Setting up VPN/VLAN and Dual NIC

[Sonnie]

Here are the diagrams for both networks. I have an extra TP-Link ER605 1G Router that is not being used and a few other unmanaged switches.

I thought installing Wireguard on the Omada OC300 Controller would be the way to create the VPN, and use my domain name to access the VPN network.

 

[The Automation Guy]

Because you have isolated the camera network physically, there is no need to use a VLAN for this and therefore you don't need a managed switch at the gate location. (This is assuming the wireless AP at the gate is only going to be used for a wireless camera and not other non-camera related data).

I see you have the second NIC in the BI machine acting as the "bridge" between the two networks. This is exactly how you would expect to handle it. Just make sure both networks (camera and everything else) are on two different network address subnets. (Perhaps cameras on 192.168.0.X/24 and everything else on 192.168.1.x/24).

 

[Sonnie]

Yep... right now the Internet network is on 192.168.0.x and the camera network is on 10.11.12.x

 

[MTL4]

Here are the diagrams for both networks. I have an extra TP-Link ER605 1G Router that is not being used and a few other unmanaged switches.

I thought installing Wireguard on the Omada OC300 Controller would be the way to create the VPN, and use my domain name to access the VPN network.

Your setup diagram looks great and wireguard for the VPN would also be a great choice for quite a few reasons.

This should help with the VPN setup on the Omada controller:

https://www.reddit.com/r/TPLink_Omada/s/vKKX40UlMU

From the diagram one suggestion is that you could switch over to multimode fiber on the SFP+ ports to make your life a bit easier (fiber is easier at 10G+ IMHO) but again both can work so it’s not a dealbreaker either way.

 

[Sonnie]

So I can switch from singlemode to multimode without running another fiber cable between media converters?

 

[MTL4]

So I can switch from singlemode to multimode without running another fiber cable between media converters?

I was think more about the 10G port connections on your internet network between the internet, switches and your router. The links are treated separately since they all terminate at the SFP ports and are then translated into digital data on each end. So you could run single mode on one and multi mode on another and copper on a third and it would function just fine. You must run the same converter type (SFP/SFP+, SM/MM/copper) on each end of the connection and it also must match the cable/fiber type you’re using on that connection or they won’t be able to communicate with each other.

 

[duplo]

So I can switch from singlemode to multimode without running another fiber cable between media converters?

No !
You made the mistake to run only ONE singlemode fiber back then (from my understanding). Now you have to stick to singlemode fiber. Most easy way is to use a converter, like you already do.

If the "cable" is a multimode fiber, then it could be possible to get over it. But fiber is not easy to handle, so most easy way is to use 2 fibers and SC duplex plugs.

You can try to get SFP+ module for singlemode , but they are rarely, expensive and it must be compatible with the switch !


Because this is going back and forth..

Your plan will never work. You need vlans for "somehow" isolation or just put everything into one physical network and use different ip ranges with static ips

What people here not understand
You cannot isolate the cams because there is a wifi acces point and in the other thread you told that the gate controller needs lan connection.

 

[MTL4]

Your plan will never work. You need vlans for "somehow" isolation or just put everything into one physical network and use different ip ranges with static ips

What people here not understand
You cannot isolate the cams because there is a wifi acces point and in the other thread you told that the gate controller needs lan connection.

Go back and read the thread. That access point is POE power only, no data (and thus no VLANs needed). His plan is perfectly fine.

 

[duplo]

Who needs an access point without any data (poe only) ? Wtf just unplug it.
What are you talking ?

 

[Sonnie]

What people here not understand
You cannot isolate the cams because there is a wifi acces point and in the other thread you told that the gate controller needs lan connection.

The gate installer said he would likely install a Bluetooth module to operate the gate, or we could use a mobile app. I don't believe the WiFi AP will be needed for "Internet" connection. It would only be to communicate with the keypad functions and keypad camera (if even that).

 

[duplo]

This will be a ready solution aka intercom device.
If there is a camera and mobile app, its just a cloud device which needs internet.

 

[MTL4]

The gate installer said he would likely install a Bluetooth module to operate the gate, or we could use a mobile app. I don't believe the WiFi AP will be needed for "Internet" connection. It would only be to communicate with the keypad functions and keypad camera (if even that).

Most gate controllers are designed to not have internet access since the gate could be a large distance from any utilities (some even use solar power with battery backup). You’ll be fine.

 

[duplo]

Most gate controllers are designed to not have internet access since the gate could be a large distance from any utilities (some even use solar power with battery backup). You’ll be fine.

