OpenVpn on Dedicated Router

Discussion in 'Networking' started by Tony Simmons, May 18, 2019.

Share This Page

  1. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    I'm configuring a second router (Asus brand) behind my modem/router which will be used as a VPN router just for the purpose of remote viewing a Nvr/camera system.

    The second router is connected from LAN port (Modem/router)) to Wan port (Second router) and I've allowed passthrough modes. I've added OpenVpn in server mode on the second router and configured it per instructions found here and elsewhere on the web. I've added the OpenVpn Connect app to my mobile phone and used the generated .opvn file to add the profile.

    I'm getting no connection and a consistent error message "DNS resolve error. Host not found."

    I've run out of ideas and need some guidance for the next step. My ddns knowledge is poor, so any help appreciated...
     
  2. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,727
    Likes Received:
    960
    Location:
    Houston Tx
    Is the first modem/router working as a router or just a modem? If the first modem/router is in passthrough mode is should only be working as a modem.
    If the first modem/router is working as a router, I do not think will work for a openVPN because it is not getting your internet address.

    Who is your internet provider ? What is the make and model number of your modem/router.


    I am not sure how to connect the second router but you will need to forward a port from the forst router.
     
  3. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    The first modem is a Netgear D2200D modem/router through Frontier communications, but i did set pptp, lt2p and ipsec to passthrough mode.

    After you mentioned the internet IP address, i noticed that the first router WAN address is different for the second router WAN address, so you may be onto something.

    Opened a port to forward to the second router, but no luck...
     
  4. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    You need to put the Netgear in bridge mode so as @SouthernYankee stated, it is just a modem.
    Forget about all those protocols as you will be using OpenVPN. ASUS has a great help file you might consider reading.
     
  5. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    I tried the netgear in bridge mode, unfortunately, it discontinues the internet connection.
     
  6. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    Not sure what that means. When you bridge the netgear, the ASUS will become your router. So it will be your dhcp server. If it is configured for a different subnet than your current lan, it may look like you have no internet.
    Have you matched the subnet on the ASUS to the Netgear?
     
  7. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    Frontier's service is PPPOE. Won't I have to enter their credentials and passwords for the DSL onto the ASUS for internet to function?
     
  8. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    No. The Netgear will do that.
     
  9. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    So you may need to do some reading to get a basic understanding of what is going on here and networking.

    The Netgear will be in bridge mode and it will connect to Frontier ISP. Then you will connect one of its lan ports to the wan port of the ASUS. The ASUS will then serve your existing lan (switches etc.)
    If you need to communicate with the Netgear after this change, you will need to connect directly to one of its lan ports as you will no longer see it on your lan.

    You will want to configure the ASUS to look the same subnet wise and give it the IP address of what was the local IP on the Netgear since it will now be the gateway.

    Also read this it may be a similar situation. Frontier Bridge Mode Setup

    Once all that is working you can set up ddns in the ASUS for your OpenVPN.
     
  10. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    Sorry for the delay, I'm losing connectivity as I toggle in and out of bridge mode to test.

    You are correct, I do show an internet connection at the asus router network page.

    Both router LAN subnets are 255.255.255.0, but I don't have internet to the computer coming out of the asus router...
     
  11. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    That is the subnet mask. You really need to get a basic understanding to undertake this.

    I think your default on the netgear makes your subnet 254 or 192.168.254.xxx and the ASUS is probably .1 or 192.168.1.xxx.

    Do an ipconfig command on your pc and post here.
     
  12. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    Yes, Default for the Frontier Netgears is 192.168.254.

    ASUS
    Ivp4- 192.168.1.228
    Subnet- 255.255.255.0
    Default Gateway- 1.168.1.2
    NETGEAR
    IVP4- 192.168.254.17
    Subnet- 255.255.255.0
    Default Gateway- 192.168.254.254
     
  13. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    OK. Therein lies the rub.

    Config the ASUS to be on the 254 or change all your statics for .1

    Then it should work.
     
  14. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    Understood...

    I assume that I need two separate IP address to distinguish netgear from asus,
    such as 192.168.254.254 and 192.168 254.255, or does it matter?
     
  15. bp2008

    bp2008 Staff Member

    Joined:
    Mar 10, 2014
    Messages:
    8,562
    Likes Received:
    5,570
    Don't try to assign 192.168.254.255. That would be the subnet's broadcast address, assuming you used a subnet mask of 255.255.255.0.
     
    NoloC likes this.
  16. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    Other than what @bp2008 said, no since the Netgear won't be on the same lan. You are basically substituting the ASUS for the Netgear.

    but .0 and .255 are off limits as they have other jobs.
     
  17. Tony Simmons

    Tony Simmons Young grasshopper

    Joined:
    Jan 28, 2017
    Messages:
    83
    Likes Received:
    1
    Got it. Thanks so much for everyone's help!
     
    SouthernYankee likes this.
  18. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    679
    Likes Received:
    406
    That is great!

    And of course you are welcome.
     
    dmiller and SouthernYankee like this.