[SOLVED] Adding VPN router

[SharpTJ11]

So I'm forced to use a Cradlepoint router with "WiFi as WAN" to maintain internet access to my house. The internet is supplied my various 4G devices.

I have a Netgear R6400/AC1750 router which will have OpenVPN set up on it with NordVPN.

I am having a hard time getting the router up and running. Here is how I have it set up like this right now.

https://imgur.com/a/OslQFcG

View: http://imgur.com/a/OslQFcG
Router 1 WAN is external IP
Router 1 Gateway is 192.168.0.1
Router 1 IP is 192. 168.0.1/24


Router 2 WAN is 192.168.0.4
Router 2 Gateway is 192.168.2.1
Router 2 IP is 192.158.2.2/24

An I on the right track?

 

[nigelivey]

Does router 1 have a VPN passthrough function? Failing that can you put the 192.168.0.4 address in the DMZ of router 1?

 

[bill001g]

Other than the typo in the r2 ip it should work. Always make it work without the VPN before you set up the vpn.

Nord should have examples of how to setup the router. You have to be careful to select the correct combination of options for things like encryption and key exchange. Some combinations are not supported but they likely have examples of the ones that work best on their systems.

 

[SharpTJ11]

Does router 1 have a VPN passthrough function? Failing that can you put the 192.168.0.4 address in the DMZ of router 1?

Router 1 is an old MBR95 and I don't think it has pass through...

 

[SharpTJ11]

Other than the typo in the r2 ip it should work. Always make it work without the VPN before you set up the vpn.

Nord should have examples of how to setup the router. You have to be careful to select the correct combination of options for things like encryption and key exchange. Some combinations are not supported but they likely have examples of the ones that work best on their systems.

Yeah, I can't get it to work without the VPN... I can on same subnet, but not once moved to the "2" network

 

[bill001g]

It does not need pass through when you use openvpn. That is the reason people use openvpn it uses tcp. The pass through is for stuff like ppp or ipsec. Those use protocols other than TCP or UDP so router need special support.

I guess if it works with the VPN it is all that matters.

Router behind router is run all the time by people. You just pretend the first router is in the ISP network. As long as the wan and lan subnets are different it should work fine

 

[SharpTJ11]

So I can ping 192.164.0.4, but something is stopping the route... Tracert stops at 192.168.0.4 also

 

[bill001g]

You will never be able to go from the main 0.x network to the 2.x network. It is the standard NAT issue

 

[SharpTJ11]

You will never be able to go from the main 0.x network to the 2.x network. It is the standard NAT issue

Even if I were able to set up static routes?

 

[bill001g]

The devices you have are not actual routers their only function is to convert 1 lan subnet to a single wan ip. Even device that have route commands do not actually have much ability to route. This command is used to send traffic to devices that do have the ability.

When you router traffic to the wan ip of the second router it does not understand that the traffic is to pass to the lan directly and not run though the nat function.

If you goal is just to use a router based vpn and your main router can not do this is to use a very non standard configuration. What you do is plug both the wan and the lan of VPN router into the main router. On the lan side you turn off the DHCP on the vpn router or you will have a even bigger mess...then again if you want most the traffic to use the vpn it might be simple to disable it on the main router.

The non standard trick is you are going to assign 2 ip addresses to each device. You can assign secondary IP addresses. You want a ip on both networks. You then set the gateway to be the vpn router or it can be the main router if the box is not going to use the vpn.