Sign in with
Sign up | Sign in
Your question

Connecting to the VPN Router

Tags:
  • Routers
  • VPN
  • Networking
Last response: in Networking
Share
March 9, 2014 4:02:14 AM

I currently have two routers, one which is primary one (i.e. 192.168.2.1) and the second one is DDT-WRT router which StrongVPN connection setup on it (i.e 192.168.2.31). Both are connected to a broadband modem which has supplied the WAN IP addresses to following,

a) Primary Router (ASUS RT-N66U) - 192.168.2.1
WAN IP : 192.168.100.2

b) VPN Router (Linksys E3000) - 192.168.2.31
WAN IP : 192.168.100.4

The default gateway on both routers is 192.168.100.1

Now the explanation to the setup and issue.

The purpose of setting up a VPN router (192.168.2.31) was connect to it as and when required since my ISP currently does not support services like Hulu, CBS, ABC and other TV services. In wireless mode, the router works brilliantly but then connecting to in wired mode is an issue because the 192.168.2.31 does not communicate with 192.168.2.1. One of the reasons behind this is because the I have limited the IP address pool on the 192.168.2.1 to about 20 addresses the last one being 192.168.2.30. I tried connecting the 192.168.2.31 to 192.168.2.1 via the WAN port and it did not recognize it at all, even after extending the pool of IP addresses. Infact it gave it a different IP address which was not working and only after bridging it did it start working. However I was not able to connect to Hulu since the VPN connection on the 192.168.2.31 ceased to work. Therefore I separated them by plugging them back into the LAN ports of the broadband modem and everything returned back to normal. I tried to see if there were shared settings on the broadband modem but could not find anything.

Therefore, I would like to know if a connection can be established to 192.168.2.31 from 192.168.2.1? And if so, is it simple or would additional hardware be required, something I am trying to avoid? Any help would be greatly appreciated.


More about : connecting vpn router

March 11, 2014 11:18:28 PM

Hmm, I *think* what you’re saying is that you have the same network (192.168.2.x) on the LAN behind both routers. And now you want to route between them via their WAN interfaces. Is that correct?

If so, it can’t be done. It has nothing to do w/ DHCP. It’s the fact that for routing purposes, every network must be unique. Otherwise routing is ambiguous. DHCP is irrelevant because the decision as to whether a given IP address is part of the local network or exists elsewhere is based on the network + subnet mask. Any attempt to reach 192.168.2.1 from 192.168.2.31 or vice versa is assumed to be on the same local ethernet network. And since we know that’s not the case, you’re never going to get a response.

The proper configuration here is to place both routers on the SAME network. The VPN router is configured as a simple switch (no WAN, no radio, etc.) and connected LAN to LAN behind the other router. You then configure the VPN router as always, except now you need to change the default gateway of those devices you want to use the VPN to the LAN ip of the VPN router.

IOW, you’re just setting up the VPN router like any ordinary Linux server that might be offering a VPN service. The only complication is you need a means to force clients to use it rather than the WAN of the primary router. And changing their default gateway is the way to do it. Just make sure the VPN router also changes its own default gateway to the VPN once the VPN is established.


It's also possible to use policy based routing on the primary router to control which devices are forced over the WAN. That might be necessary if the device doesn't allow manually configuring its TCP/IP setting, only DHCP (e.g., internet appliances).
m
0
l
April 1, 2014 3:42:44 AM

are you using 2 routers just to get VPN on demand ? Did you know you can do the same with a single router? Yes a single router can be dual gateway. It can keep you connected to both ISP and VPN routes and yet let you selectively use it as and when needed. One router means, less clutter, lesser cables, lesser power consumption and lesser NAT delays. Yes each router would add its own delay when you cascade them. Keep in mind these routers have small cheap and slow CPUs as compared to your PC or laptop or even your smart phone. If you are interested you can google punchvpn router. It can do all this for you and more. You can even access your router away from home using VPN server mode. Which means as an added advantage, you can secure your net communication when you are using public wifi for no additional cost. Plus if you have VPN provider account, you can reap the benefit of VPN anonymity or simply access the restricted sites even when you are away from home using the remote access feature.
m
0
l
Related resources
October 3, 2014 11:43:36 AM

Hey. I'm living in Iran which has the strongest internet blockage after N. Korea (if they have an internet) :p 
I could help you to bypass any blockage with full speed. Contact me :) 
Skype: Farzam_Barghian
Email: Farzam_b@live.com (send the subject "VPN" so I don't confuse it with spam)
m
0
l
October 3, 2014 4:45:29 PM

FreddyB said:
Hey. I'm living in Iran which has the strongest internet blockage after N. Korea (if they have an internet) :p 

If you really live in iran you need to edit your post and remove everything. You need to completely delete your skype id and get a new one and NEVER give it out to people that you do not trust.

You can get someones IP from their skype name even if the IP changes. Most times that is only a denial of service attack but in your case you have much more to worry about if they see you posts discussing how to bypass the government.
m
0
l
October 3, 2014 5:43:50 PM

It's like a law that no one obeys. For eg the cops won't arrest an underage for posting a pic smoking a cigarette. Even alot of science websites are banned. On the other hand we are under sanctions so we can't use windows weather w.o a VPN ! no google earth, paypal denies Iranian IP and so on...

It's a crime here but a common crime.
m
0
l
October 3, 2014 6:02:04 PM

OK i warned you. Posting your skype id is very stupid thing to do and you can't undo it.
m
0
l
!