VPN - Multi router setup

davidsburnside · May 8, 2018

Hi,

I've been trying to set up OpenVPN (For private internet access) for most of the computers in the house; and to do so at full speed, I've had to use my linux NAS machine as a router/OpenVPN client to be able to get the full 100Mbps.

Currently my setup is Modem > Asus AC68U Router > Linux Router/NAS

My asus router is the DHCP and directs all devices to use the xubuntu machine as a gateway. All working nicely.

However; my AC68U detects all traffic coming from the xubuntu machine. Is there any way for this not to be the case? I would like to be able to use some of the AC68U tools such as QOS, internet blocking etc that require specific device identification.

Cheers in advance

bill001g · May 8, 2018

Not unless you do something on the liinux router to let the identification pass through the nat. If this was a consumer router then it would be best to say it can't be done. The linux one has many more possibilities but it still going to be tricky. First option is to NAT the ip's to more than 1 single ip address. You technically can do 1-1 our setup mulitple pools. You might also be able to use the DSCP fields to tag data. Normally this is stripped off by the ISP but it would still be on the packets between the routers.

Now just because you can do it does not mean this is simple. Most this type of function is done by the iptables under unix and I think a crazy person designed iptables it is very complex.

davidsburnside · May 8, 2018

bill001g :

Thanks for the reply, some food for thought.

Just to be clear; I'm a bit of an idiot when it comes to both networking and linux, so this is a bit of a perfect combo. Unfortunately, I think this is the only solution available to me given the old hardware I'm using.

Anyhow, can you think of any of any easy ways round this?, I've tried NATing from just the asus router, and removing this line from ip tables 'iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE' which I guess is a NAT for the VPN. This just results in no devices being able to access the internet however.

I even tried yesterday to 'double' the VPN, so making the asus router client to anther VPN and trying to NAT from there, removing the line again from the xubuntu router. No joy.

Cheers

bill001g · May 8, 2018

Your problem if you do not run NAT is the asus router is now receiving ip blocks on its lan it does not know how to return. The asus is not actually a router it is a gateway. If only support single lan subnet and translates it into a single wan ip address. To make this work the asus would have to know to route the subent behind you linux machine back and it would have to support running nat on multiple subnets.

What I would try is see if you can make the linux set the DSCP value for each machine as the traffic enters. DSCP main purpose it to identify data streams in a network so it gets the same QoS as it passes. It is removed on the internet because everyone would set theirs to "best" but it works fine in a private network. You might be able to set the marking on the end machines...but last time I tried microsoft was doing something strange and I gave up and set it with the router.

davidsburnside · May 8, 2018

I had a look over the DSCP bits you mentioned and it looks more effort than it is worth really for my home network. I was more after being able to use the Asus GUI so that I don't have to mess around too much with anymore linux bits!

Even though NAT is obviously replacing the source address, ipleak.net is still able to detect my local ip address, so that information must be on the packets somewhere. Just not being seen by Asus router

Search

VPN - Multi router setup

davidsburnside

bill001g

Titan

davidsburnside

bill001g

Titan

davidsburnside

TRENDING THREADS

Latest posts

Moderators online

Share this page