(probably very) Basic setup new ISP router settings help

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Wuffles

Occasional Visitor
Hi, just found this forum.

Currently running an Asus RT-AC86U running firmware Version:384.13, I've been on various dd wrt or Tomato setups for years and never had to ask a question, so please bear with me, I'm clearly desperate to ask this in public.

Our current setup (and for the past 18 months or so) is bridge mode with our ISP and using a fixed IP on the router on the WAN port to connect to their network. All has been fantastic during that time. However, future setup with the same ISP is to use one of their routers (as we're switching from business connection to residential) and it's thrown me into a spin.

I have zero access to the router they are going to install, and due to the fragile ecosystem of alarms, IP cameras, access points and ridiculous fixed IPs that go hand in hand with an ex IT person such as myself, they have very kindly agreed to disable their DHCP service on their router and will change the router LAN IP to something I have spare on my 192.168.0.* network. This allows me to keep things ticking over nicely on the LAN side, and will, most importantly, allow my OpenVPN connections to continue working.

My plan is to leave everything as it is on the LAN, keep my dhcp and fixed IP clients pointing to my RT-AC86U. The problem I have is figuring out how to set a "default gateway" for the RT-AC86U to point it at the ISP router. I was going to attempt to remember how static routes work, but that won't wash as it's on the same network? Is there an obvious setting I should be looking at? Assuming I just disconnect everything from the WAN port and ignore WAN settings too?

Thank you in advance, hope that all makes sense.
 

taffeys

Regular Contributor
Hi, just found this forum.

Currently running an Asus RT-AC86U running firmware Version:384.13, I've been on various dd wrt or Tomato setups for years and never had to ask a question, so please bear with me, I'm clearly desperate to ask this in public.

Our current setup (and for the past 18 months or so) is bridge mode with our ISP and using a fixed IP on the router on the WAN port to connect to their network. All has been fantastic during that time. However, future setup with the same ISP is to use one of their routers (as we're switching from business connection to residential) and it's thrown me into a spin.

I have zero access to the router they are going to install, and due to the fragile ecosystem of alarms, IP cameras, access points and ridiculous fixed IPs that go hand in hand with an ex IT person such as myself, they have very kindly agreed to disable their DHCP service on their router and will change the router LAN IP to something I have spare on my 192.168.0.* network. This allows me to keep things ticking over nicely on the LAN side, and will, most importantly, allow my OpenVPN connections to continue working.

My plan is to leave everything as it is on the LAN, keep my dhcp and fixed IP clients pointing to my RT-AC86U. The problem I have is figuring out how to set a "default gateway" for the RT-AC86U to point it at the ISP router. I was going to attempt to remember how static routes work, but that won't wash as it's on the same network? Is there an obvious setting I should be looking at? Assuming I just disconnect everything from the WAN port and ignore WAN settings too?

Thank you in advance, hope that all makes sense.
Your question is better asked here as it has nothing to do with Asuswrt-Merlin.
 

ColinTaylor

Part of the Furniture
It's likely that your VPN won't work with your proposed setup. Are you talking about the VPN server or client? What other router "features" are you using?
 

Wuffles

Occasional Visitor
It's likely that your VPN won't work with your proposed setup. Are you talking about the VPN server or client? What other router "features" are you using?
OpenVPN Client only.

I guess I'm trying to keep this Asuswrt-Merlin setup as still effectively my LAN-side router for the clients internally and have it fire everything out to the ISP's router. If it were in a separate network it'd probably be easier for me to figure out.
 

Wuffles

Occasional Visitor
Your question is better asked here as it has nothing to do with Asuswrt-Merlin.
Apologies, I thought this was fairly general network question specifically geared to the settings of the Merlin front end I am using. If a Mod would like to move it, no offence taken. My mistake if that's the case.
 

ColinTaylor

Part of the Furniture
OpenVPN Client only.

I guess I'm trying to keep this Asuswrt-Merlin setup as still effectively my LAN-side router for the clients internally and have it fire everything out to the ISP's router. If it were in a separate network it'd probably be easier for me to figure out.
It sounds like what you're planning to do is connect the LAN port of the new router to one of the LAN ports of the Asus in the hope that everything will still work. Unfortunately the VPN client won't work that way. It is implemented on the assumption that the LAN traffic is being routed through the router (LAN to WAN). In your proposal the WAN interface would be disconnected so this won't work.

Taking a step back, can your requirements be met by just plugging the Asus' WAN port into the new router's LAN port. Sure you would have double NAT, but the VPN client will still work that way. The issue really is if you have anything that requires remote access to your network.
 

Tech9

Part of the Furniture
they have very kindly agreed to disable their DHCP service on their router and will change the router LAN IP to something I have spare on my 192.168.0.* network.

Why do you want their router on your network? If a bridge mode is not an option, run your network in double NAT with your router in DMZ. You had to ask them for DMZ to avoid port forwarding issues. Internal WAN IP address is not an issue. Let them do whatever they want with their router, yours is behind firewall. What the ISP may see is only one device connected to their router - your router. Both VPN server/client will work just fine. You may have to edit by hand some Asuswrt generated client configuration files replacing the internal IP address with your DDNS.
 

Wuffles

Occasional Visitor
It sounds like what you're planning to do is connect the LAN port of the new router to one of the LAN ports of the Asus in the hope that everything will still work. Unfortunately the VPN client won't work that way. It is implemented on the assumption that the LAN traffic is being routed through the router (LAN to WAN). In your proposal the WAN interface would be disconnected so this won't work.

Taking a step back, can your requirements be met by just plugging the Asus' WAN port into the new router's LAN port. Sure you would have double NAT, but the VPN client will still work that way. The issue really is if you have anything that requires remote access to your network.
Yep, missed that entirely. Thank you!
Why do you want their router on your network? If a bridge mode is not an option, run your network in double NAT with your router in DMZ. You had to ask them for DMZ to avoid port forwarding issues. Internal WAN IP address is not an issue. Let them do whatever they want with their router, yours is behind firewall. What the ISP may see is only one device connected to their router - your router. Both VPN server/client will work just fine. You may have to edit by hand some Asuswrt generated client configuration files replacing the internal IP address with your DDNS.
As above, thank you!

My apologies, they offered to put it on the same subnet, I stupidly thought that might be easier as I'd just be forcing LAN traffic that way but you're both absolutely spot on, I completely forgot the OpenVPN client is already routing directly to the WAN port.

I'll request their router be put in a different network (any network other than the 192.168.0.*) and ask that my router be put in the DMZ so we have double NAT.

I couldn't quite get my head around what the settings would be on the WAN side of the Merlin front end, no chance to experiment as I have a house reliant on Internet access and their kit isn't actually here yet to simulate. Assuming this is a simple setup really.

Right, what else have I missed? As far as I am aware there's nothing inbound, but if traffic is routed back to me through the DMZ I can get over minor issues by still forwarding on my router?

Thank you all again.
 

ColinTaylor

Part of the Furniture
There shouldn't be any changes required on the Asus apart from the type WAN connection type. Normally that's set to Automatic IP so that it will get its address from the ISP router's DHCP. You could set that to Static IP and manually set the IP, netmask and gateway if the ISP router's DHCP is turned off. But given the choice it's easier just to use DHCP. There's no reason not to unless the ISP router requires you to statically set it because of putting it in its DMZ.
 
Last edited:

Wuffles

Occasional Visitor
There shouldn't be any changes required on the Asus apart from the type WAN connection type. Normally that's set to Automatic IP so that it will get its address from the ISP router's DHCP. You could set that to Static IP and manually set the IP, netmask and gateway if the ISP router's DHCP is turned off. But given the choice it's easier just to use DHCP. There's no reason not to unless the ISP router requires you to statically set it because of putting it in its DMZ.
Yes, it all came flooding back to me :) - I'll set my WAN IP to an address on their network and all should be fine. They've agreed to the settings mentioned last night, so should all be hunky dory. Back to using a changing external IP again, I've been spoiled.

Thanks all for your help. I'll try not to hit and run on this forum and engage where possible.
 

Tech9

Part of the Furniture
I run my ISP modem/router as a router for 2 reasons:
1. My ISP can do firmware updates only in router mode and they pushed 2 firmware updates so far. I don't mind firmware updates, I've got even SmartConnect feature with the latest firmware. Fancy.
2. The ISP router has 5GHz Wi-Fi enabled and my VoIP connects to it. Same Wi-Fi is used as a temporary backup when I need to update my main router. VoIP is independent this way, it works always.
One important detail - your router must have DHCP reservation on the ISP modem/router. Otherwise you can't have it in DMZ. Most router settings use IP for DMZ, not MAC. This is not necessary only on routers with pre-configured DMZ port.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top