[SOLVED] Help me setup a WAN link!

[Myronazz]

Hello,

So to make a long story short, there is an apartment that has a ADSL Internet connection, and above it, there is an apartment that does not. My mission is to create a link to the other apartment and create a WAP through it so it has its own strong signal.

I ran a STP cable between them today, and sourced some old TP-Link router I had so I could make it act as a wireless access point (Because I'm too cheap to buy an actual one, which would 100% make things a billion times easier)

This is the configuration I set up is like this:

R2 is in the apartment I'm trying to connect. It's a TP-Link router which has a WAN port, I connected this port to a switching port of R1. This means that I have two networks, I was planning to basically have the 172.16.0.1 network make Internet requests through the WAN link where the 192.168.1.0 network exists.

But that's not how it turned out, the 172.16.0.1/16 network does not get used at all. The DHCP server of R1 straight up gives addresses to my devices through the WAN link and it actually works. That was all fine and dandy... until I realised that DHCP is a bit glitchy. It works on some phones, while in some others it does not. I have to set static addresses, which is annoying and obviously not ideal.

Yes, I disabled the DHCP service on R2 but that did not fix the problem. Nothing was getting addresses from R2's network even when it was enabled, only through R1's network, which I am not entirely sure as to why. It felt as if R2's DHCP server was not working at all because if it did, why was it not conflicting with R1's DHCP server when it was enabled?

R2 has its own address in R1's network (The WAN link address) which is 192.168.1.60. And as I see it there is only one solution to this problem:

1. Block DHCP requests going from 172.16.0.1 to 192.168.1.0
2. Create a default route to 192.168.1.1 which is basically the gateway to the ISP.

Any other ideas? Your thoughts? I'm going back to this place tomorrow to work on it, so hopefully I get some good advice here I have an actual WAP to be perfectly honest but I want to do this way purely because it's more interesting.

 

[SamirD]

Use straight AP mode or the wap and quit messing around...

 

[Alabalcho]

Use straight AP mode or the wap and quit messing around...

If your second router does not support AP mode - disable DHCP, assign static IP from 192.168.1.x, and connect it LAN-to-LAN to the primary router.

 

[SamirD]

If your second router does not support AP mode - disable DHCP, assign static IP from 192.168.1.x, and connect it LAN-to-LAN to the primary router.

Yep, or this.

 

[Myronazz]

Looks like I'm in a dead end. My TP-Link router doesn't seem to have the necessary means to do this. I tried all methods suggested here, but DHCP is glitchy. It does not work correctly. Sometimes it works, sometimes it doesn't. R1 is a crappy ZTE router so maybe that's the problem.

I tried another method: Have R1 (The gateway) handle one IP range (192.168.1.1-149) while R2 handles the upper range of that (192.168.1.151-200)

This is through the suggested LAN-LAN config, with R2 having an address of 192.168.1.250. And this works well. Doesn't matter to me which DHCP server gives an address, it's the same network so it will work either way. If it wasnt for one thing... R2's DHCP server cannot be configured with a Gateway address, it just gives its own address (192.168.1.150) which means no Internet for devices that happen to use R2's DHCP server.

So that's out of the question... I then thought of something else: Have each router on its own network like in the original diagram and make it two separate networks each having its own isolated DHCP services (I'll block DHCP discover UDP port on firewall). Then, configure a quad-zero route on R2 so it can reach R1's network for Internet access.

But... It seems the TP-Link (R2) just doesnt support these kinds of routes. I'm not sure it's possible to set a default gateway of sorts and route packets to R1. I don't think it is

There is another possibility: It seems that the router has NAT capabilities. When I set up a WAN to R1's network, I also setup an address on its network (look at the diagram in original post) . If I understand right, it's possible to use NAT for ALL devices in R2 to share the WAN link address.

As above, I have linked an emulator for my router. If someone more experienced can help that'd be great. Thanks.

Note: Idk why this emulator has RIP in the routing section. I don't have RIP on mine and im latest firmware. Goddamn my luck, seriously...

 

[SamirD]

This is actually a pretty nice router that has a lot of enterprise level features.

Okay, so it doesn't have the simple consumer 'ap mode', but the dhcp server can be disabled. It also has a feature called DHCP relay that should allow DHCP requests to be forwarded to the R1 router. I'm not sure if you need to use the wan or the lan port for this to work however. I would try it as that may solve your IP issue. I would also disable upnp as it may be playing havoc with things and is generally a good idea to disable for security as malware will use it.

