Subscribe now and choose from over 30 free gifts worth up to £49 - Plus get £25 to spend in our shop
There is often some good home IT advice on this forum, so I thought I would see if anybody has any good suggestions.
I have a wifi router connected to internet which I want to keep and leave configured with the default settings, broadcasting SSID#1.
I would like to get a wifi range-extender/boost (or something) that would connect wirelessly SSID#1, so that clients would connect directly to the router if in-range, but roam seamlessly(?) to the extender otherwise. The internet router would be the DHCP server in both cases.
Also, I want the extender to broadcast a 2nd SSID, which would have separate DHCP and route traffic via a LAN port (in this case, to a Pi-VPN, which would route the traffic back to the extender, then wirelessly via SSID#1.
What I am trying to achieve is the best performance on SSID#1, with the ability to have a "secure" connection by connecting to SSID#2.
It feels like this should all be possible and not too difficult, but looking at instructions for various range-extenders and APs I can't work out the best way to do it.
I’m no expert on this. I have a mesh (BT whole home) which allows a main network & a guest one. Both can have a separate password, or leave the guest one open. With it being a mesh, once on either network you can then seamlessly move around. Would this work?
I extended my Wi-Fi with multiple routers and range extenders, both with shared and separate SSIDs. It was a monumental pain.
I got a mesh setup (bt basic with wired back haul). It was and is fantastic. Easy to setup, works perfectly, no bother. Really just ace!
By secure connection do you just mean not having anyone on SSID1 able to see anyone on SSID2? If so there are probably easier ways to do what you want such as the guest network on a mesh system for example. The whole pi-VPN thing sounds like a nightmare 🙁
The problem with multiple ssid, is that most devices will connect to the first one and then refuse to give up that connection until it is well and truly gone. So if your networks overlap then you will find that your phone or laptop will still be connected to the weaker signal, despite a stronger one being available (IME). What's the purpose of the pi-VPN?
Thanks all, it doesn't sound like it would be as elegant as I had hoped. Will have a deeper look into mesh.
The pi-VPN (i.e. wireguard) tunnels back to another server - so I can either connect to the server, or breakout to the internet depending on which SSID I use. (the correct approach is to just have the VPN client on the end device, but I can't do this on some of the IOT devices I want to use)
In the absence of other suggestions you might be able to do something like this with pfsense running on a old pc as your router but it really needs a second nic and you’d also need a vlan capable switch and a couple of ap’s if your running into coverage issues.
Have a primary vlan for non vpn and a second vlan where the default route is via the pi-vpn trunk those to the ap’s and define separate ssid’ S for each vlan. That would manage the ap roaming challenge.
I guess you’d either need multiple Inc’s on the pi or vlan capabilities to handle the in bound / outbound traffic.
But I could be miles out
Thinking about it I believe you can configure VPN’s within pfsense, I know I have one setup for inbound connectivity to my network, I’m less clear about having one as an outbound route but quite sure I’ve read about it as it’s needed fore site ti site configs that migmake things easier to configure.
It would also open up the options of wired and non wired IoT devices using the vpn if needed.
Sounds like a VLAN set-up which requires some reasonably powerful networking gear (a managed switch) and more in-depth knowledge than mine. (The switch would be between the router and the wi-fi is as much as I know).
Yep sounds like you need 2 vlans, the first bit with extender is easy get 2 mesh modes set to AP mode.
I think some cheaper tp link managed switches can do separate vlans. You'd then have a another WiFi node connected to the switch via ethernet. The 2 vlans wouldn't be able to see each other but they'd both connect to the Internet via your main router.