What's new

Need VPN Solution for Remote usage

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

CaptnDanLKW

Senior Member
I've read a lot of threads but still remain unsure what to use (beside some aspect of VPN) or where to start.

Dual need.
1) I need to access my elderly mom's network as if I was onsite. My RT-AC86U network is configured as 192.168.1.0/24. Their network is 192.168.2.0/24. I need their side to always startup ready for me to 'connect'. My desire is that this tunnel is always up and enabled. I do NOT want any of my devices ON their network, just be able to reach them. Ping, SMB, local HTTP access to the router, Remote screen sharing, etc.

2) I'd like to be able to redirect, one or two devices on MY network, on-demand (controlled in my RT-AC86U as I need) so all their traffic uses their ISP (i.e. On their network). These devices cannot have any software installed on them.

Are these needs mutually exclusive?

Where do I start and what can I do in advance of my visit? It's a 2 hour drive each way so anything I can do to prepare (generate cert on my side, etc...) would help. Likewise, Any configuration there needs to be right the first time while I'm there.

Thanks
 
I've read a lot of threads but still remain unsure what to use (beside some aspect of VPN) or where to start.

Dual need.
1) I need to access my elderly mom's network as if I was onsite. My RT-AC86U network is configured as 192.168.1.0/24. Their network is 192.168.2.0/24. I need their side to always startup ready for me to 'connect'. My desire is that this tunnel is always up and enabled. I do NOT want any of my devices ON their network, just be able to reach them. Ping, SMB, local HTTP access to the router, Remote screen sharing, etc.

2) I'd like to be able to redirect, one or two devices on MY network, on-demand (controlled in my RT-AC86U as I need) so all their traffic uses their ISP (i.e. On their network). These devices cannot have any software installed on them.

Are these needs mutually exclusive?

Where do I start and what can I do in advance of my visit? It's a 2 hour drive each way so anything I can do to prepare (generate cert on my side, etc...) would help. Likewise, Any configuration there needs to be right the first time while I'm there.

Thanks
Not quite sure what you want to do in #2.

As for the remote access, OpenVPN server enabled on mom's router is the way to go. Use a non-std port in OpenVPN, though. Use a PC or other client under your control to remote into her router. I did this with a couple of networks at a not for profit that I managed for years that had AC68U's. Currently, my old AC86U is at a non techie friends house an hour away, unless it snows. I have OpenVPN server running on it so I can help them if needed.
 
I haven't set it up personally, but my understanding is that you can establish a VPN client connection to your mom's router from your router and then use VPN director to route traffic from those clients through the VPN. That should do what you're asking.

If it works the way I think it does I would just create rules for each client you want routed through your mom's ISP and manually enable/disable them as needed.

+1 for running an OpenVPN server on your mom's router. I do that for family members so I can remotely administrate their routers for them. I choose a random port (e.g., 47436) to reduce break-in attempts.
 
Not quite sure what you want to do in #2.

As for the remote access, OpenVPN server enabled on mom's router is the way to go. Use a non-std port in OpenVPN, though. Use a PC or other client under your control to remote into her router. I did this with a couple of networks at a not for profit that I managed for years that had AC68U's. Currently, my old AC86U is at a non techie friends house an hour away, unless it snows. I have OpenVPN server running on it so I can help them if needed.
So for #1, Open VPN Server running on her AC68U. What about the Client? Is that using OVPN Client on my 86U router or a client on one of my devices? It seems if I use my 86U router for the OVPN client, then all my devices and traffic would use her ISP? Also, how do I specify a unique device I want to reach one the tunnel is up? Does every device get a 2nd IP address served by a OVPN DHCP pool? Maybe if I saw what a connected setup looked like (and looked at the routing table) I could better understand traffic flow. I want to be able to reach individual clients on her network when needed but I want all my usual traffic to use my ISP - i.e. default route.

For #2, I have a Roku and Firestick. I need this device to appear to be coming from my mom's ISP so I can use the streaming app. If your device is on their network, access is restricted.

Thanks
 
So for #1, Open VPN Server running on her AC68U. What about the Client? Is that using OVPN Client on my 86U router or a client on one of my devices?
Either.

It seems if I use my 86U router for the OVPN client, then all my devices and traffic would use her ISP?
That will be true unless you change it with rules in VPN director.

Also, how do I specify a unique device I want to reach one the tunnel is up? Does every device get a 2nd IP address served by a OVPN DHCP pool?
Think of a VPN as a virtual ethernet cable linking your LAN to hers. When the connection is established you reach a device the same way you would if you were physically connected to her LAN.
 
I haven't set it up personally, but my understanding is that you can establish a VPN client connection to your mom's router from your router and then use VPN director to route traffic from those clients through the VPN. That should do what you're asking.

If it works the way I think it does I would just create rules for each client you want routed through your mom's ISP and manually enable/disable them as needed.

+1 for running an OpenVPN server on your mom's router. I do that for family members so I can remotely administrate their routers for them. I choose a random port (e.g., 47436) to reduce break-in attempts.
As you describe it, I think VPN Director is probably the key. Of course I don't even know if VPN Director is a Server or Client side thing. I guess just diving in and experimenting is what I need to do.

I was just trying to improve the odds of getting it all correct in one visit, so when I return home, I'd have a clear understanding of the steps for first time success.

Thanks
 
VPN director is set up on your router to send traffic from certain devices (e.g., your firestick) through the VPN. For example, the way I understand it, if your connection to your mom's router is OVPN Client 1 and your firestick is 192.168.1.10, the rule would be something like:

2022-01-07 07_17_03-ASUS Wireless Router RT-AX86U - VPN Director - Chromium.png
 
Think of a VPN as a virtual ethernet cable linking your LAN to hers. When the connection is established you reach a device the same way you would if you were physically connected to her LAN.

My brain is really wrapped around the routing part of this. I am assuming the tunnel is probably a 10.x.x.x network with route rules, each side aware of the LAN address space - thats why I have my network with 192.168.1.0 and hers with 192.168.2.0 - so that when the tunnel is up, there a route table entry for the 192.168.2.0 network in my router.
 
Focusing on the logistics and that two hour drive. (Whatever papers you think you need to bring to the DMV will be the wrong papers and require a second trip.)

You will be setting up a VPN server on mom's router, and connecting to it from a VPN client on your router. You will fiddle with VPN Director so those two devices on your LAN are accessing the internet through the tunnel and out over mom's ISP.

So assume the (slim) possibility you get your router side wrong. You will save yourself a little aggro if you first set up VPN server on your router, and test it outside your network to be sure you can reach it from a laptop outside your network. Then, if you need to adjust the settings for the VPN Client/VPN Director on your home router, you can do that while you are at Mom's, and test it until it works the way you want. EDIT: Also, duh, when you set up the VPN Server on mom's router, you will want to import the configuration to your home VPN Client.

The VPN Server at Mom's will want to have a subnet, and so will your VPN Server. So move your Server's subnet off its default in the beginning (so you don't have a conflict--you already did this with the LANs. Make sure your VPN server is running when you leave, so even if you reboot it will restart.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top