One thing to consider is that if both LAN networks do not need to see each other that it would make more sense to assign a dhcp reservation on R1 for R2 and let R2 have its own network. You will also need to make a route that drops all traffic from R2 going to lan devices on R1, but that's about it.

 

[Myronazz]

Yeah you read me, that's what I've been trying to do, but it doesn't freaking work!

R1 and R2 each have their own networks, but there is no communication between them no matter how hard I try.

So here is the route I setup, which doesn't work. I cannot ping anything on the 192.168.1.0 network I setup, it reports 'Destination host unreachable' which means that R2 (TP-Link) cannot reach the network. But why? It's right there!

Before you say anything about the interface, I have also tried selecting the WAN interface I made, which I know for a fact has a working connection. But still nothing. Ugh. How troublesome.

The interesting thing is how having this WAN IP over Ethernet link enables me to access R1 on a Layer 2 THROUGH R2, which is weird right? Because there is no static routes. BUT STATIC ROUTES are Layer 3 (Cause it's an IP!)

And that makes sense, because I'm receiving R1 DHCP signals through R2... I can access the Internet and everything perfectly if I assign a static IP that's in R1's network (192.168.1.60) for example. BAM! PERFECT ACCESS!

Still, despite this, there is no L3 connectivity. Even as I am connected to R1's Internet through R2, there is no connection. It says unreachable. So the actual router part doesn't know how to get into the 192.168.1.0/24 network. The only reason it works is because there is L2 connectivity.

To remind of the problem again, while the Internet is accessible this way, DHCP doesn't work half the time. That's why I'm trying to have two separate networks with a route between them.

As I see it, this WAN link does not behave as I want it. It links the two routers on the 2nd Layer. Not quite sure what Router interworkings are doing this, but it's definitely not RIP that is probably working under the hood. the question is if I can stop this behaviour and change it.

So here is the grand question: Can I have two separate networks with a link between them and a route? The router has features yes but I don't feel as if I have a good degree of freedom over how they behave.

Perhaps the R1 on the other end needs a WAN link configured as well? Because I haven't touched R1 at all mainly because it's a crap ZTE router that does nothing. Maybe that would make sense, because technically the ports on the back of the ZTE router are switching ports (L2 ports).

Still, the ZTE router KNOWS that there is an IP address on its switch port connected to the TP-Link's WAN port (Which has the WAN IP I configured R2 the TPLink).

Is this why?

 

[SamirD]

R1 and R2 each have their own networks, but there is no communication between them no matter how hard I try.

If each their own network, there is no way to get communication between them.

If you want communication between them, you need them all on the same lan, and the quickest way to do this is to ditch R2 and just go get a dumb unmanaged switch for $20. It should work perfect. If it doesn't, I'd be suspect of the wire between them, which might explain other issues too.

 

[Myronazz]

I know different subnets are supposed to be isolated from each other, but isn't this the job of the router inside? To know that the 192.168.1.0/24 network exists on the WAN port I configured and redirect the packets there? The router must know, because that "WAN port" is usually just a switching port, but when I configure it as a "WAN port", it assigns an IP address to it and converts it into a router port, though maybe it still accepts L2 traffic and that's why there is L2 communication.

Take a look at R1's LAN device list (not WLAN)

The last address belongs to R2, it is the WAN IP configured for it to use, and during the setup of the WAN, it asked me to specify network address and subnet prefix, so IT KNOWS that the 192.168.1.0/24 exists on the fourth LAN/WAN port, and I have also specified a static route out of that WAN port (like in the the first image of the previous route, except instead of br0, the interface is atm0.2 which is the WAN port).

Look here:

So with all this in mind, shouldn't I at least be able to ping an address on that network? R2 says, "destination host unreachable." but not "no route to host."

As I see it, my entire problem is how I cannot route packets between the two networks on L3. Also, the TPLink router has NAT feature that it allowed me to enable when I formed the WAN link. This is so that devices on R2's own LAN can share that IP address behind the NAT feature, but this doesn't seem to work either. If it did, it would solve everything, because R2 LAN devices would basically just use that WAN address to contact the Internet, like a traditional home router config!

