Hello - i have read and read that the only way to filter specific LAN IP's through a VPN service is to set-up the Orbi in AP mode, and connect the Orbi to a seperate router to handle the VPN connection. Is that still the only way to do this?
Is there a guide/tutorial on how to set this up with a ERL3? Or is there a different router that is easier to set this up with?
Hello - i have read and read that the only way to filter specific LAN IPs through a VPN service is to set-up the Orbi in AP mode, and connect the Orbi to a seperate router to handle the VPN connection. Is that still the only way to do this?
Is there a guide/tutorial on how to set this up with a ERL3? Or is there a different router that is easier to set this up with?
It appears that the goal is to force the outgoing internet traffic from specific devices on the LAN (identified by their IP address) through a VPN. None of Netgear's routers feature any sort of Client VPN capability, let alone one that also includes the ability to filter specific IPs.
Instructions on how to deploy a Ubiquiti Edge Router Lite 3 for this purpose will have to come from Ubiquiti. There may be Netgear customers who also own Ubiquiti routers, but the chances of them following these forums is not great.
is there a way to use the orbi app settings such as parental controls and device manager when in API mode? From what i've read, it says no, but didn't know if there was a work around.
hmmmm...could I connect a secondary router to one of the LAN ports of the ORBI and route specified devices thro this secondary router? Or would the ORBI settings over-ride this?
Yes, it is definitely possible to connect another router to one of the Orbi LAN ports, which will force every device connected to that router to pass through that one Orbi LAN port. I personally have stacked three routers that way (as an experiment), and it certainly works. But....
Every router creates an IP subnet for all the devices connected to it. For example, suppose there are three routers:
Router 1 will create an IP subnet, often 192.168.1.x. Every device connected to this router will have an IP address starting with 192.168.1
Router 2 will have one of those IP addresses. It will create a different IP subnet for every device connected to it, usually 10.0.0.x
Router 3 will have one of those 10.0.0.x IP addresses. It will create an IP subnet, usually 192.168.1.x, so every device connected to Router 3 will have an internal IP address of 192.168.1.
Each of these routers will use Network Address Translation to tunnel traffic from its LAN devices. so
Every device connected to Router 3 will appear to be coming from IP 10.0.0.x (Router 3's IP address)
When packets pass through Router 2, they will appear to be coming from Router 2's IP address, 192.168.1.x
When packets pass through Router 1, they will appear to have the public IP adddress of Router 1.
If any of these routers is placed in Access Point (AP) mode, it will no longer create a new IP subnet, nor will it NAT traffic passing through it.
It remains unclear (to me) what the goal is. Most people who have up to 5 devices they want to use a VPN simply install VPN software on the device itself.
i'm trying to ensure that if the end user forgets to connect to the vpn client installed on the PC - I can route the traffic through a VPN at that level.
It does not matter to me where the "source" traffic appears to come from...and if I'm understanding you correctly, I could leave the ORBI out of AP mode, connect the secondary router...configure the VPN service on that secondary router, then connect those devices to the secondary router. That way the traffic on those devices will pass thro the secondary router, hit VPN, then the VPN traffic will pass to the ORBI.
I could probably hardcode the IP or MAC address for those devices and assign "names" to them as well if I needed (which I don't foresee) tracign back to the source device
Yes, this can work. I, personally, hesitate to recommend such a complicated configuration.
First, you have to find a WiFi router that includes VPN Client capability. There are no Netgear routers that have this feature.
This creates two entirely separate WiFi networks (one for those special devices and one (the Orbi) for everything else.)
That means two separate WiFi routers to maintain.
If the Orbi is providing a wider area of coverage, how will this new router match that coverage?
Whatever is hard coded on that second router will be invisible to the Orbi router (hidden behind the second router NAT).
My guess is that the first solution offered is probably the most efficient:
Choose a non WiFi router which is capable of designating that certain IP addresses are forced to use a VPN client (on that router)
Place the Orbi in AP mode so that the primary router recognizes the MAC address of every device that asks for an IP address and is put into the correct "pool" of IPs.
The problem is that I have no idea what router is capable of this. I guarantee no Netgear router can. This is just a guess, but I doubt very much that any of the major consumer WiFi products will, either (eero, Google, Linksys, TP-Link......)
It appears that Ubiquiti routers have the ability to become a VPN Client:
now my question is - does it matter what IP range I use for the ERL devices? My ORBI is 192.168.5.XXX should I do 192.168.9.XXX for the ERL? I assume they have to be different to avoid conflicts?
