[SOLVED] Connecting to VPN router to local print

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Viewmax
DD-WRT Novice


Joined: 05 Jul 2021
Posts: 17

PostPosted: Thu Jul 22, 2021 14:47    Post subject: [SOLVED] Connecting to VPN router to local print Reply with quote
Hello,

my question seems trivial, but I didn't find a solution (probably used wrong search phrases).

My Internet router has 192.168.1.x local network. All printers connected to it.
My VPN router got 192.168.10.x (WAN port connected to Internet router).

When I'm connecting to VPN router, I can't print anything. It seems like I need to add Firewall rules or Commands to connect both local networks.

Could you advice what should be added to VPN router to have an access to local network 192.168.1.x?

Thank you.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Jul 22, 2021 16:58    Post subject: Reply with quote
It is always helpful if you state router model and build number.

To get the best out of DDWRT and the forum read the forum guidelines with helpful pointers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

If you have not already read the forum guidelines, please do Smile

If the downstream router is setup as normal gateway you should be able to reach the upstream router/clients.
Try to connect to the routers webpage at http://192.168.1.1 from one of the connected clients from the downstream router.

If that is not working you have a setup problem.

If it works you should be able to connect to your printer also BUT only by IP address there is no network discovery between subnets.

If you want to have network discovery then consider setting the downstream router up as a WAP (warning using a VPN client can be complicated depending on your needs)
For WAP: https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point

If you want to keep this setup and want access from upstream to downstream (that is something which is not working out of the box) then report back for instructions

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Viewmax
DD-WRT Novice


Joined: 05 Jul 2021
Posts: 17

PostPosted: Thu Jul 22, 2021 21:02    Post subject: Reply with quote
egc wrote:
It is always helpful if you state router model and build number.

Main Internet router (downstream router?) is Netgear R7000 and it has 192.168.1.x network. But I'm just testing with it. DD-WRT router will be send to another office and internet router there may vary, but network address will remain the same. So I hope that it will be possible to find a solution by adjusting DD-WRT Router only.

DD-WRT Router is Linksys 3200ACM with latest firmware v3.0-r46816 std (05/30/21).


egc wrote:

If the downstream router is setup as normal gateway you should be able to reach the upstream router/clients.
Try to connect to the routers webpage at http://192.168.1.1 from one of the connected clients from the downstream router.

If that is not working you have a setup problem.

When I'm connecting to DD-WRT router and getting address 192.168.10.x, I'm able to open 192.168.1.1 (Netgear) and ping is OK:

Code:
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=2ms TTL=63
Reply from 192.168.1.1: bytes=32 time=2ms TTL=63
Reply from 192.168.1.1: bytes=32 time=2ms TTL=63


But when I'm trying to ping printer, the delay is pretty big:

Code:
Pinging 192.168.1.5 with 32 bytes of data:
Reply from 192.168.1.5: bytes=32 time=104ms TTL=254
Reply from 192.168.1.5: bytes=32 time=327ms TTL=254
Reply from 192.168.1.5: bytes=32 time=123ms TTL=254
Reply from 192.168.1.5: bytes=32 time=333ms TTL=254


Probably due to that, I'm not able to print anything while connected to DD-WRT router. There is no issues when connected to Netgear router ofc.


egc wrote:

If you want to have network discovery then consider setting the downstream router up as a WAP (warning using a VPN client can be complicated depending on your needs)

DD-WRT router will be used as OpenVPN client, so WAP is not optimal option for me as I understood.

egc wrote:

If you want to keep this setup and want access from upstream to downstream (that is something which is not working out of the box) then report back for instructions

Please provide instruction what can I do in this situation. Thank you.
Viewmax
DD-WRT Novice


Joined: 05 Jul 2021
Posts: 17

PostPosted: Thu Jul 22, 2021 21:13    Post subject: Reply with quote
Seems I figured out about quote related to IP thing. After adding printer manually by IP address in Windows - it's printing.

But one more question. When DD-WRT router connects to VPN, I can't ping and print to 192.168.1.x. Is there any solution for that?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jul 23, 2021 11:24    Post subject: Reply with quote
Viewmax wrote:
Seems I figured out about quote related to IP thing. After adding printer manually by IP address in Windows - it's printing.

