[SOLVED] Linksys router/vpn connected to Huawei router issue

[Network Learner]

I am living out of the country some times of the year and I find that I need my VPN to be used in order to get full access to all the Internet services I am used to when I live in the United States.

The ISP here uses a Huawei HG8245H5 router. That router is a router that connects directly to a fiber optic cable from the street then it converts it to Ethernet. It has 4 switch ports on the back of the device and two antennas.

I connected a Linksys BEFVP41 VPN router to it. I had to connect my computer directly to the Linksys to configure it at first so I could put it into the same subnet as the switch ports on the Huawei.

Now when I connect my computer using Wifi to the Huawei; I can now login to the Linksys user configuration GUI interface.

When it was successful; it was because I had the Linksys connected to the Huawei through one of the Linksys switch ports.

But that is not how it has to be connected. The Huawei is the source of the Internet for the LAN, so I need the Huawei to be connected from one of the Huawei switch ports to the Linksys "Internet Port"; not a Linksys switch port.

Does anyone have any idea why it won't connect through the Linksys Internet Port, but I can connect via the Linksys switch ports? Is there configuration setting that must be set on the Linksys and or the Huawei that must be set.

The ideal setup would be Fiber Optic from Street>>>>>Huawei router>>>>>Huawei switch port>>>>>Ethernet Cable>>>>Linksys Internet Port>>>>>Linksys switch port/ports >>>>>Ethernet cable/cables>>>>Computer or Roku or Smart TV.

I have narrowed down the problem to the connection between the Huawei and the Linksys. It is some configuration in one or both of them. It has nothing to do with the other devices at this point, because I never even connected those devices yet. There's no point in doing that if I cannot get the Huawei to connect to the Linksys Internet Port.

Thanks for your help. I appreciate any ideas that will help fix this situation short of having to buy new equipment.

 

[bill001g]

You are correct in how it must be connected for you to use it as a VPN router. This is exactly how many people accomplish this.

What I suspect the problem is you are using the same subnet on the wan and lan ports of the linksys router. You need different subnets. Many router will actually complain of this conflict.

 

[Network Learner]

So is there a way to configure the WAN and LAN ports for different subnets? I know that inside the Linksys; I saw a menu for configuring the subnet, but I assume it means the LAN ports. I can confirm that the LAN ports are on the same subnet that I configured within the Linksys GUI user interface.

Am I to assume that I do not need to configure the subnet of the Linksys WAN port and that it would auto configure itself to whatever the subnet is of the connected ISP router?


I may have to change the subnet of the LAN ports to something different. I think I did put them in the same subnet as the ISP router in order to be able to access the admin interface via the ISP WiFi router. But as stated in my initial post, that only worked when it was connected to the Linksys LAN ports.


I suppose I will have to give up on being able to make configurations to the Linksys Router over WiFi.
The Linksys does not have its own WiFi.

 

[bill001g]

Yes it must be changed on the lan subnet.

You need to enable a special option to be able to admin a router via its wan port. This is because most people have this hooked to the internet and you take the risk that hackers can attempt to admin your router. In general it is a bad idea to configure your router over the internet so the default is disabled. Your usage is not the same so you will have to enable it.

After looking that router up you may want to consider buying something newer. That is more than 10yr old technology. Almost all modern vpn use openvpn and not the older pptp or ipsec.

 

[SamirD]

While configuring the Linksys make be possible, the performance--especially when tunneling all the way back to the US--will be terrible if you have a decently fast connection on both sides. The model is quite old and from what I recall it couldn't even do more than 10Mbps wan to lan without the vpn.

For something like your use case, I would highly recommend an ipsec vpn router on each side and a 24x7 ipsec tunnel running in between. This way, you can simply remote into a system at home and use it remotely, which will be much simpler than trying to tunnel all the data to where you are. I use an identical set up whenever I have to travel.

 

[Network Learner]

Yes it must be changed on the lan subnet.

You need to enable a special option to be able to admin a router via its wan port. This is because most people have this hooked to the internet and you take the risk that hackers can attempt to admin your router. In general it is a bad idea to configure your router over the internet so the default is disabled. Your usage is not the same so you will have to enable it.

After looking that router up you may want to consider buying something newer. That is more than 10yr old technology. Almost all modern vpn use openvpn and not the older pptp or ipsec.

=======================================================


Could you recommend a good VPN to get? I bought that one for $26.00

It being that it is not really for business use; do you think it would still work for my use?
I do prefer Linksys though. I don't want to have to spend tons of money for something that is just going to be used for accessing sites and watching videos from the USA while overseas.

Would Open VPN be faster or something?

 

[bill001g]

Partially it depends where you are setting the vpn up to. If you have another router in the USA say in someones house that is a different setup than using a VPN service.

If you are using a vpn service ou have to check first that it has the ability to bypass the restrictions. Many providers like netflix and amazon know you are using a VPN and will not function.

The main reason to use openvpn it is simpler to setup and many of the VPN service companies do not support ipsec. The other issue is your main router needs a special feature to allow IPSEC or PPTP to passthough it. Many routers have this but it just another of the many many details you have when setting up IPSEC. If you are setting up the vpn to another vpn router you control it is a little easier to get IPSEC setup because then you know the settings on both ends.

