Setting up VPN/VLAN and Dual NIC

Sonnie · 2024-07-17T13:40:29-0400

Here are the diagrams for both networks. I have an extra TP-Link ER605 1G Router that is not being used and a few other unmanaged switches.

I thought installing Wireguard on the Omada OC300 Controller would be the way to create the VPN, and use my domain name to access the VPN network.

The Automation Guy · 2024-07-17T15:02:42-0400

Because you have isolated the camera network physically, there is no need to use a VLAN for this and therefore you don't need a managed switch at the gate location. (This is assuming the wireless AP at the gate is only going to be used for a wireless camera and not other non-camera related data).

I see you have the second NIC in the BI machine acting as the "bridge" between the two networks. This is exactly how you would expect to handle it. Just make sure both networks (camera and everything else) are on two different network address subnets. (Perhaps cameras on 192.168.0.X/24 and everything else on 192.168.1.x/24).

Sonnie · 2024-07-17T15:05:06-0400

Yep... right now the Internet network is on 192.168.0.x and the camera network is on 10.11.12.x

MTL4 · 2024-07-17T17:12:01-0400

Sonnie said:
Here are the diagrams for both networks. I have an extra TP-Link ER605 1G Router that is not being used and a few other unmanaged switches.

I thought installing Wireguard on the Omada OC300 Controller would be the way to create the VPN, and use my domain name to access the VPN network.

Your setup diagram looks great and wireguard for the VPN would also be a great choice for quite a few reasons.

This should help with the VPN setup on the Omada controller:

https://www.reddit.com/r/TPLink_Omada/s/vKKX40UlMU

From the diagram one suggestion is that you could switch over to multimode fiber on the SFP+ ports to make your life a bit easier (fiber is easier at 10G+ IMHO) but again both can work so it’s not a dealbreaker either way.

Sonnie · 2024-07-17T17:23:52-0400

So I can switch from singlemode to multimode without running another fiber cable between media converters?

MTL4 · 2024-07-17T17:34:12-0400

Sonnie said:
So I can switch from singlemode to multimode without running another fiber cable between media converters?

I was think more about the 10G port connections on your internet network between the internet, switches and your router. The links are treated separately since they all terminate at the SFP ports and are then translated into digital data on each end. So you could run single mode on one and multi mode on another and copper on a third and it would function just fine. You must run the same converter type (SFP/SFP+, SM/MM/copper) on each end of the connection and it also must match the cable/fiber type you’re using on that connection or they won’t be able to communicate with each other.

duplo · 2024-07-17T17:56:28-0400

Sonnie said:
So I can switch from singlemode to multimode without running another fiber cable between media converters?

No !
You made the mistake to run only ONE singlemode fiber back then (from my understanding). Now you have to stick to singlemode fiber. Most easy way is to use a converter, like you already do.

If the "cable" is a multimode fiber, then it could be possible to get over it. But fiber is not easy to handle, so most easy way is to use 2 fibers and SC duplex plugs.

You can try to get SFP+ module for singlemode , but they are rarely, expensive and it must be compatible with the switch !

Because this is going back and forth..

Your plan will never work. You need vlans for "somehow" isolation or just put everything into one physical network and use different ip ranges with static ips

What people here not understand
You cannot isolate the cams because there is a wifi acces point and in the other thread you told that the gate controller needs lan connection.

MTL4 · 2024-07-17T18:02:37-0400

duplo said:
Your plan will never work. You need vlans for "somehow" isolation or just put everything into one physical network and use different ip ranges with static ips

What people here not understand
You cannot isolate the cams because there is a wifi acces point and in the other thread you told that the gate controller needs lan connection.

Go back and read the thread. That access point is POE power only, no data (and thus no VLANs needed). His plan is perfectly fine.

duplo · 2024-07-17T18:04:05-0400

Who needs an access point without any data (poe only) ? Wtf just unplug it.
What are you talking ?

Sonnie · 2024-07-17T18:04:27-0400

duplo said:
What people here not understand
You cannot isolate the cams because there is a wifi acces point and in the other thread you told that the gate controller needs lan connection.

The gate installer said he would likely install a Bluetooth module to operate the gate, or we could use a mobile app. I don't believe the WiFi AP will be needed for "Internet" connection. It would only be to communicate with the keypad functions and keypad camera (if even that).

duplo · 2024-07-17T18:06:39-0400

This will be a ready solution aka intercom device.
If there is a camera and mobile app, its just a cloud device which needs internet.

MTL4 · 2024-07-17T18:15:58-0400

Sonnie said:
The gate installer said he would likely install a Bluetooth module to operate the gate, or we could use a mobile app. I don't believe the WiFi AP will be needed for "Internet" connection. It would only be to communicate with the keypad functions and keypad camera (if even that).

Most gate controllers are designed to not have internet access since the gate could be a large distance from any utilities (some even use solar power with battery backup). You’ll be fine.

duplo · 2024-07-17T18:23:35-0400

MTL4 said:
Most gate controllers are designed to not have internet access since the gate could be a large distance from any utilities (some even use solar power with battery backup). You’ll be fine.

So the gate has a keypad with camera, which can be controlled with an app.

this works without internet ? over bluetooth ? ahaha

are u sure ? and what function has the keypad camera ?

Sonnie · 2024-07-17T19:00:34-0400

Just hung up with my gate installer. The plan was to use cellular, but he has pretty much talked me out of it. Not only have they doubled in annual cost (about $600 annually for the number of users we need), but the cellular app is inferior to MyQ, which is free and what he uses on his own gate and recommends I use. It requires Internet to the switch. It does use Bluetooth to signal the gate controller, etc, but if I want to control the gate when away from home, I have to be able to connect to it through the Internet.

Ugggghhhhh!

Soooooooo... guess I will need to use the dual vlan method or some other method of security.

The dual NIC is not a waste because I wanted a 2.5G NIC in this computer anyway.

I assume I will still need a Wireguard VPN. Is there a tutorial here on setting up dual vlans? Can anyone use the network drawings I provided and show me the best way to route everything?

On another note... the AP at the gate is not needed for anything... it is of no use at the gate.

Search

Setting up VPN/VLAN and Dual NIC

Sonnie

The Automation Guy

Known around here

Sonnie

MTL4

Getting the hang of it

Sonnie

MTL4

Getting the hang of it

duplo

Getting comfortable

MTL4

Getting the hang of it

duplo

Getting comfortable

Sonnie

duplo

Getting comfortable

MTL4

Getting the hang of it

duplo

Getting comfortable

Sonnie