Menu
What's new
By:
Filters Better Search

VPN without NAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

Stephen Becker

Occasional Visitor
I have two houses that each have ASUS routers and I want to make both LANs routeable. The concept is this, setup a tunnel between the routers, add a static route on each router pointing to the other's LAN network, using it's tunnel IP as a gateway. I work with Cisco routers a lot and such a setup would be easy as cake on them.

The two issues I ran into using the factory firmware are
--No way to statically set the tunnel IP address of the client router
--The client router seems to use NAT to access the tunnel, I don't want NAT, I want direct routing

Does the Merlin firmware allow me to make those two changes I would need to make (statically set the client VPN's IP address and disable NAT for the tunnel)?

I read that Merlin adds IPsec support, which would be the easiest, but I don't have static IP addresses and you can't add hostnames to a routing table. Instead I was hoping to use OpenVPN to establish a GRE-like tunnel via DNS lookup, so I can put the virtual tunnel addresses in the routing tables.
 
UPDATE: I updated one router to Merlin and it looks like it will do what I need. I see the Advanced VPN client options now gives you a way to disable NAT. I don't see a way to set a static IP address, but there are "Custom Configuration" blocks on server and client side, so there is probably a way to do it (I believe it would need to be server side because I think OpenVPN does not allow a client to specify its own IP address).
 
If you use a different Common Name for each client, you can also enable the server option to provide client-specific configuration. This allows you to assign a static IP to a given common name, if I remember correctly (I never really looked at that functionality).
 
web said:
How can i change the common name for the clients?
Click to expand...

You have to generate client certificates with different CNs.
 
Use this as a starting point. "client1" would be the CN.
 
You must log in or register to reply here.

Similar threads

F
Solved How to create virtual interface on AsusWRT?
Replies
1
Views
555
Freewill0592
F
E
OpenVPN TAP internet access problem
Replies
0
Views
110
elorimer
E
P
Question on Wireguard tunnel configuration.
Replies
9
Views
470
pkcouch
P
A
Proper use of VPN director
Replies
6
Views
341
kernol
kernol
jetpack42
Correctly using VPN Director?
Replies
2
Views
639
jetpack42
jetpack42
Similar threads
Thread starter Title Forum Replies Date
C VPN doing a lot of unrecognized options without them even being in the config IPV6 issue Asuswrt-Merlin 3
Z Accessing VPN Clients on Router thru Mobile Phone Asuswrt-Merlin 1
Db Major RT-AX88U VPN Server "Others" Page Bug Asuswrt-Merlin 4
A Proper use of VPN director Asuswrt-Merlin 6
L IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot Asuswrt-Merlin 0
G Need help with VPN Asuswrt-Merlin 2
T Wireguard VPN Disable IPV6 Asuswrt-Merlin 0
O Assigned IP address to the WAN interface via VPN director: no internet connection - why? Asuswrt-Merlin 1
A Asus Merlin 388.6_2 VPN-Director Asuswrt-Merlin 5
M VPN FUSION & VPN DIRECTOR Merlin Firmware Asuswrt-Merlin 34

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 654 (members: 21, guests: 633)
Top