Question VPN alternate location routing for remote access

[navalweaponsofficer]

Sorry if I am not using some of the correct terms. I tried searching for a solution for this issue but I cannot find one so I am posting this to try to figure out what I am missing.

I am currently stationed in japan, I have two networks in my house one local and one for VPN. Router 1 is the local network and Router 2 (behind router 1) is the VPN. Router 2 VPN is allways on and connected to VPN but is only used occasionally for wireless clients in the event that a U.S. website blocks access from other countries.

I can remote access all of my computers and devices via port forwarding that are connected to router 1 from my phone and my other devices connected to cellular networks, I will assume that other wifi and wired networks will also work for remoting accessing of my computers (I have no easy way of testing that) i have nothing behind router 2 that I need or want to access.
My problem: I am trying to use router 2's VPN connection to remote access clients on router 1 so I do not have to use my phone to test forwarding other settings and configurations etc. when I use the exact same url and port numbers on the client connected to the VPN router that I put into the phone it does not work it comes back saying it lost connection to the server.

i am not completely sure why this is happening but I believe it has something to do with the VPN and normal network traffic going through router 1 and the VPN information getting lost in the process but I cannot find anything showing how to fix this issue.

 

[jeremyj_83]

When you leave your network via the VPN you don't have the local connection to stuff on router 1. The URLs of everything behind router 1 don't mean anything to the outside world since they are all local URLs. If you know what your public IP address is you could enter that with the port number and if you have NAT setup it should allow a connection from the outside. However, from a security perspective having direct access to things from the outside via NAT isn't good and you would want to have those things in a DMZ instead.

 

[bill001g]

You are correct it should work especially since your main router does not know vpn exists. It gets very messy when the vpn router is also the router you are trying to remote access.

Tracert should show the traffic go to to the vpn provider over the tunnel and then come back from the vpn data center.

I can't see how your main router could do this. It really isn't much different than opening a web session with one of the port scanner sites and then asking that site to send scan packets.

 

[navalweaponsofficer]

When you leave your network via the VPN you don't have the local connection to stuff on router 1. The URLs of everything behind router 1 don't mean anything to the outside world since they are all local URLs. If you know what your public IP address is you could enter that with the port number and if you have NAT setup it should allow a connection from the outside. However, from a security perspective having direct access to things from the outside via NAT isn't good and you would want to have those things in a DMZ instead.

I thought about putting router 2 in the DMZ but I did not because I did not think it would solve the problem. If I put it in the DMZ will all of my other port forwarding still work on router 1?

 

[navalweaponsofficer]

You are correct it should work especially since your main router does not know vpn exists. It gets very messy when the vpn router is also the router you are trying to remote access.

Tracert should show the traffic go to the vpn provider over the tunnel and then come back from the vpn data center.

I can't see how your main router could do this. It really isn't much different than opening a web session with one of the port scanner sites and then asking that site to send scan packets.

I wish it worked and feel the same way you do about it not working, but i have to be missing something, something somewhere has to not be set incorrectly or I need to add some routing requirement. I am not sure what it is.

ill give tracert a shot.

I tried to get some assistance from the spiceworks forum but they are not a very friendly group of people. One moderator approved my post then another deleted my post stating that the forum will not help assist me in resolving my issue. I would say avoid spiceworks if you can.

 

[navalweaponsofficer]

Update; I turned the VPN on, on my phone connected to my cell internet so it is not touching my land line network in any way. Result; if I am connected to the cell network with VPN on I cannot remote log into to any of my network components. if i turn the VPN off on the phone using cell internet remote access works fine. So it appears that router 1 is blocking traffic that is coming from the VPN.

Thoughts?

 

[navalweaponsofficer]

Contacted VPN provider their system blocks all traffic of this type from transiting back through the VPN. It was not me it was them and it cannot be fixed or changed.