What's new

Using a 2nd router for VPN traffic?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

alexnet

New Around Here
Hi, I'm really new to the home networking and appreciate any help with my network configuration. This is what I'm trying to achieve:

VPN Network.JPG

I installed Asuswrt-Merlin on my Router2 (ASUS RT-AC56U) and configured OpenVPN client with my PIA VPN account. Everything seems to be working fine. The only concern I have is I can ping devices on Network1 from Network2. I can even access shared folders on Computer1 from Computer2 and access Router's1 Admin Page from Computer2. My understanding is that my 2 network should be segregated.
Am I doing something wrong?
 
Hi, I'm really new to the home networking and appreciate any help with my network configuration. This is what I'm trying to achieve:

View attachment 3978
I installed Asuswrt-Merlin on my Router2 (ASUS RT-AC56U) and configured OpenVPN client with my PIA VPN account. Everything seems to be working fine. The only concern I have is I can ping devices on Network1 from Network2. I can even access shared folders on Computer1 from Computer2 and access Router's1 Admin Page from Computer2. My understanding is that my 2 network should be segregated.
Am I doing something wrong?
I have the same setup and can do the same stuff, e.g. access router 1. I assume the network is smart enough to figure you are typing internal IPs (192.168.x.x) for PC 1 and thus treats it as local traffic and not WAN traffic that goes through the VPN. You should not be able to get to PC 2 from PC 1.

Also, note that with the latest firmware versions for Merlin and Tomato etc. there is policy based VPN routing, where you can decide which local LAN IP go through the VPN and which one not. That eliminates the need for the second router. I have not eliminated it yet but that will happen soon after some testing.
 
Thanks for your reply kamaaina. Looks like nothing to worry about. The reason I ask is I saw a lot of people on the forum complaining that they cannot access their media libraries on Network1 from Network2 because of segregated networks but I for some reason can.
 
Thanks for your reply kamaaina. Looks like nothing to worry about. The reason I ask is I saw a lot of people on the forum complaining that they cannot access their media libraries on Network1 from Network2 because of segregated networks but I for some reason can.
I think this might have to do with the IP address setup. I tried a few times to make this all work with a third router and sunbathing and it was a pain, never got to work. If network 1 and network 2 are completely unrelated I think they might be separated. If the IP address in network 2 are "complementary" (for lack of the proper terminology) then it works.
 
Could you share the settings (minus user name/password) that you are using for the RT-AC56U? I am trying to troubleshoot my router's configs using PIA.
 
Somewhere along the way your routers automatically created a routing table entry. Normally two subnets can't see each other. This is how networks remain private, unless VLANs get involved. Then you can create privacy on the same subnet. Speaking geek, your subnet mask may be off on both routers and, technically, they're both on the same subnet ... unlikely but possible. The only other explanation is the IP addresses you mentioned are a little off somewhere.

It's been a while since I subnetted, but if both subnet masks aren't 255.255.255.0, then that's your problem.

PS: since you are new to networking, you have done what's called double nat. It's generally considered to be a bad idea. Others here can explain why. Since you got it to work, you have two routers doing the work of one, which is a waste of resources.
 
Last edited:
I am a newbie at this myself so forgive me for asking dumb questions.

The two routers have different LAN IP's but they have the same WAN IP (at least according to the diagram). Why shouldn't the computers be able to access each other if they have a NAT which includes the IP's of all devices?

I was not clear whether the original objective was met, or not, alexnet. It seems reasonable to me to have a dedicated router for VPN traffic so that other internal traffic does not have to be encrypted and hence the load on the router CPU is reduced. Similarly, if you have "confidential" and "non-confidential" internet traffic, the router CPU load is decreased if it doesn't have to encrypt/decrypt the "non-confidential" traffic. Yes, I know that is bad policy from a security standpoint but, it does make sense from a network speed standpoint. So, did this setup work for that?
 
Hi Just Checking, yes the original objective was met. The second router was setup for "confidential" VPN traffic. And it doesn't affect the network speed for "non-confidential" internet traffic through the first router.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top