Posted: Thu Jul 22, 2021 14:47 Post subject: [SOLVED] Connecting to VPN router to local print
Hello,
my question seems trivial, but I didn't find a solution (probably used wrong search phrases).
My Internet router has 192.168.1.x local network. All printers connected to it.
My VPN router got 192.168.10.x (WAN port connected to Internet router).
When I'm connecting to VPN router, I can't print anything. It seems like I need to add Firewall rules or Commands to connect both local networks.
Could you advice what should be added to VPN router to have an access to local network 192.168.1.x?
If you have not already read the forum guidelines, please do
If the downstream router is setup as normal gateway you should be able to reach the upstream router/clients.
Try to connect to the routers webpage at http://192.168.1.1 from one of the connected clients from the downstream router.
If that is not working you have a setup problem.
If it works you should be able to connect to your printer also BUT only by IP address there is no network discovery between subnets.
It is always helpful if you state router model and build number.
Main Internet router (downstream router?) is Netgear R7000 and it has 192.168.1.x network. But I'm just testing with it. DD-WRT router will be send to another office and internet router there may vary, but network address will remain the same. So I hope that it will be possible to find a solution by adjusting DD-WRT Router only.
DD-WRT Router is Linksys 3200ACM with latest firmware v3.0-r46816 std (05/30/21).
egc wrote:
If the downstream router is setup as normal gateway you should be able to reach the upstream router/clients.
Try to connect to the routers webpage at http://192.168.1.1 from one of the connected clients from the downstream router.
If that is not working you have a setup problem.
When I'm connecting to DD-WRT router and getting address 192.168.10.x, I'm able to open 192.168.1.1 (Netgear) and ping is OK:
Code:
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=2ms TTL=63
Reply from 192.168.1.1: bytes=32 time=2ms TTL=63
Reply from 192.168.1.1: bytes=32 time=2ms TTL=63
But when I'm trying to ping printer, the delay is pretty big:
Code:
Pinging 192.168.1.5 with 32 bytes of data:
Reply from 192.168.1.5: bytes=32 time=104ms TTL=254
Reply from 192.168.1.5: bytes=32 time=327ms TTL=254
Reply from 192.168.1.5: bytes=32 time=123ms TTL=254
Reply from 192.168.1.5: bytes=32 time=333ms TTL=254
Probably due to that, I'm not able to print anything while connected to DD-WRT router. There is no issues when connected to Netgear router ofc.
egc wrote:
If you want to have network discovery then consider setting the downstream router up as a WAP (warning using a VPN client can be complicated depending on your needs)
DD-WRT router will be used as OpenVPN client, so WAP is not optimal option for me as I understood.
egc wrote:
If you want to keep this setup and want access from upstream to downstream (that is something which is not working out of the box) then report back for instructions
Please provide instruction what can I do in this situation. Thank you.
Seems I figured out about quote related to IP thing. After adding printer manually by IP address in Windows - it's printing.
But one more question. When DD-WRT router connects to VPN, I can't ping and print to 192.168.1.x. Is there any solution for that?
You actually should be able to reach the upstream router/subnet even on VPN because DDWRT adds (should add) a local route for the upstream network.
If it does not work show the output of (CLI e.g. telnet/putty): ip route show
Sorry for totally lame questions
As I understood, I need to connect to DD-WRT router via Putty. I never did it before. So I installed Putty, enabled Telnet management with 23 port in the router. But when I'm trying connect to it via putty (telnet), I'm always getting "login password incorrect", but password is correct 100%. Tried many times.
root@DD-WRT:~# ip route show
0.0.0.0/1 via 10.11.5.1 dev tun1
default via 192.168.1.1 dev eth0
10.0.0.243 via 10.11.5.1 dev tun1
10.11.5.0/24 dev tun1 scope link src 10.11.5.91
89.163.151.76 via 192.168.1.1 dev eth0
127.0.0.0/8 dev lo scope link
128.0.0.0/1 via 10.11.5.1 dev tun1
192.168.1.0/24 dev eth0 scope link src 192.168.1.19
192.168.10.0/24 dev br0 scope link src 192.168.10.1
You have a local route to your 192.168.1.0/24 subnet:
192.168.1.0/24 dev eth0 scope link src 192.168.1.19
So must be able to reach anything by its IP address on that subnet unless you have set a killswitch on the VPN?
Bingo! Problem with activated killswitch. Once unticked, I can connect to other network despite to active VPN connection, but when kill switch ticked, then there is no connection printers, etc..
So can I have both option (killswitch and access to printers) or I have to select?