RT N66U with AC86U LAN to WAN connection.

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Brainstorm

Regular Contributor
I have currently got an RT N66U connected to my ISP, with an AC86U downstream connected LAN to WAN. They're about 10 metres apart, and every few days it appears that wireless access gets screwed up and I have to reboot one or the other or both for all 4 signals to begin working again. I've tried them on auto and manually selected wireless control channels, but it doesn't seem to make much difference. Is it possible the wireless signals are interfering with each other? The other issue I have is that if I connect to the AC86U wireless, I can't connect to my printer which is connected to the RT N66U. I'm sure I've seen an answer to that somewhere, and I've tried adding a static route to the N66U which works when I'm not using a vpn, but if I turn on a vpn on the AC86U, it stops working, and once again I can't access the printer.
Also, I note on the AC86U, I can have more than one vpn active at the same time. How does that work? Does it work? Are they prioritised somehow? I'm new here, a friend advised me to give you a try as there was some good expertise in these forums.
 

Tech9

Very Senior Member
Connect your AC86U as main router, it's a much better router. Convert the N66U to an access point. Devices connected to both routers will be on the same subnet and your printer sharing issue will disappear. To avoid interference and maximize throughput - set AC86U Wi-Fi on channels 1 for 2.4GHz and 36 for 5GHz, N66U on channels 11 for 2.4GHz and 149 for 5GHz. Find the best channels for your place, but you get the idea. Use separate SSIDs for the two bands, but with the same name per band on each router. Fix the Wi-Fi first and we'll get to the VPN connections.
 
Last edited:

Brainstorm

Regular Contributor
Hi Tech9. Thanks for the speedy reply. To be honest, I'm playing around here, trying to learn something about IP and routing. I've already tried your suggestions regarding the wifi. What I've found is if I put more distance between the 2 routers, problems are far less prevalent, but still occur every now and again. Symptoms are a lot of my devices can only see one of the routers signals, particularly the 5mhz band, and signals come and go as I'm looking at the available wifi. This happens less when the routers are further apart.
My final config will probably be just the AC86U facing the ISP connection, I have cat5 installed to connect a lot of devices without wifi, but just for testing purposes, I wanted to go LAN to WAN, keeping the router functions on both routers working, creating different subnets, and trying to get things working, to improve my routing/ip knowledge. I've moved the routers further apart, configured the wifi as you suggest. Is there any way I can make the IP/Routing/Printer/Router access work with the config I have? I've tried a few things myself (nothing has worked as I wanted), but whilst I'm testing, rebooting, changing things, my other half gets fairly irate when she's trying to work from home and the internet is going up and down like the proverbial.....so what I really need is fixes I can reverse engineer to work out what's happening..
 

Tech9

Very Senior Member
You may end up with double/triple NAT situation with more issues than your printer. What's the ISP equipment - is it a modem or a modem/router? I believe your AC86U is all you need. Can you see AC86U's WI-Fi networks everywhere inside your home?
 

Brainstorm

Regular Contributor
My internet comes as a cat5 connection, with a 10.x.x.x address, so I've taken your advice and connected the AC86U directly, with no N66U downstream. Everything seems to be working ok. The AC86U is running Merlin firmware, and I'm intrigued to know how having more than one vpn at the same time works. Also, if the ISP is natt'ing, can I turn it off on my router?
 

Tech9

Very Senior Member
My internet comes as a cat5 connection, with a 10.x.x.x address

That's a private IP range. You can use VPN clients, but not run VPN servers. You'll need ports open for your VPN servers on whatever is providing Internet for you. You can't do that on your router. Multiple clients in Asuswrt-Merlin is not a problem, but you need manual IP assignments for your clients and policy-based routing to assign specific clients to different VPN connections, if that's your goal. How to do that is described here, with examples:

 

Brainstorm

Regular Contributor
Thanks Colin.
Using Merlin, is it possible to create policy rules based on domain name rather than ip address?
 

ColinTaylor

Part of the Furniture
With policy rules you have to route by host IP address not domains. See this post for an explanation. However you could use a Merlin add-on like x3mRouting for domains that resolve to multiple/changing IP addresses (like amazon.com).
 
Last edited:

Brainstorm

Regular Contributor
One more question....will x3mRouting work with commercial vpn providers ie ExpressVpn and Nord? I don't want to load it up to find I have to create both client AND server functions... as Tech9 said I won't be able to run a server with my ISP supplied 10.x.x.x address
 

ColinTaylor

Part of the Furniture
One more question....will x3mRouting work with commercial vpn providers ie ExpressVpn and Nord?
Yes, that's what it's designed for. There's no requirement for it to use a local VPN server.
 

Brainstorm

Regular Contributor
Thanks Colin. Looking through some of the forum details regarding x3mRouting, would it be fair to say I could achieve the same results if I used nslookup and added a rule for every ip address I found relating to a particular service? Obviously using domain names is more robust, especially if the addresses are likely to change regularly, but is my theory viable?
 

ColinTaylor

Part of the Furniture
Thanks Colin. Looking through some of the forum details regarding x3mRouting, would it be fair to say I could achieve the same results if I used nslookup and added a rule for every ip address I found relating to a particular service? Obviously using domain names is more robust, especially if the addresses are likely to change regularly, but is my theory viable?
Yes that is correct.
 

Brainstorm

Regular Contributor
Why do you need all this on a router, @Brainstorm? What's the idea?
Tech9. Not sure I should be telling you this, 'cos it's not exactly 'de rigueur', but here goes anyway. I hope you're not the TV/VPN police.....I DO pay my UK TV Licence,,,,,
Due to my job, I'm recently spending more and more time abroad, and I miss my UK TV. I'm currently in eastern europe, long term, and I want BBC particularly, but also ITV, Britbox, Now TV for F1, Disney plus, Prime, Netflix etc...
Each of these hosts has different requirements. I'm using Express and Nordvpn, but Britbox, for example, only works with Express. ITV works with Express Mediastreamer (No VPN connection), NOW TV works much better with Nord than with Express. Disney works with Express Mediastreamer, but if I accidentally log in while a vpn is connected, Disney spots it and it's a long painful process to resolve the issue and log back in. Express UK servers particularly are sometimes very slow, and their access to the BBC was blocked almost a year ago now, and they still haven't recovered. Same with Amazon prime. I can connect, but it buffers. A lot.
I want to watch on my smart TV. I have managed to geo relocate that so it thinks it's the UK (I bought it here), I have a UK Roku stick, and, back in the UK, I have an Amazon Firestick waiting for me which supports UK Expat VPN, which might be the answer to all my problems, (TV related, anyway) but I can't currently get back to the UK to get it.
With the TV, if I switch one vpn off and another one on on the router, the IP address changes but I get DNS exposure. I have to drop the TV wifi and reconnect for the TV IP and DNS to catch up.
I CAN do everything I want. Some things I can watch on laptop or iphone, some I can cast to the TV, some I can watch on Roku, some using the apps on the tv. But it's a LOT of fiddling about.
I'm hoping that if I could route each service by domain name down the WAN, or the vpn it needs to use to work properly, I can set it up and leave it all alone.
And I have a little bit of comms experience and a little bit of Unix experience, I have lots of time on my hands, and I like to play. Dangerous, I know.
I have considered setting up a vpn server at my UK address, but I'm not sure how or if that would work. I wasn't aware that a private ip address would negate that. Would I get anything else from a UK ISP? And also upload download speeds. Currently here I get 500mbps both ways, and it's cheap and fairly reliable, but I'm not sure UK services are anywhere that fast for the price...
 

Brainstorm

Regular Contributor
x3mRouting question....


#########################################################
# Assign the interface for each LAN client by entering #
# the appropriate interface number in the first column #
# 0 = WAN #
# 1 = OVPNC1 #
# 2 = OVPNC2 #
# 3 = OVPNC3 #
# 4 = OVPNC4 #
# 5 = OVPNC5 #
#########################################################
0 192.168.1.150 SamsungTV
1 192.168.1.151 Samsung-Phone
2 192.168.1.152 Asus-Laptop
2 192.168.1.153 iPad
1 192.168.1.154 Lenovo-Laptop

Does this mean I can only route a device to a vpn? I want to route different apps on the TV/Roku to different vpn's, is that possible?
 

ColinTaylor

Part of the Furniture
x3mRouting question....
It's probably best to ask this question in the x3mRouting thread or start a new thread in the Merlin AddOns forum as it's no longer related to the original subject of this thread.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top