[ricostuart]

I've got my wrt3200acm running the latest firmware I could find (Firmware: DD-WRT v3.0-r54248 std (11/29/23)) and have a couple of questions that I hope someone can answer for me. I've been searching as many posts/forums/etc as I could find, but pretty much all info I could find is so out of date I couldnt get to work.

My network setup is currently like the attached drawing.
Now I've been using AdGuard Home on an small Debian s905x device. however I've now been trying to work out running the router through wire-guard using Surf Shark VPN which meant I couldn't run the separate AdGuard dns unit as yet. And I've only just installed proxmox to tinker around and figure it out.

Now the questions I have are:
1. How do I setup the VPN IP tunnel with stability (it keeps cutting out and not reconnecting randomly)
2. How do I setup AdGuard Home to run (which has its own IP) while also running the VPN?
3. My wife uses a work VPN as she works from home. Will this work with all the other stuff?
4. How do I setup to run proxmox on its own dhcp (want to learn how to run opnsense/pfsense) so not not interrupt the primary network? (I will have it connected direct to router rather than the switch)

Eventially how I would like to run the network is:
pfsense/opnsense running 4 networks:
-1 - primary network
-2 - wifes work vpn network for her work laptop only
-3 - IoT network (smart plugs/bulbs, etc)
-4 - Guest network

I want the guest,IoT and the wifes work network to be completly isolated but obviously able to access the web. And the primary network to have full access to everything.

Is this sort of idea feasible? I do have other routers avaiable, etc. The switch is critical for the mesh network, router and adguard as it powers all these devices.

[egc]

I would advise you to go back to the more stable DD-WRT v3.0-r53633

We are transitioning to K6.1 and things are not yet stable.

WireGuard docs are a sticky (first few threads) in this forum.
See the Client setup guide.

You can run any DNS you want regardless if you are using a VPN.
If you use DNSMasq and set a DNS server in the WG interface you will be sure not to have a DNS leak, but you do not have to do it that way.
You can simply use Adguard or SmartDNS etc. but then you can have a DNS leak depending on your settings, you can always solve that manually.

Whether your wife can tunnel her VPN via the WireGuard tunnel remains to be seen otherwise you can use PBR to make an exception for her Laptop or make an exception for specific VPN traffic

This is not the proxmox forum so cannot help you with that (I run Virtual box )