Thank you ;-)

Simple bridging would not work as bridging two WAN connections would not automatically load balance or fail over. There is a package called MWAN3 for openwrt which does this on the ip layer. Alternatively you could use scripts on the router which check periodically if the interface is down and then change the routing table...

@@OneMarcFifty Hi Marc,Thank you for your valuble inputs.I just tried to look up for MWAN3 as you mentioned,the search returned with unkown package.However,I just skimmed through the documentation for mwan3 package and it all sounds 👽 stuff for my hospital pharmacist brain.I will try to read and comprehend as much as i can see if i can install it all by myself. Apart from that,i have a small doubt about bridging. Lets say if i managed to bridge both wans without installing MWAN3 (a wireless and a wired on openwrt) So,when i use the internet which one will be used taking load balancing failover etc out of the equation? both of them simultaneously? Thanks in Advance.Much appreciated for taking your time. Subbed. :)

If you bridge both then still both would have their own ip address and hence their own route. If you type ip route then you would see which interface would be preferred. If you down one then the other one would be taken. That behavior would be exactly as if you did not bridge because your interfaces most probably are set to Dhcp. But if you set them to e.g. unmanaged then they would not have an ip but no gateway neither. Trust me, bridging is not the way to go on Wan interfaces unless of course you would bond to a vpn - then you could bond the vpn interfaces on layer2. If you want to talk this through, feel free to join my discord server on sunday 9 AM or 6PM Berlin time ;-) there aren‘t too many people at the moment so probably plenty of time to talk through your use case. PS: thanks for subscribing 😉

Having said all this, I can see from the comments that there is a great interest in improving internet connection up time and availability. The way I have done this in the past was by using scripts and manual fail over. I will give it a thought how to bring things together (the VPN bonding, MWAN, scripts, etc.) and maybe deliver something around this in the form of a video. But it's going to take a month or two...

Thank you! I am glad you like it.

Thanks mate - yes, I’ve given up on the 3 minutes series a long time ago ;-)

Well - it depends - you would need to first evaluate if your devie needs internet access (if it doesn't then you can confine it in a zone that does not have access, e.g. the IOT zone) - but probably more importantly w/r to Chromecast you would want the device to be announced in other network segments so you might need something that mirrors mDNS and zeroconf accross the segments (Avahi and smcroute or the like)

You definitely don't want them to be accessible outside. This is a security measure. There are a lot of cases of hacked cameras. Use VPN to connect to your lan from outside, and connect to cameras this way.

Makes sense. But on the other hand - connecting each time to vpn when you want to quickly check your cameras might be a little bit tedious. Especially if there are other users. Definitely, it’s a choice of security vs comfort. I decided just to make a very strong point password which even I don’t know :)

No. The firewall distinguishes between existing connections and new connections. So an established connection from lan to iot can be answered but no new one can be made in the opposite direction.

@@OneMarcFifty thanks for the reply! i have a question again if you dont mind me asking. is the archer c7 enough to be a router, firewall, and wap? or should i just use it as a router and firewall

@@MysterPotato70 I am using it for all of these, but please keep in mind that the Archer only has 1 CPU. If you want something more powerful, I am currently testing the D-Link DIR-2660 - if you're not in a hurry wait 2-3 weeks and I will make a comparison video ;-)

Thanks @@OneMarcFifty!! I look forward to watching more of your videos.

Hi Marc, nice, clear video! I have a similar question about hardware... if you look up VLANs on KZbin, the hardware which is most frequently mentioned, is Ubiquiti. Their kit is nice, but expensive. Can you set this up with any decent router/mesh router, connected to a managed switch? Any hardware recommendations?

Hi, in all honesty - that's probably not one of my best videos. I tried to squeeze a complex thing like VLANs into three minutes - have you watched my other videos on the matter ?

Thank you for your feedback. Well, it depends on what you have as IOT devices and what scenarios you want to cover. Malware/Ransomware mitigation through segregation is one aspect. I have roughly 20+ devices in my home that don't need internet access. They do need services from the internet of course, such as my word clock needs the current time - but it's getting that from the ntpd daemon on my router. My ESP8266 based tasmota devices which water my lawn don't need internet access - they need a middleware - which in my case is MQTT, running on my router. You are silently assuming that every IOT device is cloud-connected, but that's not necessarily the case. An important second aspect of this setup is privacy and keeping control of your own data.

@@OneMarcFifty Fair enough, you're also catering to IOT devices of a... less than commercial origin, in which case local-hosting (MQTT, whatever) is a nice reality. Thanks for clarifying!

@@OneMarcFifty Is there feature(s) in OpenWRT to allow / not-allow WAN/internet access based on, say, MAC-address?

Yes you can. In the traffic rules section there is an advanced tab where you can specify the source MAC address