Asus AC68U VPN configuration for allowing the same local network IP range

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

MerlinUser84792

Occasional Visitor
Hi there,
I am trying to setup & configure my home VPN network in the way that I could connect to it with the same IP range as I have with another LAN (192.168.1.X). Currently the IP range for VPN is 10.8.0.X. If I understand it correctly changing the IP range in the advanced settings in the VPN server setup of the router won't work properly, I will just get an error message on the VPN client.
I'd be happy for any help, many thanks!
 

ColinTaylor

Part of the Furniture
What is the VPN client device? Are you just trying to connect a single device to your home network or create a LAN to LAN connection?
 

MerlinUser84792

Occasional Visitor
VPN client device is a Macbook with Tunnelblick. I need the home VPN primarily for remote desktop to my main Windows PC through Microsoft Remote Desktop and NoMachine (both deliver excellent quality of work remotely, but only through LAN). So both - Macbook and Windows PC need to be logically in the same LAN network (in my case 192.168.1.X).
 

ColinTaylor

Part of the Furniture
It's not possible to route between two networks that have the same IP address range. However this is not normally a problem.

Your VPN client will connect to your home network using its public IP. It will then be given a private IP address (i.e. 10.8.0.2). At this point all traffic is routed through this connection. If you enter a 192.168.1.x address there is no conflict because access to your local network has been blocked (unless you're using split tunneling*).

One thing to be aware of with Windows PC's is that its firewall will block incoming connections (like RDP) that aren't from the local subnet. So you need to create a Windows Firewall rule that allows RDP from the VPN (10.8.0.x).

*EDIT: Actually I'm not sure what the default is. If split tunnelling is enabled turn it off.
 
Last edited:

ColinTaylor

Part of the Furniture
UPDATE: I have to correct my earlier statement. :oops:

Checking the Windows Firewall rule I see that it does allow remote connections from any remote address (assuming the PC's profile is Private). I was getting confused with ICMP Pings which are restricted to the local subnet.
 
Last edited:

MerlinUser84792

Occasional Visitor
Hmm, sorry, but I don't really understand how it should work then. If I am connected to 10.8.0.X network, I can't see/reach any of my home devices in the 192.168.1.X network at all. Pinging 192.168.1.1 results in pinging my other router (I am in a completely different physical place currently, where the router also has the same network IP range as at home). So how is this supposed to work then?...Thank you!
 

ColinTaylor

Part of the Furniture
Pinging 192.168.1.1 results in pinging my other router (I am in a completely different physical place currently, where the router also has the same network IP range as at home).
What is the "other router"? Is it the one on the client's local network or your Asus router at home?
 

ColinTaylor

Part of the Furniture
I'm not a Mac user so things might work differently there. Also, what firmware version are you running? I know that the stock firmware doesn't have as many options compared to Merlin's.

I don't have a setup here that can replicate your environment, but I'd guess that the main options to check on your VPN server are "Push LAN to clients = Yes" and probably "Direct clients to redirect Internet traffic = Yes".

How are you checking connectivity to the remote devices? Like I said in post #5 ICMP pings won't work with Windows targets but RDP to an IP address should.
 

somms

Regular Contributor
Hi there,
I am trying to setup & configure my home VPN network in the way that I could connect to it with the same IP range as I have with another LAN (192.168.1.X). Currently the IP range for VPN is 10.8.0.X. If I understand it correctly changing the IP range in the advanced settings in the VPN server setup of the router won't work properly, I will just get an error message on the VPN client.
I'd be happy for any help, many thanks!



This can be accomplished via TAP shown in the OpenVPN server settings exampled above as operating using my AC-86U OpenVPN gateway server...
Incoming connected clients are assigned specified pool 192.168.1.200-220 with max being 8 simultaneous due to custom config...
 