But again, this doesn't work

 

[bill001g]

Your problem is the devices you are using are not actual "routers". Maybe the tplink one has some abilities but to make this work even the first router with the internet connection must have some ability. The key one would be that it can accept multiple subnets being translated by NAT function to use the internet. It also has to know to send the second subnet traffic to your tplink router. If you use NAT on the tplink router to try to get past this problem you have the standard port forwarding issue.

So before you go real far you need to determine why you really need multiple subnets and why you need them to actually be able to talk.

The whole reason you even use a subnet was to decrease the load put on equipment by broadcast packets. In a enterprise install it has become very common to use a much large subnet mask rather than route a bunch of smaller subnets in a building or a floor of a building. You might route between buildings or maybe even locations if the company has mulitple offices but inside a location it tends to be easier to use 1 single subnet. In modern desigens there is almost no direct communication between end devices anyway. All servers etc are located in another location or in some internet cloud thing.

In the end if you really have a need to do this you are going to have to have actual routers. Consumer "routers" have removed many of these abilities because they are not really need by most people and they want the device to be as simple as possible for your average...ie dumb..consumer.

 

[Myronazz]

HI, if you read above in one of them methods I have tried, I have actually made it work. There is Internet communication via a simple LAN-LAN configuration where the IP address of the Tplink router (R2) is just in the same subnet as the original router (R1). This simulates an AP mode from what I understand, and it does work, but DHCP services are glitchy as hell. Half the time, it doesn't work, and you have to assign IP addresses manually with static. Its unstable, but DHCP services do work, just not all the time.

I tried to have two DHCP servers. One in R1 handling the lower range of the subnet addresses (192.168.1.2-149), and then R2 handling the upper range of the subnet addresses (192.168.1.151-200). R2 has an address of 192.168.1.150 (hence why its excluded from the ranges).

This worked, because there are two servers handing out IP addresses of the same subnet, so if R1's DHCP server glitches out, R2 handles the request. It works! But sadly, the TPLink DHCP server gives the Default Gateway address as its own address (192.168.1.150) so if devices happen to use the TPLink DHCP server, no Internet because the actual gateway is R1 (192.168.1.1).

And yes, the Gateway IP is not a configurable thing in the TPLink router. It just sends its own address. So stupid... (Can I somehow edit the firmware or something?)

This is why a LAN-LAN configuration like an AP doesn't work, and why im trying to have two separate networks with communication between them. It'll just solve the DHCP problem (Although I could also try to disable both DHCP servers and have a raspberry pi or something handling DHCP, but I don't have one).

Your problem is the devices you are using are not actual "routers". Maybe the tplink one has some abilities but to make this work even the first router with the internet connection must have some ability.

I understand this, R1 is a crappy ZTE router. But the NAT method of the TPLink router should effectively be plausible right? At the end of the day, with the NAT method, R2 does all the work. All R1 sees (The ZTE ISP router connected to the Internet) is traffic coming in and out of the TPLink WAN IP.

So in relation to this, you said:

If you use NAT on the tplink router to try to get past this problem you have the standard port forwarding issue.

I think I understand what you mean because I have some knowledge of how NAT works, but what kind of issue are you referring to? I've never heard of this common issue you are referring to.

 

[bill001g]

If you run NAT on the second router every device behind it appears to come from that same IP. They all share that 1 IP. So it fixes the first problem of the second subnet but now you get the new problem of using NAT.

I am extremely surprised you have not heard of the NAT issue. You must not play a lot of online games and/or not have any form of game console. People with game consoles especially talk about this all the time.

The problem is say I have a machine 192.168.x.100 behind the nat router. Now lets say the common IP you 192.168.1.50. So some machine want to send data to 192.168.x.100. That IP block does not actually exist because you are running NAT. The machine must know to send the data to 192.168.1.50. BUT now how does the router know that the data is suppose to go to say 192.168.x.100 rather than 192.168.x.101. You must put in port forwarding rules so that when traffic comes into the common address it gets redirected to the machine you want. Many things do not work when you try to get more than a single machine behind nat to work because of the limitation of the port numbers.

Your problems with the DHCP is because again consumer routers are not actual DHCP servers either. A real DHCP server can actually give out any IP as the gateway and actually reside in a data center remote from the LAN. Large companies do not actually use their network equipment to do DHCP server, this is something they do with a microsoft domain server because it also provides many other function in addition to DHCP.