So the gate has a keypad with camera, which can be controlled with an app.

this works without internet ? over bluetooth ? ahaha

are u sure ? and what function has the keypad camera ?

 

[Sonnie]

Just hung up with my gate installer. The plan was to use cellular, but he has pretty much talked me out of it. Not only have they doubled in annual cost (about $600 annually for the number of users we need), but the cellular app is inferior to MyQ, which is free and what he uses on his own gate and recommends I use. It requires Internet to the switch. It does use Bluetooth to signal the gate controller, etc, but if I want to control the gate when away from home, I have to be able to connect to it through the Internet.

Ugggghhhhh!

Soooooooo... guess I will need to use the dual vlan method or some other method of security.

The dual NIC is not a waste because I wanted a 2.5G NIC in this computer anyway.

I assume I will still need a Wireguard VPN. Is there a tutorial here on setting up dual vlans? Can anyone use the network drawings I provided and show me the best way to route everything?

On another note... the AP at the gate is not needed for anything... it is of no use at the gate.

 

[MTL4]

Plenty of ways to control the gate locally (RFID, Bluetooth, app on BI PC, etc) but if you absolutely need to use the MyQ app then it would need a data line to your main network. Do we assume that the gate installer also wants to connect it to other devices back at the house too? Garage doors? Keypads? Intercom? It might be nice to have a diagram with those connections as well so we can see how it needs to fit together.

 

[Sonnie]

Bluetooth will only be used at the gate, but we have to be able to communicate with the Bluetooth.

The remotes are synced to our vehicle openers or used as they are. We don't have any garage doors... just a carport. I robbed our garage for the AV/Theater room.

The MyQ app allows us to open and close the gate when we are away from home. It's proven to be the least buggy app to handle the job.

If there is another way to do it without Internet to that switch and without having to jump through fifty-eleven hoops to make it work, I'm happy to hear about it.

 

[tech_junkie]

If there is another way to do it without Internet to that switch and without having to jump through fifty-eleven hoops to make it work, I'm happy to hear about it.

Set up the AP at the gate as a wireless client connecting to your wireless network and connect that ethernet to the gate controller.

 

[Sonnie]

Set up the AP at the gate as a wireless client connecting to your wireless network and connect that ethernet to the gate controller.

I'm not following ... we'd still have to have Internet at that switch, would we not?

Wireless won't reach from the house to the gate... 1250ft... if that is what has to happen.

 

[duplo]

Still no idea what you are planning.

You try to avoid internet on the outdoor switch to add security for whatever reason. then you have this outdoor switch without any security. someone just go there, plug in network cable and have access to your camera system. port security not available. lol

then you have @tech_junkie recommend you a wifi client setup to connect to your house wifi 1000ft away. also wifi is so reliable, why not use it when have cable connection. lol

then you have this gate controller with needs internet to work, but @MTL4 recommend you a dumb gate controller which opens over bluetooth/rfid/keypad. if someone is in front the gate you drive 1000ft there to open it. lol

but you avoided internet and have dual nic setup.

applause !

 

[MTL4]

Bluetooth will only be used at the gate, but we have to be able to communicate with the Bluetooth.

The remotes are synced to our vehicle openers or used as they are. We don't have any garage doors... just a carport. I robbed our garage for the AV/Theater room.

The MyQ app allows us to open and close the gate when we are away from home. It's proven to be the least buggy app to handle the job.

If there is another way to do it without Internet to that switch and without having to jump through fifty-eleven hoops to make it work, I'm happy to hear about it.

MyQ is a good app for consolidating all your door opening devices including the gate but the important thing here is what else besides the gate are you looking to control? Keypads? Doors? Video/audio Intercoms? Other stuff? Then where are all of these located? The previous camera network diagram was done up assuming you wanted to isolate the cameras and didn’t need to bring your main network to the gate. I think going forward it would be very important to have a plan on exactly what you want to in order to find what solution works best for you.

You had asked about options for making the gate controller work so if you just need an internet connection at the gate to use MyQ you could use something like a cellular modem (netgear LB1120) with a simple VPN/firewall (if you already have a cell, they usually have very cheap data only sim cards available). If you want to tie into your main network then obviously there are other options like wifi bridging (need line of sight for that distance), running a second fiber connection (accessibility? cost?) and of course managed switches at both ends with VLANs (adds bit more complexity to your home network but absolutely doable and possibly preferable due to your existing infrastructure). Again I’d suggest to draw up a plan of what you’re looking to do first before deciding on how best to solve it.