ColinTaylor

Part of the Furniture
This can be accomplished via TAP shown in the OpenVPN server settings exampled above as operating using my AC-86U OpenVPN gateway server..
I suggest you don't do this if you can possibly avoid it. You haven't gone into any detail about where you are situated, but it sounds like you are in an office environment. The problem with TAP is that it creates an Ethernet bridge between your local network and the remote one. This assumes complete trust in the remote network (which the local administrators probably don't have) and can also disrupt traffic on the local network if not properly setup.

The same problems can of course occur with TUN connections but are less likely because of the separation of subnets.
 

MerlinUser84792

Occasional Visitor
@somms


This can be accomplished via TAP shown in the OpenVPN server settings exampled above as operating using my AC-86U OpenVPN gateway server...
Incoming connected clients are assigned specified pool 192.168.1.200-220 with max being 8 simultaneous due to custom config...

HUGE THANKS!!! It looks like exactly what I need!!! :)
Some questions on the setup:
- why only 8 clients?
- is there any reason why you set "Compression" to "None"? I thought it's always a better choice to use it.

Again - many many thanks!
 

ColinTaylor

Part of the Furniture
Different strokes for diff folks I suppose but exclusively using TAP for over an entire decade w/o issue in order to connect remote client routers...YMMV!:D
It's not that it doesn't work, it does. In many ways it's the easy solution. And it's perfect for LAN to LAN setups (i.e. router to router), like remote office to main office, where both ends are completely trusted networks. So it's more a question of what kind of VPN connection is allowed in the OP's local environment and does it compromise security. At one of the places I used to work setting up a personal VPN connection was grounds for immediate dismissal (irrespective of whether it was TUN or TAP).
 

MerlinUser84792

Occasional Visitor
Got a pair of WRT160N's flashed with DD-WRT V24 that work great and support OpenVPN

Different strokes for diff folks I suppose but exclusively using TAP for over an entire decade w/o issue in order to connect remote client routers...YMMV!:D

So I did now exactly the same setup as on your screenshot, the connection works, I got the 192.168.1.200 IP (being at the same time in another LAN with the 192.168.1.2 IP), BUT I still can't see/ping/connect to any of my devices at home =(((. What could be the problem here?.. Thanks again!
EDIT: I am on a very slow Internet connection right now, could it be the actual problem? The VPN connection also drops quite often.
 

MerlinUser84792

Occasional Visitor
@somms
Could you advise please what could be wrong with the setup? Why can't I see/ping/connect to the other devices in my home LAN in the same IP range as my current remote LAN? Many thanks!
 

Mikeyy

Regular Contributor
Is there a solution for this problem without using TAP?

I can connect without issues to OpenVPN Server (AX86U on Merlin Firmware) and I can access Internet without issues.
What I cannot do is access LAN devices on IP's like 192.168.1.130.

VPN server is set to use default setup 10.8.0.0 / 255.255.255.0
Is there a way to set LAN / Route / Statis routes so I can access ALL LAN devices or at least some of them?
 

ColinTaylor

Part of the Furniture
@Mikeyy What types of devices and services are you trying to access? What exactly are you doing and what is the response?
 

Mikeyy

Regular Contributor
Using my Android mobile phone on mobile network with AirVPN Edie OpenVPN app to connect to my router hosted VPN Server.

Router AX86U
Firmware: Asus Merlin 386.2_6
OpenVPN Server settings:
TUN
UDP
Port 1194
10.8.0.0 / 255.255.255.0
Advertise DNS to clients - YES

So, everything is on DEFAULT except "Advertise DNS to clients".

I'm trying to load my IP camera interface in Firefox for Android on my mobile phone. IP camera has static IP which is set to 192.168.1.130.

While I was writing text above, I remebered that I've blocked camera from accessing Internet in Asus WRT GUI.
So I tried to access different device which didn't have it's Internet access blocked and it worked. :)

I should then refrase my question.
Is there a way to access Internet blocked devices via VPN Server setup as above?

EDIT: I should of known @Martineau already solved this here: https://www.snbforums.com/threads/h...outbound-connections.38086/page-2#post-314785
Used that script, world is bright and shiny once again. :)
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top