router and lan topology help please

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › router and lan topology help please

dreadpiratethomas

5 posts

Wannabe Geek

# 214412 10-May-2017 13:22

hi all.

Id like to be able to set up a vip at home, both for privacy and to get around some geoblocks.

My current network has a Spark supplied Huawei HG659b router in a cupboard that's connected to the Chorus ONT (fibre 100), then to a switch, and then via patch panel and cat 6 cabling to lan ports throughout the house. theres 2 x lan ports in every room. in 4 of the rooms i have wifi access points (airport extremes and expresses for wifi ... (the expresses are mainly for the airplay of music vs 'just' wifi access).

The wifi on the huawei is turned off as it was flaky, and I didn't need it. My laptops, devices, etc, seemed to be able to move from access point to access point as long as they were all apple, but moving from the 'huawei' room to a different room never seemed to work.

So, the VPN........ the huawei won't do VPN, apparently, and whilst I have set up and installed vpn software on a couple devices, and have changed the dns on the apple tv to access other country 'media' within existing apps, I can't access any other app stores. to do this, apparently, ill need to install the vpn further up the chain - i.e. on a router, not on the atv. And when / if I do this, I can no longer access NZ stuff like TV3 or Lightbox, unless I airplay, which gets annoying when I'm trying to watch tv and do laptop stuff at the same time.

Id like to add a second router, one that has gigabit lan, but doesnt need wifi. Id probably like this to be able to run a third party firmware like Tomato or DD WRT as I Imagine Ill be futzing with its settings a bit. It doesn't need to do much apart from be a good router, and hopefully allow me to store different vpn settings and switch between them easily. Anyone have recommendations?

And then I can't decide where to site it within the topology. If I put it in the cupboard with the other router, switch, and patch panel, and use the patch panel judiciously (i.e. bypassing the switch) Im guessing I can use lan ports in different rooms to differentiate between the 'foreign' router and the NZ one. Bearing in mind the laptops can use the vpn client anyway, and I don't care about phones and tablets being in 'new zealand'.... But maybe its just easier to locate it after the switch in the room where it will be used most and plug the ATV into that? what will work best from a not-buggy POV? and what settings would I put into the two different routers to make this work

timmmay

14878 posts

Uber Geek
+1 received by user: 2790

Trusted

Subscriber

# 1779096 10-May-2017 14:40

When you say "set up a VIP" I think you mean set up a VPN. Do you need to VPN your whole internet connection, just one device, or a subset of devices? Do you need to change the target country regularly? A VPN will slow your internet access.

You could perhaps add a gateway on your network that connects to a VPN, then point whatever device needs VPN access at that gateway. You can do that with a Raspberry Pi. I tried it once but got bored before I got it going.

xontech

255 posts

Ultimate Geek
+1 received by user: 53

# 1779131 10-May-2017 15:57

A bit of a PSA, but when you say privacy you really only mean privacy from your ISP right?

Setting up a VPN with a 3rd Party means that the 3rd Party, and their ISP etc, get to track your stuff. Their and your ISP probably won't be able to link your traffic out of the VPN to you, but the 3rd Party can. Basically, I'm suggesting choose a reputable VPN provider.

wazzageek

Go Hawks!
922 posts

Ultimate Geek
+1 received by user: 61

Trusted

Subscriber

# 1779136 10-May-2017 16:14

Mine is managed by turning off the DHCP server on the Huawei, then I have a separate device handling DHCP and DNS for my LAN. The DHCP tells the computers where to go for it's DNS settings, and the DNS server (dnsmasq) has a configuration to assist with where to point certain things (along with giving me a way of giving each device on my LAN it's own DNS entry, making some things very easy to remember...)

That coupled with a DNS service that provides a workaround geoblocks would complete the second part of your requirement.

You could use the DHCP server to hand out a default gateway that goes directly to a VPN endpoint to certain (or all) computers, as opposed to going directly to the Huawei - that would help with getting a VPN going. WRT to privacy, I would take note of what xontech has mentioned above.

darylblake

957 posts

Ultimate Geek
+1 received by user: 311

Trusted

# 1779184 10-May-2017 17:35

The HG659 is actually pretty sweet for home use. You are doing it well. Turning off the rubbish wifi, and using something a lot better. Also by using WAN port in, and one port on it out and letting at switch do its thing.

I have found if you have a LOT of devices, the DNS on it poops the bed sometimes.

For VPN you could use a mikrotik?

We use this : https://pritunl.com/

It works very well.

dreadpiratethomas

5 posts

Wannabe Geek

# 1779865 11-May-2017 20:25

hi all and thanks for replies so far. i guess to be more specific, id like a new router that...

1. has gigabit lan

2. supports UFB / vlan tagging (in case I decide later to make it my 'primary' router)

3. supports install of dd wrt or tomato, or supports openvpn with its default firmware

wifi performance or lack thereof is completely unimportant.

being cheap would be good too, but...

ive read the choose a router sticky thread but whilst its interesting its tricky to see if any of the recommendations theirein have the three requirements above.