 

[Myronazz]

Your deduction is correct: I haven't played video games in a damn long time. I used to play Minecraft back when it was new, but that's it really. Not much else and if there was something else I never experienced such an issue.

I have however studied NAT as part of a course I did, so I do more or less know how it works on a under-the-hood level. I just need a bit of a... memory refresh because this was around two years ago.

About what you described when it comes to the NAT issue? I'm not entirely sure as to what you mean. Your explanation is a bit confusing (Maybe you can link me an article to read?)

You explain that I have a device with a common IP 192.168.1.50 behind the NAT router. Good so far. And then you say that some machine (I think you mean another machine behind the same nat, like 192.168.1.60) wants to send data to 192.168.x.100 (Is this network outside the NAT? Where is it?)

You then say that the machine must know how to send data to 192.168.1.50 (But I thought we were sending data to 192.168.x.100?) So here I will assume that you mean that 192.168.x.100 must know how to send data to 192.168.1.50.

Then, you explain that this IP block (192.168.1.0/24???) does not exist because its running behind a NAT. That makes sense because the NAT basically uses one IP to communicate (say 192.168.x.101 which is shared by all devices behind the NAT). That's ok so far.

I think that you then explain that the router does not know how to forward the data coming from 192.168.x.100 to 192.168.1.50, because a forwarding rule is needed.

That's kinda confusing because I again thought that the NAT handles all this kind of stuff. We are talking about the same type of NAT, right? NAT Overload or in other words PAT, which maps UDP/TCP ports to know where each packet comes and goes.

So say that we have a standard home router. The ISP has assigned this router a public IP of 200.0.0.1/30. The router's private IP subnet range is 192.168.1.0/24, and is behind a NAT Overload that shares the public IP.

Now by this scenario, let's say that a laptop behind the router (192.168.1.30) wants to download a site.

The laptop initiates a TCP connection with source TCP port of 3000 and source IP of 192.168.1.30. The destination port is 80 (HTTP port) and destination address is 142.250.187.228 (the server on the Internet)

The router takes the packet (because its the gateway) and has no route for this address, so it forwards it to the default route which is the ISP. BUT before it does that, it maps the source address with the source port in its NAT table as 192.168.1.30:3000 and then replaces the source IP with the public IP it has, and then finally forwards the packet to whatever interface the ISP has configured.

When the server on the other end (wherever it is) sends a reply, the router receives the packet and immediately checks the destination port (which is 3000). It identifies the NAT session and replaces the destination public IP with the one that matches the entry in the NAT table (192.168.1.30:3000) so that would be 192.168.1.30 and then uni-casts this packet to wherever this laptop exists.

So where is the issue here? Does my TPLink router have a different kind of NAT? I tried my best to understand what you described but I failed. I would appreciate it if you tried again. Thank you!

 

[bill001g]

Your example at the end is correct how NAT works when you go FROM a device behind the nat TO a device say on the internet. The problem is the reverse.

Say instead it is a user on 142.250.187.228 and wants to connect to server in your private network with ip 192.168.1.30

Since 192.168.1.30 is a private ip you can not use that one. The only IP you have is 200.0.0.1. So the user attempt to connect to that on some port xxxx. The router now gets this request to connect but how does it know which machine to send it to. There is no NAT table entry because your internal machine did not send any data to he external IP yet.
To solve this you force a rule into the NAT table sending the data to 192.168.1.30....ie port forwarding. So now that one machine works. But lets say you have 2 different machine on your network and both want to use port xxxx. There is no way to make this work because there is only 1 port xxxx on the external IP and it can only be associated with 1 internal machine.

 

[Myronazz]

I understand what you mean now, thank you for the clarification. I was aware of this port forwarding issue, or well, 14 year old me trying to setup a Minecraft server was (I'm 21 now)

But I don't believe this is the problem, and that's because of a cascading sort of effect my setup causes. Let's consider my networks again:

So... let's suppose that the 192.168.0.10 accesses a website on server 142.250.187.228. As before, this will appear in R2's NAT table like this:
192.168.0.10:3000

The source IP is 192.168.0.10, source TCP Port is 3000, destination port 81 and destination IP 142.250.187.228. The TP-Link router has an option to configure the WAN port as a default gateway (Lucky!!!!!!) and since this is an address it has no route to, it will forward it to the default gateway (The WAN port which is configured and everything as per the topology) and it will thus make use of the NAT feature with that information.

