I would like to connect 2 ipcams via a switch to the RPI 3B+, and use the WiFi to connect to a router (to use the webbrowser etc), and also use the router for VNC
The ethernet is used to send commands to the camera and also watch the streams.
What is the best way to make this possible ?
Can I use the ethernet and WiFi at the same time ? Or do I need to set the switch to 192.168.2.xxx and the WiFi network at 192.168.1.xxx
Or do I need a separate DHCP server ?
This problem can be reduced to make the RasPi a router with an WiFi uplink to the local hotspot/router and connect to a local wired network. It is no problem to use the wired and wireless connection at the same time because you asked it. If you mean to have all devices on the same subnet 192.168.1.0/24 then it isn't possible. For this you have to use a bridge on the RasPi but the WiFi device on the RPi does not support bridging of a client connection. For further information look at Raspberry Pi WiFi to Ethernet Bridge for a server?.
So you have to use routing with two different subnets and because you want to connect to the cams from outside the local wired LAN you cannot use NAT (Network Address Translation) to simplify configuration. You must configure your internet router with a static route to the wired network.
I will show how I would use routing to connect a wired ethernet interface to a remote hotspot via wifi with systemd-networkd. For reference I use Raspbian Buster Lite 2019-07-10 updated with sudo apt update && sudo apt full-upgrade && sudo reboot at 2019-08-25 on a Raspberry Pi 4B. It doesn't matter if there is a switch between the wired devices. I will only show one ipcam. More devices/cams will also work.
Example for this setup:
laptop
wired wifi / wan
ipcam <───────> (eth0)RPi(wlan0) <.~.~.~> hotspot <───> INTERNET
\ / \ ╲
(dhcp 192.168.2.1 192.168.1.15 192.168.1.1
from RPi)
Be sure that you do not use the same subnet for the wired LAN than the hotspot uses. Switch over to systemd-networkd:
# disable classic networking
rpi ~$ sudo -Es
rpi ~# systemctl mask networking.service dhcpcd.service
rpi ~# mv /etc/network/interfaces /etc/network/interfaces~
rpi ~# sed -i '1i resolvconf=NO' /etc/resolvconf.conf
# enable systemd-networkd
rpi ~# systemctl enable systemd-networkd.service systemd-resolved.service
rpi ~# ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
Configure wpa_supplicant with your settings for country=, ssid= and psk=:
rpi ~# cat > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf <<EOF
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DE
network={
ssid="TestNet"
psk="Password"
key_mgmt=WPA-PSK
}
EOF
rpi ~# chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
rpi ~# systemctl disable wpa_supplicant.service
rpi ~# systemctl enable wpa_supplicant@wlan0.service
Configure interfaces with this files:
rpi ~# cat > /etc/systemd/network/04-eth0.network <<EOF
[Match]
Name=eth0
[Network]
Address=192.168.2.1/24
IPForward=yes
DHCPServer=yes
[DHCPServer]
DNS=84.200.69.80 1.1.1.1
EOF
rpi ~# cat > /etc/systemd/network/08-wlan0.network <<EOF
[Match]
Name=wlan0
[Network]
Address=192.168.1.15/24
Gateway=192.168.1.1
DNS=84.200.69.80 1.1.1.1
EOF
Reboot.
To get routing complete working you have to set a static route on your hotspot/internet router so it can find the route for back coming packages over the RasPi to the wired subnet. On most internet router you can set a static route but how to do that varies from model to model. It's up to you to find it out. For example your RasPi wlan0 interface has the static ip address 192.168.1.15. Then on your router the gateway (next hop) is 192.168.1.15, destination network is 192.168.2.0/24 (or 192.168.2.0 netmask 255.255.255.0).
That means for the internet router: "send all packages belonging to subnet 192.168.2.0/24 (wired subnet) to the next router on my subnet, the RasPi 192.168.1.15. It knows where to go on."
