WIFI Router
Message 1 of 12
FURRYe38
Guru

Re: RBK852 behind DDWRT VPN

Something you'll need to ask the DD-WRT community about regarding there product since you have the R7000 loaded with it.

 

Bridge mode on most most routers sets up a wireless brige mode client. 

 

Most common configuration for Orbi is:

Internet modem -- R7000 (DDWRT VPN client/Router mode) -- RBK852 (DHCP server/Router mode) Using the R7000 DMZ for the RBR. 

or

Internet modem -- R7000 (DDWRT VPN client/Router mode) -- RBK852 (AP Mode) Using the R7000 as host router for the RBR. 

 

Message 2 of 12
CrimpOn
Guru

Re: RBK852 behind DDWRT VPN

DHCP is a minimal work load. (very close to zero)
Message 3 of 12
CrimpOn
Guru

Re: RBK852 behind DDWRT VPN

I did not mean to be abrupt on the previous answer, but was "out and about" typing on a cell phone.

 

The DHCP protocol for managing IP addresses consists of six tiny packets of data:

https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol 

The default lease time for residential routers is typically one day (86,400 seconds).  Devices seek to renew the lease when it is half expired (43,200 seconds).  So, if there are 100 devices on the network, they will create 1,200 tiny data packets in a full day  (add in some more for devices that get turned off/on or leave and come back, and the total is still well under 2,000 packets per day.

 

Processing a couple of thousand DHCP packets is practically nothing compared to routing all the VPN traffic and processing every packet that goes to/from the internet.

 

If DD-WRT has logging enabled, that will consume far more resources than DHCP management.

 

p.s. I am 99% certain that placing any router in "bridge" or "passthrough" mode renders it incapable of any routing functions, such as that VPN management which is the primary reason for placing this router ahead of the Orbi.

Message 4 of 12
sfung83
Aspirant

Re: RBK852 behind DDWRT VPN

Thanks for the quick replies! I'll look into those suggestions

Message 5 of 12
ducs4rs
Tutor

Re: RBK852 behind DDWRT VPN

For a completely different approach have you considered using Pihole as your dns/dhcp server? You can run it in a container on any system or pick up a RaspberryPI Zero and set it up there.

Message 6 of 12
sfung83
Aspirant

Re: RBK852 behind DDWRT VPN

Hmmm...that's an interesting solution. What would be the benefit (appart from add blocking) of using pihole as the dhcp server? I'd assume I'd still have to put the R7000 and the RBK852 into AP/bridge mode and might not be able to get the policy based routing on the R7000 still? I'd forgotten that pihole can also be a dhcp server. I've got a couple of piholes as dns servers (primary and backup) but don't have the dhcp enabled. Thanks for the reply!

Message 7 of 12
CrimpOn
Guru

Re: RBK852 behind DDWRT VPN


@sfung83 wrote:

What would be the benefit (appart from add blocking) of using pihole as the dhcp server?


Well, this would be a "growth opportunity" as you learn how to manage DHCP IP reservations on a different system.

There are users who seriously maintain that the Orbi DHCP process is flawed*.  Maybe the Pi-hole DHCP process is flawed in different ways?  If you have invested much time and effort into the R7000 DHCP setup, I  don't see much gain from switching.

 

* The biggest complaint (which I agree with) is that creating an IP reservation for a device will not cause the device to switch from an existing IP address to the one the user wants it to have.  Every time the device goes to renew the lease, the Orbi says, "oh, you are using that IP? Cool. Keep using it."  When what it should say is, "oh, no you don't.  says here in my tables that you need to use this other IP. Change now!"

(I paraphrase a bit.) 

Message 8 of 12
ducs4rs
Tutor

Re: RBK852 behind DDWRT VPN

FWIW I run Opnsense using Wiregard VPN via PIA. I use policy based routing for certain systems. I have the Orbi in AP mode which is no more than a dumb wireless switch. DNS request are handled by PiHole. I keep DHCP on Opnsense but could easily service them via PiHole.

 

Do you use a different subnet for your policy based clients? Or do you route traffic based on clients IP? I do the latter. I do have a subnet setup for guests that come to the house. That is run through a different vlan and that vlan has seperate WIFI APs. I throttle that subnet throughput. I have a rule setup to direct DNS requests on the guest subnet to PiHole on the home network. All works good.

 

I built a Proxmox server that runs Opnsense in a VM, along with a few Windows 10 and Linux VMs. One of the Linux VMs is running Plex. I passthrough a GPU to Plex for transcoding. All works great.

Message 9 of 12
sfung83
Aspirant

Re: RBK852 behind DDWRT VPN

Not a bad argument at all. I'm a bit of an amateur tinkerer and serial hobbyist so I'll add it to the list of things to work out how to do! Also love how you've somehow managed to humanise an Orbi haha

Message 10 of 12
sfung83
Aspirant

Re: RBK852 behind DDWRT VPN

Thanks for the info! At the moment I'm running the orbi in AP mode and the R7000 is dealing with the VPN. The traffic is routed based on IP. I've not used Opnsense before so I'll have to look into that too

Message 11 of 12
ducs4rs
Tutor

Re: RBK852 behind DDWRT VPN

I ran DD-WRT for many years. Went to a MicroTik router then over to Opnsense. Opnsense is very feature rich, has great community support. Runs great in a VM. I also have a Supermicro XEON Atom box loaded with Opnsense for backup. Opnsense is a fork of PFSense.

Message 12 of 12
Top Contributors
Discussion stats
  • 11 replies
  • 2290 views
  • 1 kudo
  • 4 in conversation
Announcements

Orbi 770 Series