Goal: Router 1 with regular connection to ISP, Router2 cascaded from Router1 running OpenVPN client to 3rd party provider. Router cascade will be Router1 WAN to Router2 LAN port. All connections to Router1 (wired and wireless) will have direct connection to Internet. All connections to Router2 (wired and wireless) will have a VPN connection based on OpenVPN client running on Router2. Connected clients (regardless of router) will be able to connect to each other.
The setup is working as desired with one exception. Clients on Router1 can not see/connect to clients on Router2. I can't even connect to the Router2 WebUI while connected to the Router1 network. Searching online indicates my problem is either with my routing rule on Router1 and/or firewall restrictions on Router2.
Setup:
Router1 (RT-AC66u)
WAN IP: ISP Provided
LAN IP: 192.168.1.1
<LAN Port>
|
|
<WAN Port>
Router2 (RT-N16)
WAN IP: 192.168.1.2
LAN IP: 192.168.2.1
My routing rule on Router1 is as follows (set through GUI of Asuswrt-Merlin):
Network/Host IP - 192.168.2.0
Netmask - 255.255.255.0
Gateway - 192.168.1.2
Metric - 0
Interface - LAN
On Router2 (running Tomato Shibby) I've tried several options for firewall, including
i) changing mode from Gateway to Router
ii) allowing Router1 traffic through to Router2 ..... iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT
iii) disabling firewall completely using the following:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Still no luck. Router2 clients can see Router1 clients, but Router1 clients can not see Router2 clients.
What am I missing?
The setup is working as desired with one exception. Clients on Router1 can not see/connect to clients on Router2. I can't even connect to the Router2 WebUI while connected to the Router1 network. Searching online indicates my problem is either with my routing rule on Router1 and/or firewall restrictions on Router2.
Setup:
Router1 (RT-AC66u)
WAN IP: ISP Provided
LAN IP: 192.168.1.1
<LAN Port>
|
|
<WAN Port>
Router2 (RT-N16)
WAN IP: 192.168.1.2
LAN IP: 192.168.2.1
My routing rule on Router1 is as follows (set through GUI of Asuswrt-Merlin):
Network/Host IP - 192.168.2.0
Netmask - 255.255.255.0
Gateway - 192.168.1.2
Metric - 0
Interface - LAN
On Router2 (running Tomato Shibby) I've tried several options for firewall, including
i) changing mode from Gateway to Router
ii) allowing Router1 traffic through to Router2 ..... iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT
iii) disabling firewall completely using the following:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Still no luck. Router2 clients can see Router1 clients, but Router1 clients can not see Router2 clients.
What am I missing?