Correct.Okay so to recap and make sure on same page.
1. VDSL Modem/Wifi Router is where internet terminates. The modem gets the public IP.
It provides a flat network of 192.168.2.0/24 where the modem router is the gateway 192.168.2.1
2. HEX is a second router with NAT, its WANIP for all intensive purposes is 192.168.2.2 with gateway 192.168.2.1 and provides NAT for vlans 800 and 900
Yes, the router provides 2 separate subnets as described. The guest lan (tagged as vlan1790) is only processed at layer 2 in the hex and forwarded via the trunk ports to the other switches so it is available there as well.Your diagram is confusing it implies that the wifi router has a vlan 200 and a vlan 1790 but quite clearly you state that the LAN on the wifi router gets tagged with vlan200 at the hex.
So how does 17980 come into play. How does the VSDL modem have two LAN subnets ???
I can only assume that this vdsl modem router provides two subnets, a LAN trusted subnet which we know about 192.168.2.0/24 but it has a guest network isolated for both ethernet and wifi? and is what you are calling 1790, although it has no practical affiliation with the hex at all that I can see.
However you have it coming off ether2 , into the hex, so I will assume for some reason you want to be able to extend this guest network from the wifi router to the rest of the network and thus have to vlan it when it hits the hex..... In this case its just a passthrough and not really local to the hex ( hex not involved in dhcp etc).
Use Case A.Lastly you want to be able to create a wireguard server on the HEX and you need to confirm that you can forward a port on the VDLS modem router to the hex on 192.168.2.2 ?????
I will assume this is the case.....
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
As far as wireguard goes, you have what coming in........
A. single remote users only ?
B. other MT routers with whole subnets ?
C. something else?
Port forwarding on the internet router is working, I can establish a wireguard connection from the 2 configured laptops. The Hex is reachable from there (on all subnets, so on .253.2, .2.2, .8.2 and .9.2), just not any other device on the .2.0, .8.0 and .9.0 subnets. Client IP config is as follows:
Code:
me@roadwarrior2 ~ % ip a show dev wg_hex10: wg_hex: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 192.168.253.101/24 brd 192.168.253.255 scope global noprefixroute wg_hex valid_lft forever preferred_lft forever inet6 fe80::acee:a55c:5740:adfb/64 scope link stable-privacy proto kernel_ll valid_lft forever preferred_lft foreverme@roadwarrior2 ~ % ip rdefault via 192.168.179.1 dev wlp3s0 proto dhcp src 192.168.179.6 metric 600192.168.2.0/24 via 192.168.253.2 dev wg_hex proto static metric 1192.168.8.0/24 via 192.168.253.2 dev wg_hex proto static metric 2192.168.9.0/24 via 192.168.253.2 dev wg_hex proto static metric 3192.168.179.0/24 dev wlp3s0 proto kernel scope link src 192.168.179.6 metric 600192.168.253.0/24 dev wg_hex proto kernel scope link src 192.168.253.101 metric 50Statistics: Posted by phlinx — Wed Jan 03, 2024 10:42 am