Does Asuswrt-Merlin solve doble NAT problem (AC56U)

[funkytwig]

And if so how is it configured. I have a ADSL modem I can use in Bridged mode and was wondering if Merlin is the solution.

I am in the UK so we use PPPoA (which is why using the ADSL modem is Bridged mode does not help.

Edit: Just to clarify I am trying to use the AC56U as a VPN server (with DDNS) which is why I cant use bridge mode (as the AC56U does not suport PPPoE).

I am hoping the Merlin firmware supports PPPoE, allows me to set VPI/VCI and has a working VPN server for the AC56U?

Ben

Ben

 

[hggomes]

You can easily configure it without having double NAT even if your ISP equipment doesnt allow pure bridge mode.

 

[CaptainSTX]

A double NAT situation, if set up correctly, doesn't cause many/any problems that can't be dealt with and it doesn't slow down your connection.

The only thing I have found it difficult to do is set up my ASUS as a VPN server behind another router.

If you set the ASUS up behind your ISP's modem/router in the AP mode then you lose much of the firmware's functionality.

 

[funkytwig]

Sorry, I meant can't use bridge mode because the AC56U does not support PPPoA. This is why I was wondering if Asuswrt-Merlin has PPPoE (and allows VPI/VCI to be set).

I am using DDNS and VPN so this is why I need to sort out the double NAT problem.

There is a much fuller description of what I was trying at http://www.tomshardware.co.uk/answers/id-2788677/link-8817-adsl-modem-asus-ac56u-wierless-router-xln-telecoms.html but wanted to keep this post focused on merlin firmware.

Ben

 

[sfx2000]

A double NAT situation, if set up correctly, doesn't cause many/any problems that can't be dealt with and it doesn't slow down your connection.

Double NAT's are usually not a problem - where things do crop up - Gaming... esp. on consoles like the XBone and PS4 (and earlier models) where ports need to be opened...

 

[mreckhof]

Sorry, I meant can't use bridge mode because the AC56U does not support PPPoA. This is why I was wondering if Asuswrt-Merlin has PPPoE (and allows VPI/VCI to be set).

I am using DDNS and VPN so this is why I need to sort out the double NAT problem.

There is a much fuller description of what I was trying at http://www.tomshardware.co.uk/answers/id-2788677/link-8817-adsl-modem-asus-ac56u-wierless-router-xln-telecoms.html but wanted to keep this post focused on merlin firmware.

Ben

See my reply to your other post on this.

Your issue isn't a firmware issue or limitation.

VPI/VCI has nothing to do with PPPoA or PPPoE. Your issue is that your ADSL modem is most likely not actually in bridge mode. Once it is, if it's all cabled correctly, you would use PPPoE on the ASUS and nothing on the modem (other than ensure your ATM and DSL settings are correct).

This is actually the way I run as well.

Michael

 

[mstombs]

See my reply to your other post on this.

Your issue isn't a firmware issue or limitation.

VPI/VCI has nothing to do with PPPoA or PPPoE. Your issue is that your ADSL modem is most likely not actually in bridge mode. Once it is, if it's all cabled correctly, you would use PPPoE on the ASUS and nothing on the modem (other than ensure your ATM and DSL settings are correct).

This is actually the way I run as well.

Michael

The OP has an ISP that is PPPoA only and the VPI/VCI are important only for the modem. UK often use

• VPI: 0
• VCI: 38
• Encapsulation: PPP over ATM (PPPoA) using VC-MUX

Asuswrt or merlin both support PPPoE assuming the ISP supports PPPoE and the modem is in full bridge mode. If PPPoA only need half-bridge support from modem, or run with double nat+dmz with Asus router with wan dhcp.

Note some UK ISPs also do support PPPoE, even if not advertised, and if the modem can work in this mode then PPPoE full bridge mode will also work with the asus router handling username/password etc. therefore much misinformation out there!

 

[funkytwig]

The OP has an ISP that is PPPoA only and the VPI/VCI are important only for the modem. UK often use

• VPI: 0
• VCI: 38
• Encapsulation: PPP over ATM (PPPoA) using VC-MUX

Asuswrt or merlin both support PPPoE assuming the ISP supports PPPoE and the modem is in full bridge mode. If PPPoA only need half-bridge support from modem, or run with double nat+dmz with Asus router with wan dhcp.

Note some UK ISPs also do support PPPoE, even if not advertised, and if the modem can work in this mode then PPPoE full bridge mode will also work with the asus router handling username/password etc. therefore much misinformation out there!

Thanks for replying. What is half bridged mode? I seems to remember the VPI/VCI is 0/37 (not at site at moment).

 

[mstombs]

It turns out adsl users in NZ have same problem as UK with PPPoA connections, see here for an explanation:-

http://www.webspaces.net.nz/page.php?view=using-half-bridge

I have tried many different modems DLink SpeedTouch etc, there's no common language for 'half bridge', it is sometimes calles zipb, IP extension, 'Assign WAN IP to LAN device'. I ended up implementing my own pure routing method in RouterTech firmware using Linux scripting. The above link also mentions the recommendation in your other thread, but I have no personal experience

http://www.draytek.co.uk/products/business/vigor-120

You must be careful about MTU/MRU, on its own PPPoA can work with 1500, but if you are going to bridge to PPPoA you must lower to allow the addition of the 8 byte overhead. I guess most modems will set 1400 or so to avoid this.

 

[funkytwig]

Interesting. The first article mentions 'use 1:1 static nat + DMZ' but does not say how to implement this. This sounds interesting. But to be honest most of the article is way above my head.

I am actually thinking if I run the DDNS on the ADSL modem not the ASUS router the problems may go away. Was actually thinking of doing this and putting the ASUS in the DMS. I will still be getting double NAT but this should fix by problem as it seems the only real problem with double NAT is getting DDNS working on the ASUS. Or does double NAT also cause a problem for VPM (would I have to do some port forwarding on the ADSL Modem)?

 

[mstombs]

There are DDNS clients that work in double-nat from a router, when they connect to an internet server the real WAN IP is always seen by the remote site, not sure if this can be done from asuswrt gui or scripts needed (Tomato has GUI options), see also

http://www.snbforums.com/threads/ddns-double-nat.23585/

DDNS on the modem would be better for detecting when the WAN IP changes.

You must have the Asus in the DMZ of the modem for router services and port-forwarding (fixed or UPNP) to have a chance of working.

Some VPN endpoints used to need to know the real WAN IP and do not work behind double nat, but there should be modes that do work - but will be messy if WAN IP changes.

Biggest issue for me with unoptimized double nat is that the nat tables and tcp/ip parameters in the modem often lead to modem crashes, much more thought and tuning done to Asuswrt nat handling.

 

[funkytwig]

Thanks for your help. I will post to ASUS forum to see if I can get specific info.

 

[loadbang]

What modem are you using?

 

[funkytwig]

The one that came from ISP is a Technicolour TG582nand I also have a TP link 8819 (alough the reset does not work so I need to be a bit careful. Trying to work out if the Merlin FW gives me mutch of an advantage (its not my router, its a small charity I work for and don't want to risk buggering it up unless there are real advantages).