What's new

Asus AC68U VPN configuration for allowing the same local network IP range

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MerlinUser84792

Occasional Visitor
Hi there,
I am trying to setup & configure my home VPN network in the way that I could connect to it with the same IP range as I have with another LAN (192.168.1.X). Currently the IP range for VPN is 10.8.0.X. If I understand it correctly changing the IP range in the advanced settings in the VPN server setup of the router won't work properly, I will just get an error message on the VPN client.
I'd be happy for any help, many thanks!
 
What is the VPN client device? Are you just trying to connect a single device to your home network or create a LAN to LAN connection?
 
VPN client device is a Macbook with Tunnelblick. I need the home VPN primarily for remote desktop to my main Windows PC through Microsoft Remote Desktop and NoMachine (both deliver excellent quality of work remotely, but only through LAN). So both - Macbook and Windows PC need to be logically in the same LAN network (in my case 192.168.1.X).
 
It's not possible to route between two networks that have the same IP address range. However this is not normally a problem.

Your VPN client will connect to your home network using its public IP. It will then be given a private IP address (i.e. 10.8.0.2). At this point all traffic is routed through this connection. If you enter a 192.168.1.x address there is no conflict because access to your local network has been blocked (unless you're using split tunneling*).

One thing to be aware of with Windows PC's is that its firewall will block incoming connections (like RDP) that aren't from the local subnet. So you need to create a Windows Firewall rule that allows RDP from the VPN (10.8.0.x).

*EDIT: Actually I'm not sure what the default is. If split tunnelling is enabled turn it off.
 
Last edited:
UPDATE: I have to correct my earlier statement. :oops:

Checking the Windows Firewall rule I see that it does allow remote connections from any remote address (assuming the PC's profile is Private). I was getting confused with ICMP Pings which are restricted to the local subnet.
 
Last edited:
Hmm, sorry, but I don't really understand how it should work then. If I am connected to 10.8.0.X network, I can't see/reach any of my home devices in the 192.168.1.X network at all. Pinging 192.168.1.1 results in pinging my other router (I am in a completely different physical place currently, where the router also has the same network IP range as at home). So how is this supposed to work then?...Thank you!
 
Pinging 192.168.1.1 results in pinging my other router (I am in a completely different physical place currently, where the router also has the same network IP range as at home).
What is the "other router"? Is it the one on the client's local network or your Asus router at home?
 
I'm not a Mac user so things might work differently there. Also, what firmware version are you running? I know that the stock firmware doesn't have as many options compared to Merlin's.

I don't have a setup here that can replicate your environment, but I'd guess that the main options to check on your VPN server are "Push LAN to clients = Yes" and probably "Direct clients to redirect Internet traffic = Yes".

How are you checking connectivity to the remote devices? Like I said in post #5 ICMP pings won't work with Windows targets but RDP to an IP address should.
 
Hi there,
I am trying to setup & configure my home VPN network in the way that I could connect to it with the same IP range as I have with another LAN (192.168.1.X). Currently the IP range for VPN is 10.8.0.X. If I understand it correctly changing the IP range in the advanced settings in the VPN server setup of the router won't work properly, I will just get an error message on the VPN client.
I'd be happy for any help, many thanks!

zjQKx55.jpg


This can be accomplished via TAP shown in the OpenVPN server settings exampled above as operating using my AC-86U OpenVPN gateway server...
Incoming connected clients are assigned specified pool 192.168.1.200-220 with max being 8 simultaneous due to custom config...
 
This can be accomplished via TAP shown in the OpenVPN server settings exampled above as operating using my AC-86U OpenVPN gateway server..
I suggest you don't do this if you can possibly avoid it. You haven't gone into any detail about where you are situated, but it sounds like you are in an office environment. The problem with TAP is that it creates an Ethernet bridge between your local network and the remote one. This assumes complete trust in the remote network (which the local administrators probably don't have) and can also disrupt traffic on the local network if not properly setup.

The same problems can of course occur with TUN connections but are less likely because of the separation of subnets.
 
@somms
zjQKx55.jpg


This can be accomplished via TAP shown in the OpenVPN server settings exampled above as operating using my AC-86U OpenVPN gateway server...
Incoming connected clients are assigned specified pool 192.168.1.200-220 with max being 8 simultaneous due to custom config...

HUGE THANKS!!! It looks like exactly what I need!!! :)
Some questions on the setup:
- why only 8 clients?
- is there any reason why you set "Compression" to "None"? I thought it's always a better choice to use it.

Again - many many thanks!
 
Different strokes for diff folks I suppose but exclusively using TAP for over an entire decade w/o issue in order to connect remote client routers...YMMV!:D
It's not that it doesn't work, it does. In many ways it's the easy solution. And it's perfect for LAN to LAN setups (i.e. router to router), like remote office to main office, where both ends are completely trusted networks. So it's more a question of what kind of VPN connection is allowed in the OP's local environment and does it compromise security. At one of the places I used to work setting up a personal VPN connection was grounds for immediate dismissal (irrespective of whether it was TUN or TAP).
 
Got a pair of WRT160N's flashed with DD-WRT V24 that work great and support OpenVPN

Different strokes for diff folks I suppose but exclusively using TAP for over an entire decade w/o issue in order to connect remote client routers...YMMV!:D

So I did now exactly the same setup as on your screenshot, the connection works, I got the 192.168.1.200 IP (being at the same time in another LAN with the 192.168.1.2 IP), BUT I still can't see/ping/connect to any of my devices at home =(((. What could be the problem here?.. Thanks again!
EDIT: I am on a very slow Internet connection right now, could it be the actual problem? The VPN connection also drops quite often.
 
@somms
Could you advise please what could be wrong with the setup? Why can't I see/ping/connect to the other devices in my home LAN in the same IP range as my current remote LAN? Many thanks!
 
Is there a solution for this problem without using TAP?

I can connect without issues to OpenVPN Server (AX86U on Merlin Firmware) and I can access Internet without issues.
What I cannot do is access LAN devices on IP's like 192.168.1.130.

VPN server is set to use default setup 10.8.0.0 / 255.255.255.0
Is there a way to set LAN / Route / Statis routes so I can access ALL LAN devices or at least some of them?
 
@Mikeyy What types of devices and services are you trying to access? What exactly are you doing and what is the response?
 
Using my Android mobile phone on mobile network with AirVPN Edie OpenVPN app to connect to my router hosted VPN Server.

Router AX86U
Firmware: Asus Merlin 386.2_6
OpenVPN Server settings:
TUN
UDP
Port 1194
10.8.0.0 / 255.255.255.0
Advertise DNS to clients - YES

So, everything is on DEFAULT except "Advertise DNS to clients".

I'm trying to load my IP camera interface in Firefox for Android on my mobile phone. IP camera has static IP which is set to 192.168.1.130.

While I was writing text above, I remebered that I've blocked camera from accessing Internet in Asus WRT GUI.
So I tried to access different device which didn't have it's Internet access blocked and it worked. :)

I should then refrase my question.
Is there a way to access Internet blocked devices via VPN Server setup as above?

EDIT: I should of known @Martineau already solved this here: https://www.snbforums.com/threads/h...outbound-connections.38086/page-2#post-314785
Used that script, world is bright and shiny once again. :)
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top