Menu
What's new
By:
Filters Better Search

Connect two networks where one is behind NAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

tnek

New Around Here
Hi!

I would like to connect my home and my office somehow.

  • At my office I have an Asus RT-AC86U and at home an Asus TUF-AX5400, both use Asus Merlin.
  • At my office I'm behind NAT and at home I have a public, but sometimes changing, IP.
My thoughts so far:
  • To solve the changing IP at home I can use the DDNS functionality in the router so that my office location can connect to home.asuscomm.com.
  • Use some kind of SSH tunnel from a computer at my office which connects to my home. It should be able to recover when the home IP changes / connection goes down.

I'm pretty new to that "advanced" (to me) usage of SSH. It would be nicer if I didn't have to involve a computer in the setup, if just the two routers could keep the connection going. Maybe I want to use OpenVPN instead? Or some other method?

Any guidance would be greatly appreciated!
 
Most importantly, do YOU own this business/office, or is this your employer? Because punching holes in their firewall for such purposes is typically grounds for dismissal. Not unless you've got prior permission.

That aside, in principle, either SSH or OpenVPN can create tunnels, although the former offers reverse port forwarding for remote access to specific services, whereas the latter allows general network access at the IP level, so you can seamlessly communicate w/ anything of your choosing (although you can always use the firewall to filter/limit that access).

In the case of OpenVPN above, I'm speaking of a routed configuration. But you can also create a bridged configuration, which means both sides share the same IP network! It's quite literally like running an ethernet cable between the home and office switches, but virtually. It provides for complete transparency once configured correctly. But that assumes a VERY close/intimate relationship between the two sides, such as different departments in the same company, NOT between the employer and individual employees. But since I don't really know what your relationship is w/ this business/office, I thought it worth mentioning.
 
Thanks for helping me! It's my business so we can keep it technical.

Do you know if it'll be enough configuring OpenVPN on the routers or do I need an addition machine? And do you know if that switching (not often, but some days twice) of the public IP will complicate things? (Or can I tell OpenVPN to connect from the office to my home using the DDNS address and it'll keep trying until it reaches it, as there can be some delay between getting a new IP and the DDNS entry being updated).

I guess a routed configuration is the way to go to keep the networks a bit separated. I have some more thoughts/questions but I'll start with the above.
 
All you need is the two routers, each running OpenVPN. Since it's YOUR office, it's also YOUR firewall at work. So it's up to you which side is the client vs. server. When dealing w/ a situation where you do NOT have control of the firewall at the workplace, that typically requires the client to be at the workplace, and the server at home. But again, if you can control both sides, you can do whatever you want. It's probably easier to have the server at work and the client at home. That way your workplace is available from other locations besides your home. And you're more likely to have a static public IP at the workplace.

If the public IP of either location changes while the OpenVPN client/server connection is established, communications will obviously fail at some point, be detected (assuming you use a keepalive directive), and restarted. In the worst case, you can use by OpenVPN client watchdog script to restart the connection is if fails for any reason.

www.snbforums.com

asus rt-ax88u vpn director not connected right after reboot

Hello, i have installed latest asuswrt merlin on asus rt-ax88 router. I have installed a vpn connection as vpn client with openvpn protocol. When i reboot the router or take it from power, vpn director shows vpn connected status but it is not connected and i have no internet connection. Always...
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

F
OpenVPN client not resolving server local DNS names
Replies
9
Views
1K
felixdd
F
B
ASUS RT-AC68U questions regarding non-NAT dual-stack
Replies
5
Views
434
bofh99
B
aquafuzz
Two R7450 Routers w/ separate SSID on one Network
Replies
5
Views
387
coxhaus
C
R
AC68U, v386.11, No internet access through VPN
Replies
0
Views
474
redbird71
R
GShlomi
Two WANs but not dual-WAN, with port-forwarding
Replies
7
Views
466
GShlomi
GShlomi
Similar threads
Thread starter Title Forum Replies Date
P Connect OpenVPN server with Client networks Asuswrt-Merlin 3
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
M Cannot connect to a website Asuswrt-Merlin 5
W Tera Term can't SSH connect to router running Merlin 384, but works when flash back to ASUS stock FW Asuswrt-Merlin 6
D False alert for "Unable to connect to the Internet" Asuswrt-Merlin 3
S some iot devices can't connect to internet after a NAS give a static ip Asuswrt-Merlin 4
D [ASUS AX86U Merlin] Blink Sync Module does not connect (connects to iphone hotspot) Asuswrt-Merlin 0
BobMCT Help with ntwk connect to RT-AC86U USB drive? Asuswrt-Merlin 5
N Solved Unable to connect to VPN server with self-signed certificate Asuswrt-Merlin 0
octopus Solved Can you connect to Wireguard server from wan side? Asuswrt-Merlin 17

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 798 (members: 14, guests: 784)
Top