First I add that some of these replies need clarification.
There are two kinds of overlap, one is channel overlap where the frequencies overlap, and the second being signal overlap.
You MUST have signal overlap for all devices to have coverage in all areas, or even most devices in most areas.
Secondly, there are various schools of thought for frequency overlap and some manufacturers even suggest putting all APs on a common channel. In the case of roaming IP phones this case becomes even stronger as a phone may hop across APs while in a call. This of course depends much on the hardwae of the phones and antenna placement and design.
Let us assume that we had a large open area that we wanted wifi coverage in. Now lets take a pole and place it in the middle of the area. Now we place 4 directional 90 degree antennas on the pole, each 90 degrees from the other . In this situation one may make a strong case for having all APs on the same channel to facilitate roaming. In theory there is little signal overlap but all frequencies overlap.
Now we have an open area with walls on four sides. and place an AP on each of the four walls. The signals WILL overlap from each of the 90 degree antennas , so we may want to consider using separate non overlapping channels on each AP , however there are only 3 non overlapping channels. 1, 6 , and 11. So instead we do the best we can in North America this might be 1, 4, 7, and 11 , each AP having SOME necessary frequency overlap. Of course in a perfect world this might be better accomplished with three APS in a triangular configuration.
In my home I have toyed with APs on Same channel and separate channels and in the end I see little coverage difference., I do see however that some devices such as wireless IP phones can more easily hop to another AP while in a phone call. I see that in most areas I do not have more than 2 overlapping signals and each on channel 4 at present. As I sit here I can launch wifi seeker on my android and see either of the 2 available APs and even connect to either. This of course is easier to test with separate SSIDs but more practical to use common SSIDs fopr everyday use.
VLANS are not needed here !!!
Simply connect the VPN Router's WAN interface to the home router. Since all the Office traffic should be encrypted by the VPN tunnel, no home traffic would have access to work traffic.
The VPN router SHOULD NOT allow you to talk to your home machines when you are only connected to it in this configuration. If it does, your Network Team should be beaten with a bat. All traffic to the VPN router should be routed through the VPN Tunnel.
The only issue you may have is that you might have to disconnect from WIFI when connecting (via wired) to the VPN router or vice versa. Whether or not this is necessary has to do with your home and work's network configuration as well as your OS's interface metrics (can be changed, but beyond the scope of this question).
It sounds as though your current configuration is backwards. Just to clarify:
- WRONG - [Home Router] -> [VPN Router] -> [Internet]
- Correct - [VPN Router] -> [Home Router] -> [Internet]
Here's how this would look:
Let me address some previous comments
Throwing a firewall at it doesn't help anything. If you are chaining NAT routers off each other, there is no good way to prevent the ones at the end of the chain from talking to the ones closer to the internet. As far as it is concerned, the office network is PART of the internet.
This is mostly a true statement. The VPN router will be able to talk to any other device closer to the internet. However; nothing behind the router will because of the VPN tunnel. The only thing that the devices on the home network will see are encrypted VPN packets.
Purchase two separate Internet connections. Plug your office into one
and your home things into the other. No need to over think this one.
This would work..., but is not necessary. We're talking about an encrypted VPN tunnel... Let the VPN do it's business. This IS over thinking it!
Best Answer
Considering that most warehouses I've supplied IT services into are full of metal racking, all kinds of goods and badly shielded power lines, I don't think that a wireless mesh would make me super happy if reliability was important and I certainly wouldn't be looking at the sort of... uh, under-specified shall we say... wireless implementations that appear in most SOHO routers if I wanted to implement WDS and count on it working because my users were trying to do stock control with it, not just read their email and dilbert on the move.
I'd look at a more formal wireless "mesh" system with wired access points - you have to run cable of some kind to every place you want a wireless access point because you need to power the SOHO box, so why not run a network cable instead. and use decent wireless access points that support POE?
-- edit to address comment --
I assume by a wireless mesh (and you mention WDS) you're talking about access points that act as both local access points to their area and repeaters to spread to signal to other wireless access points? With only the access points at some of the "edges" connected to the wired network?
When I talk about a mesh system I'm thinking more about systems like the aruba / trapeze (who have apparently been purchased by juniper since I last looked, hmm...) / meru (& other vendors are out there too) system where, yes, you have an ethernet backbone with WAPs connected to it with some kind of centralised management system (most of them use a dedicated "wireless controller" appliance) to handle how the WAPs integrate with each other & any authentication system you implement to provide good coverage and seamlessly hand off client devices to each other as the user walks around.
I've implemented both the aruba and trapeze systems campus wide in education (large indoor sports halls are like warehouses in terms of delivering wired and wireless services, without the racking issue but with the added problem of people hitting the WAPs with balls or whatever in the course of sporting events), and advised / helped people implement them in business areas, including warehouses. These sorts of implementations are obviously more expensive than a bunch of SOHO WAPs, but if "works reliably" is more important than "doesn't cost much" then its money well spent.