But one more question. When DD-WRT router connects to VPN, I can't ping and print to 192.168.1.x. Is there any solution for that?


You actually should be able to reach the upstream router/subnet even on VPN because DDWRT adds (should add) a local route for the upstream network.
If it does not work show the output of (CLI e.g. telnet/putty): ip route show

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Viewmax
DD-WRT Novice


Joined: 05 Jul 2021
Posts: 17

PostPosted: Fri Jul 23, 2021 14:19    Post subject: Reply with quote
egc wrote:
Viewmax wrote:
Seems I figured out about quote related to IP thing. After adding printer manually by IP address in Windows - it's printing.

But one more question. When DD-WRT router connects to VPN, I can't ping and print to 192.168.1.x. Is there any solution for that?


You actually should be able to reach the upstream router/subnet even on VPN because DDWRT adds (should add) a local route for the upstream network.
If it does not work show the output of (CLI e.g. telnet/putty): ip route show

Sorry for totally lame questions Sad

As I understood, I need to connect to DD-WRT router via Putty. I never did it before. So I installed Putty, enabled Telnet management with 23 port in the router. But when I'm trying connect to it via putty (telnet), I'm always getting "login password incorrect", but password is correct 100%. Tried many times.

Please assist. Thank you.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jul 23, 2021 14:20    Post subject: Reply with quote
Username is always: root
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Viewmax
DD-WRT Novice


Joined: 05 Jul 2021
Posts: 17

PostPosted: Fri Jul 23, 2021 16:10    Post subject: Reply with quote
egc wrote:
Username is always: root

Thank you. This what I got:

Code:
root@DD-WRT:~# ip route show
0.0.0.0/1 via 10.11.5.1 dev tun1
default via 192.168.1.1 dev eth0
10.0.0.243 via 10.11.5.1 dev tun1
10.11.5.0/24 dev tun1 scope link  src 10.11.5.91
89.163.151.76 via 192.168.1.1 dev eth0
127.0.0.0/8 dev lo scope link
128.0.0.0/1 via 10.11.5.1 dev tun1
192.168.1.0/24 dev eth0 scope link  src 192.168.1.19
192.168.10.0/24 dev br0 scope link  src 192.168.10.1
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jul 23, 2021 16:48    Post subject: Reply with quote
You have a local route to your 192.168.1.0/24 subnet:
192.168.1.0/24 dev eth0 scope link src 192.168.1.19

So must be able to reach anything by its IP address on that subnet unless you have set a killswitch on the VPN?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Viewmax
DD-WRT Novice


Joined: 05 Jul 2021
Posts: 17

PostPosted: Fri Jul 23, 2021 17:27    Post subject: Reply with quote
egc wrote:
You have a local route to your 192.168.1.0/24 subnet:
192.168.1.0/24 dev eth0 scope link src 192.168.1.19

So must be able to reach anything by its IP address on that subnet unless you have set a killswitch on the VPN?

Bingo! Problem with activated killswitch. Once unticked, I can connect to other network despite to active VPN connection, but when kill switch ticked, then there is no connection printers, etc..

So can I have both option (killswitch and access to printers) or I have to select?

Thank you.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 24, 2021 5:33    Post subject: Reply with quote
Sure try the follwoing:
Code:
iptables -I FORWARD -o $(get_wanface) ! -d 192.168.1.0/24 -j REJECT


Try it from the CLI (telnet/putty)

If it works then place in Administration/Commands and Save as Firewall

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Viewmax
DD-WRT Novice


Joined: 05 Jul 2021
Posts: 17

PostPosted: Sat Jul 24, 2021 14:47    Post subject: Reply with quote
egc wrote:
Sure try the follwoing:
Code:
iptables -I FORWARD -o $(get_wanface) ! -d 192.168.1.0/24 -j REJECT


Try it from the CLI (telnet/putty)

If it works then place in Administration/Commands and Save as Firewall

Seems it's working perfectly! I wrote this command to firewall and un-ticked Keepalive on openvpn page. So far, so good.

I have a problem with connection watchdog, but we have another thread for that.

One more time huge thanks!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum