[SOLVED] Can I use a 2nd router to run a VPN on the router when my ISP only provides 1 ISP address?

Jan 20, 2022
5
0
10
Hi,

I recently moved off my cable companies legacy package into their internet-based IP TV service. As part of my legacy package, I was able to get 2 IP addresses assigned by the modem, and thus I ran 2 separate networks behind the modem. One for my main internet and key devices, another router that I had an OpenVPN setup on the router and connected certain devices to. At least I believe I was getting 2 IP addresses because both routers were able to connect to the WAN from the modem.

I've since learned I can only have 1 IP address now with the new service (the 2nd IP address is apparently reserved for the TV boxes and other services from the cable company). Is there a way to mimic this setup with this constraint? I have my new modem in bridge mode and running an Orbi Mesh network that my devices and cable boxes connect to. When I try to connect the 2nd router to the modem it cannot get an internet connection. I verified the ISP is limiting this because I can alternate the routers (so it's not a router issue), but only 1 of them can connect to the internet.

Is this setup possible? I want the devices that connect to the 2nd router / wifi access point to connect via the VPN on that router to the internet.

Thank you in advance.
 
Solution
Yes that is the way I do it. You can get IPSEC to work that way, but openvpn is designed to tolerate the nat.

You just plug the other devices into the vpn router and everything else into the main.

What you can also do, at least on merlin, is put in lists of local ip addresses that bypass the vpn and go directly to the internet. I have not done it but you can also run only certain applications through the vpn and everything else goes direct.

kanewolf

Titan
Moderator
Hi,

I recently moved off my cable companies legacy package into their internet-based IP TV service. As part of my legacy package, I was able to get 2 IP addresses assigned by the modem, and thus I ran 2 separate networks behind the modem. One for my main internet and key devices, another router that I had an OpenVPN setup on the router and connected certain devices to. At least I believe I was getting 2 IP addresses because both routers were able to connect to the WAN from the modem.

I've since learned I can only have 1 IP address now with the new service (the 2nd IP address is apparently reserved for the TV boxes and other services from the cable company). Is there a way to mimic this setup with this constraint? I have my new modem in bridge mode and running an Orbi Mesh network that my devices and cable boxes connect to. When I try to connect the 2nd router to the modem it cannot get an internet connection. I verified the ISP is limiting this because I can alternate the routers (so it's not a router issue), but only 1 of them can connect to the internet.

Is this setup possible? I want the devices that connect to the 2nd router / wifi access point to connect via the VPN on that router to the internet.

Thank you in advance.
Consumer routers usually make poor VPN end points because they don't have enough CPU power. If you want VPN for some devices, I would recommend using an old desktop PC with an extra ethernet card to create a pfSense router. Then you just have a single input and multiple outputs one with VPN and one without.
But you may be able to have pfSense selectively route devices, based on their IP or MAC on VPN vs no-VPN and only have to have a single LAN port.
 
  • Like
Reactions: techuser123
Jan 20, 2022
5
0
10
Consumer routers usually make poor VPN end points because they don't have enough CPU power. If you want VPN for some devices, I would recommend using an old desktop PC with an extra ethernet card to create a pfSense router. Then you just have a single input and multiple outputs one with VPN and one without.
But you may be able to have pfSense selectively route devices, based on their IP or MAC on VPN vs no-VPN and only have to have a single LAN port.

Thanks for your input. I will have to research the pfSense option as I have not heard of it before. My other router is an Asus RT-AC86U which was sufficient for my needs and it was simple as all you needed to do was switch to that wifi access point to use the VPN-based routing.

Still wondering if I can mimic this behind the other router that is internet facing? Please excuse my lack of networking deep knowledge here but I am more than happy to test and research!

Thanks again!
 
The asus 86U is a very special exception to the vpn. It will still never compare to a pc with a actual CPU.

So the 86u and a small number of other asus models uses a cpu chip that has a AES encryption instructions as part of the CPU. It also has a 1.8g clock rate which is higher than most.

Most router you will be lucky to get 30mbps using openvpn. The asus can get about 200mbps but it will be less if you use the longest encryption keys.

Although the asus factory firmware has added the support for the hardware assisted vpn I would still load the merlin firmware. Maybe asus copied the rest of the vpn but I found the merlin image easier to setup.
 
  • Like
Reactions: techuser123
Jan 20, 2022
5
0
10
The asus 86U is a very special exception to the vpn. It will still never compare to a pc with a actual CPU.

So the 86u and a small number of other asus models uses a cpu chip that has a AES encryption instructions as part of the CPU. It also has a 1.8g clock rate which is higher than most.

Most router you will be lucky to get 30mbps using openvpn. The asus can get about 200mbps but it will be less if you use the longest encryption keys.

Although the asus factory firmware has added the support for the hardware assisted vpn I would still load the merlin firmware. Maybe asus copied the rest of the vpn but I found the merlin image easier to setup.

Thanks Bill. Maybe I'm over thinking this and I can just hook up the Asus 86u behind my other router and it will work fine? It would be no different than connecting via a VPN on the device itself I guess? Some of my devices cannot natively connect to a VPN hence why I need it on the router itself, and then have that device connect to that wifi that will route through the VPN. Will there be any connection issues I should be aware of when connecting this way so the requests make it to the internet ok?

Thank you.
 
Yes that is the way I do it. You can get IPSEC to work that way, but openvpn is designed to tolerate the nat.

You just plug the other devices into the vpn router and everything else into the main.

What you can also do, at least on merlin, is put in lists of local ip addresses that bypass the vpn and go directly to the internet. I have not done it but you can also run only certain applications through the vpn and everything else goes direct.
 
  • Like
Reactions: techuser123
Solution
Jan 20, 2022
5
0
10
Yes that is the way I do it. You can get IPSEC to work that way, but openvpn is designed to tolerate the nat.

You just plug the other devices into the vpn router and everything else into the main.

What you can also do, at least on merlin, is put in lists of local ip addresses that bypass the vpn and go directly to the internet. I have not done it but you can also run only certain applications through the vpn and everything else goes direct.

Thank you so much! I will try this out in the next few days. Unfortunately I did a hard reset of the router to try and eliminate why it couldn't connect to the internet so I'll have to load the OpenVPN settings again.

Cheers!
 
Jan 20, 2022
5
0
10
Set it up and it seems to have worked. Didn't play around with port forwarding or anything, but not many items are connecting and the ones that are seem to be fine. Thanks again everyone!