accessing AP though gateway via VPN

[loady]

I have two RT-N66U routers both running merlin. The main router is set up so I can access it remotely via VPN which works very well. In my loft the wifi does not reach and there is only one Ethernet port in the room so I got the second router setup as an AP and plugged it in and now we have a very good signal up there. I tried to access the AP router remnotley but it wont load up the page, when I access the main routers I can see the AP in the client list but if I click its IP address I get nothing, page not found. Do I need to enable remote access on the AP..i don't think so as by way of VPN its as if I was there or am I missing something. The gateway has an IP of 192.168.11.1 and I set the AP router to 192.168.11.2

 

[martinr]

In the Advanced Settings for the vpn server, do you have Push LAN to clients enabled? And you are entering the IP address of the AP into your browser, and not its hostname?

I have exactly the same setup as you, and I just double-checked that I can do what you are trying to do, and it works.


If you have Push LAN to clients enabled, are the 3 below it enabled: the 2 DNS sertings and direct clients to redirect Internet traffic? I'm not sure those settings, if disabled, would account for your problem, but try them if needed.

 

[loady]

Thanks. I have push lan to clients enabled and have also enabled the next three for good measure. I am trying to access it via its IP address as I would do remotely with the router running VPN but still its not showing...when you tried it did you do it remotely via the VPN ? I'm wondering if I should have made other changes to the AP on site before I left, I literally set it to AP mode and set a static IP, nothing else.

The links below are screen shots and should open up fine, let me know if not. You will notice that 'direct clients to redirect internet traffic' is set to no, I did have it on but was toggling them around and didn't change it back for screen shot.

https://onenote.com/webapp/pages?to...3U96UvY271JJrqAD8-vOpz0&id=636186950562395096

https://onenote.com/webapp/pages?to...PsFicRkej8tqhPchI0Qszu0&id=636186958337393650

 

[martinr]

Thanks. I have push lan to clients enabled and have also enabled the next three for good measure. I am trying to access it via its IP address as I would do remotely with the router running VPN but still its not showing...when you tried it did you do it remotely via the VPN ? I'm wondering if I should have made other changes to the AP on site before I left.

https://onenote.com/webapp/pages?to...3U96UvY271JJrqAD8-vOpz0&id=636186950562395096

https://onenote.com/webapp/pages?to...PsFicRkej8tqhPchI0Qszu0&id=636186958337393650

Yes, I turned off wireless on my iPhone and then turned on 3g.

I can't think of anything you need to do to the AP; once you are connected by VPN remotely, it's as if you are back home.

Do you have any other devices, such as a dvr with a webui on your network that you could similarly try to access (to see if this is limited to the AP or is a bugger problem)?

When you are inside your network back home can you ping your AP?

 

[loady]

I can access everything connected to the gateway router running vpn...I just tried with my ip phone which is connected to the router running vpn and I can access it's webgui remotely... could it be that the router which is set as the ap needs to be told that the vpn router is the default gateway 192.168.11.1 I don't know to much about all these protocols and setting which are available?

 

[martinr]

... could it be that the router which is set as the ap needs to be told that the vpn router is the default gateway 192.168.11.1 I don't know to much about all these protocols and setting which are available?

Well, you could try it and see. Only change one thing at a time, though.

I run DDWRT on my loft AP. I can see that I have the default gateway IP address (my router) listed on the WAN setup page (twice). (Whether it would work without it, I don't know - I could test if necessary.). And local DNS is set as my router on the same page.

Let me know of any other settings you want to compare.

 

[loady]

Hmm. ..which means I need to be on site to do this...I never checked it I just assumed it was all working

 

[martinr]

Do you have SSH enabled on your gateway router? I can also SSH in and port forward to the webui of the loft AP. But unless you're familiar with this sort of thing it's probably.not something you can easily try for the first time, especially away from home.

 

[loady]

yes, its enabled. I have ssh into it before using putty but if its commandline driven I wont have a clue what to type.

 

[martinr]

Having told you I can SSH in, I decided to test it, and at the moment I can't even make an SSH connection to the router via my iPhone, let alone then port forward to the AP.

How long before you return home?

Previously, when you SSH'd in to your router, were you at home or remote? What I'm getting at is can you also SSH in remotely either using a dynamic DNS (DDNS) address, or, using a fixed public IP address, though, like most of us, your IP address probably changes quite frequently. Anyway, if you can SSH in remotely using Putty, go ahead and make a couple of test connections to the router, and I'll have a look at getting the instructions for you for the next step: getting from your router to the webui of your AP. (Of course, it's possible that whatever stopped you accessing it with the vpn might also stop you when you try SSH.)


