I work from my home home office and have a VPN router to my company. I share the same network for my personal and office use. I have a WiFi Access Point, I don't want access to any of my company servers from WiFi for security reasons.
Currently all IP traffic is commingled, and I would like to separate it. Can anyone suggest an affordable configuration, keeping WiFi and Internet access for my personal use, and creating a different network (limited access) for my office use (no WiFi, VPN).
Best Answer
VLANS are not needed here !!!
Simply connect the VPN Router's WAN interface to the home router. Since all the Office traffic should be encrypted by the VPN tunnel, no home traffic would have access to work traffic.
The VPN router SHOULD NOT allow you to talk to your home machines when you are only connected to it in this configuration. If it does, your Network Team should be beaten with a bat. All traffic to the VPN router should be routed through the VPN Tunnel.
The only issue you may have is that you might have to disconnect from WIFI when connecting (via wired) to the VPN router or vice versa. Whether or not this is necessary has to do with your home and work's network configuration as well as your OS's interface metrics (can be changed, but beyond the scope of this question).
It sounds as though your current configuration is backwards. Just to clarify:
Here's how this would look:
Let me address some previous comments
This is mostly a true statement. The VPN router will be able to talk to any other device closer to the internet. However; nothing behind the router will because of the VPN tunnel. The only thing that the devices on the home network will see are encrypted VPN packets.
This would work..., but is not necessary. We're talking about an encrypted VPN tunnel... Let the VPN do it's business. This IS over thinking it!