1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Dual router VPN

Discussion in 'VPN' started by davelian, Oct 13, 2019.

  1. davelian

    davelian Occasional Visitor

    Joined:
    Nov 20, 2018
    Messages:
    10
    Hei, Want to create VPN server on on of my asus router but i can't get access VPN router from outside.

    In VPN server i get this messages. The wireless router currently uses a private WAN IP address (192.168.x.x, 10.x.x.x, or 172.16.x.x). Please configure DDNS service before starting the VPN server.

    But when i crate No ip ddns i got the following message.

    The wireless router currently uses a private WAN IP address.
    This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.

    Here's my current setup.








    wan.png vpn.PNG
     

    Attached Files:

  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,595
    Location:
    UK
    Install Merlin's firmware on your router. It has an option for DDNS to work behind double-NAT. Then all you need to do is create a port forwarding rule on your primary router.
     
  3. davelian

    davelian Occasional Visitor

    Joined:
    Nov 20, 2018
    Messages:
    10
    Ok. I've installed Merlin both of them. BTW attached pictures is from VPN router ac66u.

    Sent fra min SM-N950F via Tapatalk
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,595
    Location:
    UK
    If your router is an RT-AC66U (not the _B1 model) then Merlin hasn't updated that firmware for years and the option won't be present. You'll need to use John's firmware instead:

    Untitled.png
     
  5. davelian

    davelian Occasional Visitor

    Joined:
    Nov 20, 2018
    Messages:
    10
    Thanks. Do you have link? Almost 1 A.M here I'll try tomorrow.

    Sent fra min SM-N950F via Tapatalk
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,595
    Location:
    UK
  7. davelian

    davelian Occasional Visitor

    Joined:
    Nov 20, 2018
    Messages:
    10
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,595
    Location:
    UK
    Have you done an nslookup on your DDNS address? Does it match your public IP address as reported by the main router?

    What does your port forwarding rule look like on the main router?
     
  9. TinkerMan0412

    TinkerMan0412 New Around Here

    Joined:
    Oct 21, 2019
    Messages:
    5
    Hey Dave, did you get it to work? I'm asking because I have the same setup, and no matter what I try, I can't get it to work. Read everything on this board that could relate, still, nothing. Can't even ping VPN router from Primary router (router 1), despite existing static route on primary router. Both routers talk to internet, can ping router 1 from router 2 (VPN router). Will post my setup and configs later tonight.
     
  10. davelian

    davelian Occasional Visitor

    Joined:
    Nov 20, 2018
    Messages:
    10
    nope.
     
  11. TinkerMan0412

    TinkerMan0412 New Around Here

    Joined:
    Oct 21, 2019
    Messages:
    5

    Thanks, CT,

    This is my setup Network-Setup.PNG

    I have a static route defined on 10.25.1.1 as follows:

    10.25.2.1 255.255.255.0 10.25.1.2

    Now i think that is incorrect, from reading many comments, and should be referring to entire sub-net, as

    10.25.2.0 255.255.255.0 10.25.1.2

    Maybe I'm wrong. Still Tinkering with it. As you may understood, I'm new at this. I can ping router 1 from router 2, but not router 2 from router 1. I have video cameras connected to router 2, and NVR. I can access them and see video feeds when connected to router 2 (hard wire or WiFi) that's not a problem.

    I feel, that if I get router 2 talking to router 1, it will start "breathing" at least. I turned off firewall on router 2. It serves DHCP to its sub-net, with video cameras and NVR getting static IP's around DHCP.
    Locally, everything seams to be fine.

    Also, do you think I will need to define port forwarding on VPN router (router 2), something I', reading in manuals:
    push "route 10.25.1.2 255.255.255.0"

    Going to play with it today. Started to think to do a hard reset on both routers and start from fresh.

    Many thanks for any help.
     
  12. TinkerMan0412

    TinkerMan0412 New Around Here

    Joined:
    Oct 21, 2019
    Messages:
    5
    Thanks, Dave.

    Still working at this.
     
  13. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,595
    Location:
    UK
    @TinkerMan0412 You will not be able to access anything with an address of 10.25.2.x from 10.25.1.x unless you setup a port forwarding rule on router 2 for each target device because router 2 is NATing everything through 10.25.1.2.

    An alternative (better) method would be to turn off NAT and the firewall on router 2 so that you have a more "traditional" routing setup. Of course you may not want to do this for security reasons if you're trying to isolate the two subnets.
     
  14. TinkerMan0412

    TinkerMan0412 New Around Here

    Joined:
    Oct 21, 2019
    Messages:
    5

    Thank you, CT

    That would be on the WAN side of VPN router. Forward port 1194 to 10.25.1.2. Is that what you mean?
    I will need just one device to be forwarded to 10.25.1.2 side (WAN IP of VPN router), NVR only.

    Thank you.
     
  15. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,595
    Location:
    UK
    If router 2 is running your VPN server and it is listening on its WAN IP address (10.25.1.2) then you just need to forward port 1194 on router 1 to 10.25.1.2.

    My previous comments were just about inter-subnet routing of LAN clients. That's a separate issue to the VPN question.
     
  16. TinkerMan0412

    TinkerMan0412 New Around Here

    Joined:
    Oct 21, 2019
    Messages:
    5

    Thank you, CT,
    I'll try that.