And so, R2 will forward a frame to R1 that has the WAN IP address, so it becomes: Source IP 192.168.150, source TCP port 3000, destination port 81, destination IP 142.250.187.228. R1 does not have a route to 142.250.187.228 so it does literally the exact same thing as R2. So... R1's NAT table now has this entry:
192.168.1.150:3000

Finally... R1 forwards a frame that has the public IP as the source this time to the DSL link which is the ISP, and everything else like source TCP port the same. So when a reply comes back, the destination port will be 3000, so that will cascade all the way through because both NAT tables have an entry of port 3000 that they can forward to the respective IP it belongs to.

So really, what you say is correct. I will not be able to ping R2 LAN devices from R1 LAN cause there's no port to forward to. But this doesn't apply for Internet traffic, because it's all outbound. Your other point of what happens when two devices try to use the same source port is also correct but it isn't the problem because at the time I was testing, there was only one device.

In theory, this should be working, but it is not. There is also the problem that even though the WAN port gets configured as a router port (with an IP address as you saw in the ZTE router device list) it STILL accepts Ethernet frames on the 2nd layer which explains how I can access R1's LAN by assigning myself an IP address from its subnet

I suspect that the only way to solve this is if R1 has its own WAN port I can hook into R2's WAN port and configure both of them into a PPPoE connection. Maybe the L2 traffic is whats causing some kind of confusion inside (maybe with MAC tables) and prevent this whole NAT setup from working.

Again, thank you very much for your information. I'd appreciate it if you have more valuable input. Maybe an idea as to how to get through this last barrier.

 

[bill001g]

I guess that is where I was confused. A simple router behind router always has this problem......but if you don't care if lan 1 can get to lan 2 it is not a problem. Many people intentionally do this when they don't trust device on the primary lan. It is actually trivial to set this up for most people. Other than the issue of when both routers use the same lan subnet you should be abel to just take them out of the box and hook the wan on R2 to the LAN on R1 and works with no other configuration. The wan port on router 2 will be assigned a IP via DHCP from router 1 just as if router 1 were actually a ISP router. Router 1 just thinks router 2 is some pc that happens to have lots of sessions open.

This has to be something very odd about the tplink device. Traffic from the lan (192.168.0.x) network should never bleed into something on the wan side.

 

[Myronazz]

Well. I'm unfortunately out of time with this even though I was curious when it comes to making it work, so I bought a WAP and everything works as intended.

Not quite sure why its bleeding either, but it is. Assigning myself an address from 192.168.1.0/24 network makes it work perfectly minus DHCP (Again, maybe a rPI would have made it work). It is weird for sure. The TPLink router has three WAN type configuration options:

1. Bridge
2. PPPoE
3. IPoE (IP over Ethernet)

I chose 3 as it felt like it was what I needed. This basically allowed me to assign an IP address on the Ethernet port and use features like NAT as well as a Firewall (Although the firewall doesnt seem to be configurable).

IPoE settings:
WAN IP: 192.168.1.150
Mask: 255.255.255.0
WAN Gateway: 192.168.1.1
MTU: 1500 bytes
NAT: True
Firewall: True

I did not try PPPoE as that would need the ZTE router to have the same feature, which it did not. If I formed a PPPoE WAN link, then I'm confident it would work well.

I have absolutely no idea what Bridge mode is I have to say. I tried it but it had next to none configuration and it didn't work so I didn't try much.

 

[Myronazz]

Update: I solved the issue a while ago.

For anyone that might be having the same dillema with the TP-Link TD-W8960N V6, don't be fooled by how the router assigns an IP address to the switching port. It's not considered a WAN port by the system until you go here and setup an Eth interface (I imagine this stands for Ethernet, referencing the WAN RJ-45 port on the back).

As it is implied, the default interface used for a WAN is an ATM inteface, which the router creates out of the DSL port, as this is what most people use for anyways.

If you are like me, and want to enable the WAN Ethernet port, you create an ETH Interface and set unknown traffic to be defaulted through that interface, where the Internet lies ahead (or whatever you setup behind it).

This is why it was leaking L2 traffic through the WAN port, it wasn't properly setup as a WAN port yet.

Everything works flawlessly after that!