How can I split my personal network (with WIFI) from my office network?

networking wifi router

VLANS are not needed here !!!

Simply connect the VPN Router's WAN interface to the home router. Since all the Office traffic should be encrypted by the VPN tunnel, no home traffic would have access to work traffic.

The VPN router SHOULD NOT allow you to talk to your home machines when you are only connected to it in this configuration. If it does, your Network Team should be beaten with a bat. All traffic to the VPN router should be routed through the VPN Tunnel.

The only issue you may have is that you might have to disconnect from WIFI when connecting (via wired) to the VPN router or vice versa. Whether or not this is necessary has to do with your home and work's network configuration as well as your OS's interface metrics (can be changed, but beyond the scope of this question).

It sounds as though your current configuration is backwards. Just to clarify:

  • WRONG - [Home Router] -> [VPN Router] -> [Internet]
  • Correct - [VPN Router] -> [Home Router] -> [Internet]

Here's how this would look: enter image description here

Let me address some previous comments

Throwing a firewall at it doesn't help anything. If you are chaining NAT routers off each other, there is no good way to prevent the ones at the end of the chain from talking to the ones closer to the internet. As far as it is concerned, the office network is PART of the internet.

This is mostly a true statement. The VPN router will be able to talk to any other device closer to the internet. However; nothing behind the router will because of the VPN tunnel. The only thing that the devices on the home network will see are encrypted VPN packets.

Purchase two separate Internet connections. Plug your office into one and your home things into the other. No need to over think this one.

This would work..., but is not necessary. We're talking about an encrypted VPN tunnel... Let the VPN do it's business. This IS over thinking it!


Purchase two separate Internet connections. Plug your office into one and your home things into the other. No need to over think this one.

Related

How do I use ufw to open ports on ipv4 only?
Save file after forgetting to open as root / sudo vi [duplicate]
How to dispose of old rack-mount servers?
Is it possible to filter top to show specific processes?
Is there any technical reason why I shouldn't use windows server 2012?
How do I effectively destroy a SSD? [duplicate]
How do storage IOPS change in response to disk capacity?
grep behaving differently on Fedora vs Ubuntu
How to determine a reasonable attachment size limit?
Does my ISP cache the DNS?
Can't SSH into a Vagrant Virtual Machine
Changing the mysql bind-address within a script