(It's nothing daft like the AP doesn't respond to ping anyway, and you set the webui page to port 443 or 8080?)

If nothing else, it'll be a valuable refresher in SSH, something I clearly need!

 

[loady]

I just feel I need to reiterate my setup as my terminology may be wrong..

What I call my gateway is what the virgin modems plugged into and I have open VPN running on it...I can access everything on it remotely and from within the network (I do not live at the address where this is as I am separated and the wife and kids live there and I am the admin)..

I was over there the other day and put the second router (Which im calling the AP) in the loft room plugged it in and tested they had wifi up there and Ethernet was working...all I done was gave it an ip address of 1921.68.11.2 (gateway is 192.168.11.1)..I left there and drove back to my current address and logged into gateway remotely..i could see the AP in the client list of the gateway but cant access it.

I was ssh into remotely when I did it earlier, the gateway is working fine...just think I need to change something on the AP ....maybe

 

[martinr]

And can I clarify a couple of things from what you wrote? You have Virgin cable to the house, into which a Virgin modem is plugged, and then you'll have an Asus router 192.168.11.1, the gateway, running Merlin firmware, plugged into that cable modem. Is that correct?

Meanwhile, I hope in a day or so to reinstall Putty and write up how you'd amend the basic SSH connection to allow you to hop from the router to the AP's webui.

(Sorry to hear about your domestic setup: it must be very difficult.)

 

[loady]

And can I clarify a couple of things from what you wrote? You have Virgin cable to the house, into which a Virgin modem is plugged, and then you'll have an Asus router 192.168.11.1, the gateway, running Merlin firmware, plugged into that cable modem. Is that correct?

Meanwhile, I hope in a day or so to reinstall Putty and write up how you'd amend the basic SSH connection to allow you to hop from the router to the AP's webui.

(Sorry to hear about your domestic setup: it must be very difficult.)

Yes..thats correct..the virgin media hub is set to modem mode as I have the router and because its an utter rubbish piece of poop. (virgins hub that is) and the router 192.168.11.1 is running the VPN server.

Thanks for your kind thoughts...its not overly difficult..was all my fault and things could be a whole lot worse..im a lucky man really....you know..routers are great for spying lol..i know whos in and whos out

 

[loady]

going over there today to have a look

 

[martinr]

I discovered why I couldn't connect via SSH. On 3g, after entering the passphrase, I got the error message
"nodemame nor servname provided, or not known"

I went to a local wifi hotspot and connected without a problem. I'd obviously never tried to connect via SSH through 3g before. Another lesson learned.


I have a vague memory of similarly discovering I couldn't access my AP remotely until I changed or added some setting or other. But there's also a vague memory that I kept trying, using different browsers, and on one occasion I managed to get the webui to appear. But you know what memory's like: you can convince yourself of anything.


I hope to get Putty installed later today and the send you the local port forwarding instructions for it, so you might then try accessing the AP through the SSH tunnel.

 

[loady]

seems odd that I need to ssh to AP...if its visible on the client list then I should be able to get to it...I will see if it lets me in from inside the network. By the way..i can ssh into gateway remotely over wifi and 4g

 

[martinr]

Thanks for the info on 4g.

Is yours an iPhone? Do you have the vSSH app?

 

[martinr]

With SSH local port forwarding, you will go from, say, port 1080 on your remote device, through the tunnel to the home router, and from there to port 80 on 192.168.11.2. Then, on the remote device, you'd open your browser and type localhost:1080 into its address bar and it would/should bring up the login page of the AP. (There's nothing special about port 1080, by the way.)

In a terminal, this would look like:
$ ssh -L 1080:192.168.11.2:80

But much easier in Putty, details of which I hope to send later today.

 

[martinr]

In the meantime, I've dug out notes I made which might be enough to help you till I get Putty sorted.

Rather than mess up your current Putty setup, which takes you to your router, see if you can make a copy of that (give it a new name and check it connects), which then can be amended as follows:

Find SSH Tunnels, enter Source Port as 1080.

Enter Destination as:
192.168.11.2:80

Select Local, and press Add

L 1080 192.168.11.2:80 should then appear in the box.

I think you then have to go back to the main page and save the new configuration. Then you go ahead and load it.

It should connect to the home router as normal, and now you open a browser and type

localhost:1080

And if all's ok, the login page of the AP appears. If not, perhaps the same things is preventing it opening as in OpenVPN, or there's an error in Putty.

See how it goes and I'll look at Putty later today.

 

[loady]

Got it sorted. The default gateway on ap was 0.0.0.0 so I change it to the gateway ip and all working now...I can access both routers remotely. I would have used juice ssh app on my phone but no need now...thanks for your help..I'll see as well if I can ssh into as I can set that all up remotely now.