I suspect you can get many used routers on ebay for not much more that will exceed that old router. Just look for the specs. The feature is called VPN "Client". Many routers have vpn server ability the cilent part is not as common.

Be aware even fairly fast routers are going to cap you to 20-30mbps so you might have issues trying to watch something like netflix at 4k.

 

[SamirD]

And having set up ipsec vpn tunnels across the world to home, you're lucky if you'll see 10Mbps bandwidth in the tunnel, even with high speed links on both ends simply due to the latency across such a link.

 

[Network Learner]

And having set up ipsec vpn tunnels across the world to home, you're lucky if you'll see 10Mbps bandwidth in the tunnel, even with high speed links on both ends simply due to the latency across such a link.

Well I am not concerned with it being 4K.
But I would like to make this work somehow. I know VPN endpoint to VPN endpoint is good for if you are doing home computer to home computer, but I am not doing that.

I would need to have access to a U.S. based VPN server that would accept a connection to my Linksys router. It is not like I could install any of their proprietary software on my computer. Linksys routers run their own firmware, sot Windows, Apple or Linux software.

I know some people just pay for a DNS service that changes the I.P. address before it gets to the streaming service, so the streaming service thinks you are still inside the U.S. and encryption services are not needed. I am really trying to find a way to not have to pay for a service though. Paying for the streaming service is enough of an expense as it is. I have seen some WiFi routers online, but they are all over $300.00. I don't mind older equipment as long as it works and the technology is still being used. Newer is not always better or necessary.
Yes, it would be more convenient if the ISP router was as advanced as the Iinksys and had all the abilities of the Linksys. The Huawei router is so limited; it only allows me to whitelist 8 MAC addresses total. I know that has nothing to do with VPN technology, but it is an example of how simplistic the ISPs equipment is.

 

[SamirD]

Well I am not concerned with it being 4K.
But I would like to make this work somehow. I know VPN endpoint to VPN endpoint is good for if you are doing home computer to home computer, but I am not doing that.

I would need to have access to a U.S. based VPN server that would accept a connection to my Linksys router. It is not like I could install any of their proprietary software on my computer. Linksys routers run their own firmware, sot Windows, Apple or Linux software.

I know some people just pay for a DNS service that changes the I.P. address before it gets to the streaming service, so the streaming service thinks you are still inside the U.S. and encryption services are not needed. I am really trying to find a way to not have to pay for a service though. Paying for the streaming service is enough of an expense as it is. I have seen some WiFi routers online, but they are all over $300.00. I don't mind older equipment as long as it works and the technology is still being used. Newer is not always better or necessary.
Yes, it would be more convenient if the ISP router was as advanced as the Iinksys and had all the abilities of the Linksys. The Huawei router is so limited; it only allows me to whitelist 8 MAC addresses total. I know that has nothing to do with VPN technology, but it is an example of how simplistic the ISPs equipment is.

You won't even get 480p:
https://help.netflix.com/en/node/306

VPN endpoint to endpoint is actually used in business, not the home.

I believe the Linksys can do pptp, and there are providers that will give you pptp access even though it is completely insecure. The problem is that from what I remember in testing the vpn capability of that Linksys, it will just barely do 1Mbps vpn speed in a local lan test environment. This means in the real world it would be lucky to do half that and across the world, it would be lucky to get ISDN speeds (128k). This will simply not work for your goal.

A $300 router won't necessarily be able to do what you want either. It's not a matter of cost, but finding the right tool for the job. A $300 phillips screwdriver is useless on a minus screw; and in such a case a 40 year old minus screwdriver does the job. I agree that newer isn't necessarily better (and these days can be worse).

I wouldn't expect anything from the Huawei except bare functions and a backdoor to your entire setup that the ccp can access whenever they want. I would NEVER connect anything directly to one of these without having my own security in front of my devices.

 

[Network Learner]

Well what would you recommend?

The Apple TV has settings to allow you to put in a proxy and then you could use one of those DNS services that will change your I.P. address before sending your communications to the streaming service such as "Netflix" or "CBS All Access", But the Roku has no such ability. So even without using VPN encryption technology my thought was that I could use the Linksys to be the device to set up a proxy server address on, and then the Roku could be used also. Both the AppleTV and The Roku could be hidden behind a USA based proxy. I would not even need to configure the proxy inside the AppleTVs Proxy settings. They would both be behind the Linksys. But my concern is that with the Linksys behind the ISPs Huawei WiFi modem/router/device; will the Linksys still be able to send data to a proxy or will the fact that the Linksys is behind another device foul it all up?


But this is not what I originally came online in this discussion group for. So at this point what I have learned is that what I need to do is:

1). Make the Linksys Switchports to be in a different subnet than the switchports of the Internet of the Linksys and/or switchports on the ISPs Huawei router.

2). I will just have to do configurations via a direct Ethernet cable connection to the Linksys and not through the WiFi of the Huawei because the subnets will be different anyway.

But if you have any ideas other than me Paying for a Smart DNS service, I would like to hear them. Thank You

 

[SamirD]

That is interesting about the proxy. If it works, then all you need is a router that can do it faster than the linksys as its lan to wan speed is what is going to hurt.

Yes, you will need to use separate subnets and manage the linksys that way. But honestly with as much bad hacky/malware/spying stuff I've read about the Huawei, I would keep everything locked away from that as much as possible anyways. It's the devil.