Gateway with two cabled routers (1 VPN router) - second router needs to connect with VPN router

[sheikhsheikha]

I have a situation in which I would like to have input and assistance. I hope you can help me out.

I want to connect one router to another router (VPN Router) and ignore the router/gateway from the internet provider as it is censored and blocks Facetime and Skype.

The gear:

Internet Provider delivered Wifi Router/Gateway
DLink DIR850 with Etisalat Firmware functioning as Gateway (it only provides traffic access to the internet – WiFi is disabled)
192.168.1.1 with subnet 255.255.255.0 and ip range 192.168.1.100 and up
192.168.1.100 is placed in the DMZ of this router

Router 1 – connected with cable to LAN port of the DLink gateway
Asus RT-AC5300 with Merlin Firmware with 192.168.2.1 with subnet 255.255.255.0 and ip range 192.168.2.100 and up
The WAN IP setting is 192.168.1.100 (so placing it in the DMZ of the DLink).
On this router L2TP VPN Client is configured and running smoothly providing uncensored access to the internet from my location.

Router 2 -– connected with cable to LAN port of the DLink gateway
NetGear X6 R8000 configured as access point getting IP Address from the DLink and using the DLink as gateway. (ip is 191.168.1.101 with subnet 255.255.255.0).

• 
  I would like to configure the NetGear to connect with the Asus (so that the VPN is used by the NetGear and the DLink settings are further ignored)
  I have no clue how to do this. No port forwarding is used (I have actually no clue if that would do the trick and most of all I would not know where to begin)

• 
  Connecting the NetGear via WiFi to the Asus is not an option – I would like to configure it via the cabled connection that both the NetGear and the Asus have with the DLink.
  I would like to avoid pulling extra cabling between the routers as this option is limited by the building and would be expensive.

It is key that the NetGear connects to the Asus as I am in an area where a lot of the internet is censored and simply blocked (e.g. Facetime, Skype). The VPN allows me to use the blocked services). The Netgear firmware does not allow me to configure the VPN (does not support L2TP and that is the only way VPN will work here).

Anyone who has an idea how to make this work? Your help is highly appreciated, and I thank you in advance.

 

[bill001g]

You have to somehow get the netgear cabled to a lan port on the asus.

All option I can think of require buying stuff.

1. You could move the asus to the central location and buy a second AP in the current location of the asus.

2. You could buy 2 small switches that support vlans. You define 2 vlans on both. You define a tagged connection between them using the current ethernet cable going to the asus. You would plug the asus lan and wan port into different ports on the remote location.
In effect it would go from the ISP router---switchvlan1--asuswan--asuslan-switchvlan2---netgear.

The merlin firmware supports vlans but I am unsure if you can use a single port on the router both as WAN and LAN. I think you can but I don't know if you have to use the LAN ports or if you can use the WAN port. It save the cost of a second switch but the complexity is much higher, the switches are pretty simple to configure the lans.

3. If all else fails you could just use a powerline connection to connect between the routers

 

[sheikhsheikha]

Hi bill001g,
Thank you for borrowing your brains and the effort to write back.
Option 1: is not an option, Etisalat only allows the Dlink as gateway.
Option 3: is not an option as the powergrid is segmented (given the number of A/C's required in this climate. The signal gets lost (tried this one)
Option 2: I have a strong feeling this can be done with the configuration of the routers, without any additional hardware, as the Dlink, the Asus and the Netgear support port forwarding/VLAN configurations. The thing is I have no clue how to set that up.

 

[bill001g]

It is not common even for a simple switch to have vlans. The method if you used switches would be Port 3 is assigned to vlan 1 port 4 is assigned to vlan 2 on both switches. Port 2 is assigned to both vlan 1 and vlan 2 using TAGS. The 2 switches are connected via a physical cable between port 2.

So now port 3 on both switches is 1 network and port 4 on both switches is a different network....or cable if you want to look at it that way. The key to making this all work is the vlan tags that let multiple vlans share a connection and the traffic still be isolated.

On option 1 the cabling it the same the ISP router is not touched you just put the asus router next to the ISP router

It would be ISP---dlink---asus-----2 devices acting as AP.

 

[sheikhsheikha]

I get what you mean. It still is not that what I am looking for. (The Asus cannot be placed physically with the Dlink and I still run into cabling.)
My goal is to have the Netgear (that I can configure as a router too) to be linked by such settings to go through the Asus(cabled with Dlink) while being physically (cable) linked to the Dlink (and have the Asus route all the traffic by VPN.