[SOLVED] Asus Merlin VPN Router + attached WiFi Mesh

[IceT6666]

I'm running an Asus RT-AC87U with Merlin and Astrill VPN (I'm behind the great firewall...). The Asus can't cover my apartment with decent WiFi, but lucky me, I was provided a Huawei Q2 Pro WiFi mesh system. This WiFi mesh is plugged into the Asus router and works, so far so good.

My problem: Astrill VPN on the Asus provides a device filter, with wich I can exclude certain devices from the VPN, and I have a bunch of WiFi devices that don't work well if tunneled through the VPN. If those are connected to the Huawei, I can't use the device filter anymore, as only the Huawei shows up as connected to the Asus.

Is there a way to configure this setup as one network, where all devices connected to the Huawei WiFi mesh show up as devices in the Asus router?


I've tried the "CASCADING A ROUTER (Same subnet)" manual in the The Ultimate Modem/Router Setup Thread and didn't quite succeed, maybe because the router is in Chinese and that the language can't be changed... I'm also unsure, if this even solves my problem.

• In the Huawei I changed the DNS to my 192.168.1.1 (which is my Asus)
• I fixed the Huawei's IP on my Asus to 192.168.1.2. For WAN on Huawei I tried fixed IP (with a standard gateway of 192.168.1.1) and also DHCP (which also turnes into 192.168.1.2 because of the fixed Asus setting).
• For the Huawei's network I cannot choose 192.168.1.x, it prevents me from choosing the same IP range that the WAN uses. So I can only choose e.g. 192.168.3.x

Any ideas?

 

[bill001g]

Will the huawei mesh function continue to work if you do not have a wan connection.

What you should be able to do is run the units as AP rather than router. Connect to a LAN port on the huawei. Disable the DHCP, and make sure you have a non conflicting Lan ip like 192.168.1.250 in your case.

This should move all the ip and router function to the asus and leave the wifi function in the huawei.

Your problem is the NAT when you run it as you do. You would have to use some hack to keep the data identified.

Maybe if the huawei supports packet marking in the QoS settings you could put different You could put DSCP markings (note this is not DHCP) on the packets. They should survive the NAT but it depends on implementation. You then could match you vpn rules against DSCP rather than IP addresses.

I would go the router of using your device as a AP if there is any option to do that.

 

[IceT6666]

Will the huawei mesh function continue to work if you do not have a wan connection.

What exactly do you mean by work? Currently, all devices connected to the Huawei get 192.168.3.x IPs. I dissabled DHCP on the Huawei network before, then my computer got a IP 169.254.36.74, Subnet mask 255.255.0.0 and no standard gateway - I couldn't access the Huawei anymore. For a strange reason, one computer that is wired to the Huawei did show up in my Asus for just a minute and then disappeared...
Only my phone still had a 192.168.3.x IP, was able to access the Huawei and activate DHCP again.

What you should be able to do is run the units as AP rather than router. Connect to a LAN port on the huawei. Disable the DHCP, and make sure you have a non conflicting Lan ip like 192.168.1.250 in your case.

This should move all the ip and router function to the asus and leave the wifi function in the huawei.

If I try this right now, the Huawei gives an error: IP range cannot be the same as WAN IP.
Should I unplug the Huawei from the Asus and try while it doesn't know the WAN IP? I still set the DNS server as 192.168.1.1?
And just to be sure: With 192.168.1.250 in your example you mean the Huawei's network IP, not the WAN IP?

 

[bill001g]

Yes unless the Huawei has a AP mode you will not use the wan port. Just plug into a lan port.

You can set the gateway and dns if you like but it makes no difference really when you have the dhcp function disabled.

All your pc will get 192.168.1.x ip from the asus. The IP on the huawei is only used to configure it the traffic does not pass through the router chip function.

 

[IceT6666]

thanks now I get it - I didn't realize I need to skip the wan port and just plug it into lan.

One question: If I deactivate the dhcp function and do it this way, will the huawei get an IP from the Asus router(through which I then can access it)?

 

[bill001g]

No you must hard code a lan IP. You want to use a IP that will not be give to another device on the asus so pick one outside the range it uses.