ROUTER (ASUS RT-AC87R) BEHIND ROUTER (PACE 5168N)
1. Reset your first Router (ISP Router – PACE) and leave it the way it is. Only make changes that you think are necessary. Connect the first router (ISP router) from its
Ethernet port to the
WAN port of the second router (VPN router).
2. The table arrangement attached to this post, as a formula, can work with any router behind router setup. You can also use any private IP address range for either router, provided the address range allocated to one router
does not overlap with that of the other router. Refer to your user manual on where to enter all the necessary information given.
3. In a Router behind Router setup, both Routers in their default setup are always using the same blocks of private Network IP Addresses (like
192.168.xxx.xxx). So you should use different private address blocks in the DHCP Server in each Router. The two routers
must pull from different IP pools in Router behind Router (like
192.168.xxx.xxx for one router &
10.0.xx.xx for the other router).
I’m posting these to the attention of those like me who need the same help, Yorgi and whoever wants to make contribution to clear up any point. If all works for you, give thanks to Yorgi who is the brain behind my success.
LAN SETTINGS
PACE: Settings – LAN – DHCP – DHCP Network Range
Except you know what you are doing, leave all in their defaults as given in the table. Old routers are more difficult to setup compared to new one.
ASUS: Advanced Settings – LAN – LAN IP or DHCP Server – Basic Config
You may use the same settings given on the table below or allocate your own addresses within the accepted range specified by your router.
Refer to the table below or the attached table named: "
Router behind Router IP Address Plan & Setup"
WAN SETTINGS
PACE:
Leave all on their Default Settings, except for the WAN DNS Server which you can enter your Service Provider DNS for Geo-unblocking.
ASUS:
WAN IP Address: Use any IP address from the ISP Router’s range (PACE) that is not yet assigned. Example, 192.168.100.120 (Advanced Settings – WAN – Internet Connection – WAN IP Setting – IP Address).
WAN Gateway: Use the IP (Gateway) address of the ISP Router (PACE), 192.168.100.254
The first Router (PACE) is your gateway to the internet, so its IP address
must be placed as the gateway of the second Router (ASUS).
WAN Connection Type: Choose “Static IP”. The second router for VPN needs to have a Static IP Address and pingable. Consequently, “Lease Time Expiry” is no longer applicable. (Advanced Settings – WAN – Internet Connection – Basic Config – WAN Connection Type).
WAN Subnet Mask: Use the LAN Subnet Mask of the ISP Router (PACE), 255.255.255.0
(Advanced Settings – WAN – Internet Connection – WAN IP Setting – Subnet Mask).
WAN DNS Server: Use either the LAN IP Address of PACE or the DNS of your VPN provider.
(Advanced Settings – WAN – Internet Connection – WAN DNS Setting – DNS Servers).
===============================================================
ADVICE: You cannot enable the DHCP Server on both routers because both routers may attempt to assign addresses (may cause disconnections). Disable DHCP Server on either the first or the second router.
(PACE: Settings – LAN – DHCP – DHCP Server Enabled)
(ASUS: Advanced Settings – LAN – DHCP Server – Basic Config – Enable the DHCP Server (Yes/No)).
Contrary to the above advice, I have DHCP Servers on both routers enabled, and the 2 routers have been working without any problem, why?
If I connect a device (e.g. Roku box) to the first router (PACE), it is assigned an IP address only within the specified LAN IP Range given on the table. If the Roku box is removed and connected to the second router for VPN (ASUS), it will now have a different IP address specified by the LAN IP Range of ASUS as given on the table. I am thinking that since a device can only be connected to one router at a time, 2 routers cannot assign addresses to that device (Roku) and moreover, the IP Range of the two routers are far from overlapping with each other. Is that correct or not?
Testing my two routers on IPleaks.net, pages 1 and 2 give results of connecting my ISP router (PACE) with no VPN configuration. Pages 3 and 4 give results of a connection with my ASUS router having VPN setup and my location detected as California.
