Need some help with Double NAT Issues

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
sephddwrt
DD-WRT Novice


Joined: 27 May 2019
Posts: 23

PostPosted: Fri Jul 19, 2019 21:44    Post subject: Need some help with Double NAT Issues Reply with quote
Hey guys! I have a network which is currently setup like this! https://imgur.com/GYXABrK

However, the problem with that is that I cannot directly access the FritzBox as multiple streams which in turn takes some functionality away from my Fritzbox. For example, Fritzbox is capable of streaming TV to 4 Devices but if I connect from the DDWRT router it only counts it as 1 and so streaming on more than 1 client results in stream corruption and errors.

Is there a way I can overcome this? I tried switching the R8500 to Router mode and setting the Fritzbox as the DHCP but then I couldn't get the VPN VAP to function anymore. Like OpenVPN would be connected and I could get an IP and everything from the router but I'd have no internet access!

Also does anyone know if I can route a specific VLAN to a Virtual Access Point? Because then I can just host the OpenVPN connection on a Virtualized PFsense which is a lot more stable and has a lot more throughput!
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sat Jul 20, 2019 7:20    Post subject: Re: Need some help with Double NAT Issues Reply with quote
sephddwrt wrote:
Also does anyone know if I can route a specific VLAN to a Virtual Access Point?


Create a new bridge br1. Assign the VLAN and the VAP to br1.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 20, 2019 11:56    Post subject: Reply with quote
I would use the PFsense box if possible, alternatively consider setting up the R8500 as a WAP: https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point

If you are using an unbridged VAP on a WAP you need an extra firewall rule:
Code:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sat Jul 20, 2019 12:06    Post subject: Reply with quote
The R8500 is a Broadcom. It has a VLAN tab in the GUI.
If you have further issues with VLAN, plase post in the Broadcom forum.
sephddwrt
DD-WRT Novice


Joined: 27 May 2019
Posts: 23

PostPosted: Sat Jul 20, 2019 13:56    Post subject: Reply with quote
egc wrote:
I would use the PFsense box if possible, alternatively consider setting up the R8500 as a WAP: https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point

If you are using an unbridged VAP on a WAP you need an extra firewall rule:
Code:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)


Thanks for your help Smile

I just did a trial run where I setup a clean formatted DDWRT to WAP as the guide and connected the OpenVPN connection + assigned a DHCP client for the Wlan1.1 (VAP). However, I am unable to get an IP from the router which means I cannot connect to it unless I set Static IP. Even after connecting to the VAP I still have no internet access through it!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 20, 2019 15:29    Post subject: Reply with quote
VAP's on broadcom are problematic here an excerpt of my notes:

After you are done: REBOOT!
Very important after each change you have to reboot otherwise you will not get a DHCP address

From approximately mid 2018 VAP's on Broadcom units are problematic, you cannot connect or do not get an IP address. There are workarounds :
1) When VAP is not working at boot; workaround startup command Administration/Commands, Save as Startup:
sleep 10; stopservice nas; stopservice wlconf; startservice wlconf; startservice nas;
2) Alternative way to get VAP working: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317181
3) An other user reports the following workaround (save as startup):
sleep 4; stopservice cron; stopservice wlconf; wlconf eth1 up; wlconf eth2 up; startservice cron;
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=319412
4)This one is from @Redhawk (guaranteed to work ):
sleep 20; stopservice nas; wlconf eth1 down; wlconf eth2 down; wlconf eth1 up; wlconf eth2 up; startservice nas

Start with number 4 that is the one I currently use, but YMMV

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
sephddwrt
DD-WRT Novice


Joined: 27 May 2019
Posts: 23

PostPosted: Sat Jul 20, 2019 18:06    Post subject: Reply with quote
egc wrote:
VAP's on broadcom are problematic here an excerpt of my notes:

After you are done: REBOOT!
Very important after each change you have to reboot otherwise you will not get a DHCP address

From approximately mid 2018 VAP's on Broadcom units are problematic, you cannot connect or do not get an IP address. There are workarounds :
1) When VAP is not working at boot; workaround startup command Administration/Commands, Save as Startup:
sleep 10; stopservice nas; stopservice wlconf; startservice wlconf; startservice nas;
2) Alternative way to get VAP working: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317181
3) An other user reports the following workaround (save as startup):
sleep 4; stopservice cron; stopservice wlconf; wlconf eth1 up; wlconf eth2 up; startservice cron;
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=319412
4)This one is from @Redhawk (guaranteed to work ):
sleep 20; stopservice nas; wlconf eth1 down; wlconf eth2 down; wlconf eth1 up; wlconf eth2 up; startservice nas

Start with number 4 that is the one I currently use, but YMMV


Thank you! After a lot of restarts and trying the different scripts it seems to be working just fine! However, I was unable to use the PFSense box as I just couldnt get it to work. So i just connected everything to the Fritzbox and using it as a router for now
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sat Jul 20, 2019 19:13    Post subject: Reply with quote
I had the impression that you wanted a tagged VLAN trunk between the R8500 and the pfsense router.

The Netgear R9000 had suited your setup. It has a SFP port and 4 cores to handle the VPN encryption.
sephddwrt
DD-WRT Novice


Joined: 27 May 2019
Posts: 23

PostPosted: Sat Jul 20, 2019 20:42    Post subject: Reply with quote
Per Yngve Berg wrote:
I had the impression that you wanted a tagged VLAN trunk between the R8500 and the pfsense router.

The Netgear R9000 had suited your setup. It has an SFP port and 4 cores to handle the VPN encryption.


The way you recommended I do it is indeed doable! However, I am too noob to do it, unless there's a guide explaining how! Smile

For the amount of money, I can get an R9000, I can get a RB4011 from Mikrotik which would be far superior in terms of routing and applications as it is based on bonafide Enterprise RoutingOS. I love DDWRT and all but you got to admit that it does have quite a few bugs and limitations here and there!
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sun Jul 21, 2019 8:14    Post subject: Reply with quote
https://wiki.dd-wrt.com/wiki/index.php/Detached_Networks_using_VLAN


https://wiki.dd-wrt.com/wiki/index.php/Reconfigure_VLANs_for_802.1q_Compatibility

Why do you create a VAP? The R8500 have two 5 Ghz radios.

Have you enabled MU-MIMO? That will cripple your speed if the clients does not support it. Separate capable clients to one radio and the rest on the other one.

Make a new topic in the Broadcom forum for configuring your wifi correctly.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum