Running a VPN router behind another router/NAT

SNBForums Code of Conduct SNBForums is a community for everyone, no matter what their level of experience. Please be tolerant and patient of others, especially newcomers. We are all here to share and learn! The rules are simple: Be patient, be nice, be helpful or be gone!

VPN Router behind ISP Router

SNBForums Code of Conduct SNBForums is a community for everyone, no matter what their level of experience. Please be tolerant and patient of others, especially newcomers. We are all here to share and learn! The rules are simple: Be patient, be nice, be helpful or be gone!

moebis

Occasional Visitor

I hope somewhere here can help me. I have 2 wifi routers, router1 is the ISP wifi router and most machines connect to it for internet access (192.168.0.1), router2 is my VPN router an Asus AC56U running Merlin 380.69 (192.168.1.1). I’m using time machine and SMB on router2. I want to be able to access router2 (192.168.1.1) while connected to router1 (192.168.0.1). I can’t even get the webui to show up unless I’m connected to router2. Strange thing is when I’m connected to router2 I can access the ISP webui on router1, just not in reverse. I imagine once I get these 2 networks to see each other I can access samba shares and Time Machine backups on router2 when I’m connected to router1. I have router2 setup as a “wireless router” not an “AP”. Oh forgot to mention, router2 WAN port is connected to PORT 1 on the router1. AP mode worked great, but I can’t set it up as a VPN router, plus I like the fact that I have my Apple TV plugged into router2 and it automatically uses the VPN, and when I need a VPN on my computers I just switch to router2 wifi network.

moebis

Occasional Visitor

I forgot to mention that on the ISP router there is no option for static routes. Bridge mode doesn’t work because it IPV6. and if I were to plug in the LAN port to LAN port instead of WAN to LAN to make it a switch, I would lose the VPN client correct?

CaptainSTX

Part of the Furniture

You can get a VPN client to run on your second router by double NATing the second router behind the first. If you want a VPN server it isn’t so simple.

By the very nature of double NATing each router will be in a different subnet making communications between devices on the different subnets tough. As you have discovered 2 can communicate with 1 since the connection on 1 is through a LAN port. The communications from 1 -2 will require some clever routing between the two subnets and probably can’t be done using the GUI.

AX86S – 388.4 Skynet, Diversion. spdMerlin, Connmon, Scribe, scMerlin,uiDivStats, uiScribe, YAZDHCP,VnStat
TP-Link Smart Switches – 802.1Q VLANS
Netgear R7000 – Tomato – (Double NATed behind AX86S)

Wingsfan87

Regular Contributor

What make/model of your ISP router? You sure it doesn’t have static routes? I have this working just fine on my setup. What you need though is static routes to be able to point traffic to the VPN router.

My setup is using Ubiquity USG as my router and ASUS RT-AC3100 as my VPN router handling my client VPN connections. USG sucks for OpenVPN performance so that’s why I use the second ASUS router as a VPN router. Note I am not passing any Internet traffic just LAN only over TUN to access remote LAN’s. I am not using it for connecting to a VPN service like PIA. That would be slightly different setup.

-Main router LAN port to your Asus WAN port.
-Disable firewall on the Asus allows all incoming traffic pass through the WAN to the Asus VPN router.
-Set Asus subnet differently than the subnet of primary LAN (example primary subnet 192.168.1.0 and Asus subnet should be 192.168.2.0)
-Create route rule on primary router for any traffic destined for the Asus subnet. The gateway IP should be the IP the Asus gets from the primary LAN. (example your primary LAN router is usually set to something like 192.168.1.1. And devices get assigned a DHCP address. If possible assign a DHCP reservation for the Asus like 192.168.1.2. Or you can manually set this on the Asus route with static IP in the WAN settings of **.2 with the settings from the primary LAN subnet)
-Once that is set then you need to add static routes in your ISP router for any of the remote subnets you are connecting to. example (remote subnet 192.168.3.0 and remote subnet 192.168.4.0 and point them all the to address of Asus WAN IP as the gateway. Metric is of 2 is fine.
-Connect the clients using the OpenVPN client on the Asus router it should all work.

Running a VPN router behind another router/NAT

I would like to ask for your help with a little challenge I am facing in my home network. While I am somewhat comfortable with networking basics, this issue is proving difficult to resolve and I’m not sure what I’m getting wrong.

I have a small network at home (please see attached drawing here Network diagram ). At the front of the network there is a Google Home Wi-Fi router which connects to the Internet via a cable modem. It is a mesh Wi-Fi network so there are two wireless access points connected wirelessly to the main router. As there is only one WAN port and one LAN port on the router, I have a network switch attached to it, with a few additional devices hooked to the switch.

The Google home router is also the NAT and the DHCP server. Let’s say it’s LAN IP address is 1.1.1.1 with subnet mask 255.255.255.0. It is handing out IP addresses in the range 1.1.1.50–1.1.1.250.

I recently purchased a VPN router with the intention of using it as a VPN server on the network and configuring it so that I can access my home network and the resources on it remotely. I have been trying to configure it for a couple of days now and I am not sure what I am doing wrong but I am unable to access the VPN Router and it’s admin panel from computers hooked to the main network. I can only access it when I connect directly to the VPN router via an ethernet cable on one of its LAN ports. I tried connecting the router to the switch via its WAN port, via its LAN ports, via both at the same time. I tried disabling the DHCP server on the VPN router and manually giving its LAN IP 1.1.2.1, I tried setting it up as a DHCP relay too – no luck at all. Still cannot see it on the network unless directly connected to one of its LAN ports.

Could someone kindly describe how I am supposed to connect the VPN router to the main network, and how i am supposed to configure it and the network, so that it stays behind the Google home router but I can discover it and access it from other devices on the network? Please note that I am aware I need to set up port forwarding on the Google Home router once everything works correctly for me to be able to access the VPN service remotely. However, I am not even at that point yet.

Edit: First success: Enabling remote access to the GUI and accessing it on its WAN IP worked! Thanks! Now I can leave it alone in the cupboard and configure it comfortably.

I still need to realise the main use case which is to be able to access what is on the main network remotely – everything connected to the switch that is hooked to the Google router, such as the NAS. What configuration would I need to be able to do this? I guess I need to hook the VPN Router to the switch on the LAN port in addition the the WAN? And do I disable DHCP on the VPN Router… or do I have it run as a DHCP Relay? Also, if it is connected to the switch via LAN, shouldn’t it receive an IP address from the Google DHCP and shouldn’t I somehow be able to access the GUI on that LAN address too?

| Vpn | 0 Comments

Setup vpn router behind another router

Running a VPN router behind another router/NAT

VPN Router behind ISP Router

moebis

Occasional Visitor

moebis

Occasional Visitor

CaptainSTX

Part of the Furniture

Wingsfan87

Regular Contributor

Running a VPN router behind another router/NAT

Leave a Reply Cancel reply