Posted: Fri Aug 23, 2019 21:00 Post subject: Dual Router Port Forwarding Difficulties
First, here is my current setup:
ISP Modem
Has no routing capabilities
Gets non-static IP address from ISP
Router 1 (no VPN)
Router: Linksys EA9200
Firmware: Linksys (DD-WRT not compatible)
WAN port connected via cable to ISP Modem
Local IP: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP enabled, IP range: 192.168.1.100 to 192.168.1.149
NAT,
IPv6: Disabled
Static Routes: None currently set up
Router 2 (VPN)
Router: Linksys WRT3200ACM
Firmware: DD-WRT
WAN port connected via cable to LAN port of Router 1
VPN: NordVPN set up through OpenVPN
VPN Passthrough: Enabled
WAN IP: 192.168.1.148
Local IP: 192.168.2.1
Subnet Mask: 255.255.255.0
DHCP enabled, IP range: 192.168.2.100 to 192.168.2.149
Operating Mode: Gateway
IPv6: Disabled
Static Routes: None currently set up
I can connect to the Internet when connected to either router. I can also connect to devices on Router 1 when I am connected to that router and the same for Router 2, but I cannot connect to devices on Router 1 when I am connected to Router 2 and vice versa. Further, I can connect to devices on Router 1 when I am outside my network but not to devices on Router 2. I've searched for a solution but haven't found anything that has worked. I've also talked to tech support at NordVPN and they inform me that port forwarding isn't supported by their VPN. I figure there has to be a way to get this to work though. What do I need in order to connect to devices on each router when connected to the other? What do I need to connect to the same devices when outside of my network?
Thank you very much in advance! Any help would be greatly appreciated.
I tried that previously and it didn't work . Router mode on the VPN router seems to kill my connection to the Internet when I am connected to that router.
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Sat Aug 24, 2019 7:42 Post subject:
First of all it is good practice to also state your build number, some builds can have problems ( )
You can not do anything on your ISP modem does that mean it is in bridge mode?
In that case the WAN ip of router 1 should have a public IP, is this the case?
In this kind of setup you should be able to reach router 1 (and its clients) from clients on router 2 even if it is using a VPN.
If not then show output of:
Code:
ip route show
iptables -vnL FORWARD
(you did not use a kill switch by any chance?)
You normally will not have access from router 1 to router 2.
That is where the instructions @jxm send you come into play.
A lot of (older) instructions are telling you to use router mode, I am not a big fan of that because it breaks more things then that it solves on modern routers, like you found out.
Luckily router mode is not necessary just leave it in gateway mode, basically set a static route on router 1 and open up the firewall on router 2.
Attached my personal notes how I do it.
The last? problem connecting to router 2 from the internet:
Of course you have to set a port forward on router 1 to router 2 to begin with.
However that is not sufficient.
Have a look at post no 6 from @eibgrad detailing the problem and solutons: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1129398 .
One of the solutions Port forwarding via the VPN is not possible with Nord as you have found out.
The easiest way out is PBR but the DDWRT PBR implementiation has its flaws, see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Thank you, egc! I was using a kill switch and turned it off. After following the instructions, I've managed to get connectivity to the devices between each router. I haven't looked through everything yet to see about getting remote access when I am not in my network, but will let you know.
The kill switch I was using was recommended by my VPN provider:
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Sat Aug 24, 2019 18:23 Post subject:
LogicallySkewed wrote:
Thank you, egc! I was using a kill switch and turned it off. After following the instructions, I've managed to get connectivity to the devices between each router. I haven't looked through everything yet to see about getting remote access when I am not in my network, but will let you know.
The kill switch I was using was recommended by my VPN provider: