Using Asus Router behind Provider Router

[L&LD]

If you have access to the Unifi hardware, put the RT-AX86U in router mode and forward any ports needed for your VPN needs from the Unifi. In this situation, you would connect the Unifi LAN port to the Asus' WAN port.

 

[abir1909]

If you have access to the Unifi hardware, put the RT-AX86U in router mode and forward any ports needed for your VPN needs from the Unifi. In this situation, you would connect the Unifi LAN port to the Asus' WAN port.

I did. I also set static route on UniFi but I still can’t see other devices while connecting to ASUS WiFi.
let’s forget about the vpn for a min, I tuned that off, how can I make them see each other? Talk to each other?
My settings:
UniFi 192.168.50.X dhcp enabled
ASUS 192.168.1.X dhcp enabled

UniFi Lan connected to ASUS WAN. ASUS got an IP from UniFi dhcp range.
what am I missing?

 

[drinkingbird]

I did. I also set static route on UniFi but I still can’t see other devices while connecting to ASUS WiFi.
let’s forget about the vpn for a min, I tuned that off, how can I make them see each other? Talk to each other?
My settings:
UniFi 192.168.50.X dhcp enabled
ASUS 192.168.1.X dhcp enabled

UniFi Lan connected to ASUS WAN. ASUS got an IP from UniFi dhcp range.
what am I missing?

You have a static route on the Unifi for 192.168.1.0/24 via 192.168.50.[Asus WAN IP]?

Have you disabled the firewall on the Asus?

Or are you saying 2 wireless devices on the Asus can't see each other? If that is the case that's nothing to do with the Unifi, that would be AP Isolated or you're using guest wireless and have "access intranet" disabled....

 

[abir1909]

You have a static route on the Unifi for 192.168.1.0/24 via 192.168.50.[Asus WAN IP]?

Have you disabled the firewall on the Asus?

Or are you saying 2 wireless devices on the Asus can't see each other? If that is the case that's nothing to do with the Unifi, that would be AP Isolated or you're using guest wireless and have "access intranet" disabled....

Ok. So I think I got most of it done. For your first 2 questions the answer is Yes.
i logged into the ASUS router and ping other devices connected to UniFi router and it pings. However, when I connect my internet iPhone to my ASUS router via WiFi and try to airplay to Apple TV which connected to UniFi router, I don’t see the Apple TV or other streaming devices for that matter.
Does it make sense?

 

[drinkingbird]

Ok. So I think I got most of it done. For your first 2 questions the answer is Yes.
i logged into the ASUS router and ping other devices connected to UniFi router and it pings. However, when I connect my internet iPhone to my ASUS router via WiFi and try to airplay to Apple TV which connected to UniFi router, I don’t see the Apple TV or other streaming devices for that matter.
Does it make sense?

Your phone and apple TV need to communicate using MDNS which will not traverse a router without some sort of IGMP proxy setup (it would work if it was in AP mode, but since you're in router mode it won't, at least not without hacking some stuff via SSH). They have to be on the same network to work properly, that's a limitation of the technology apple and many others use for "discovery". There may be a way around it but I'm not a big Apple user so not familiar with that part.

 

[abir1909]

Your phone and apple TV need to communicate using MDNS which will not traverse a router without some sort of IGMP proxy setup (it would work if it was in AP mode, but since you're in router mode it won't, at least not without hacking some stuff via SSH). They have to be on the same network to work properly, that's a limitation of the technology apple and many others use for "discovery". There may be a way around it but I'm not a big Apple user so not familiar with that part.

thank you. if anyone knows of a way around it I would love to know.

 

[abir1909]

So I managed to open the ports for OpenVPN on my UniFi and vpn client works for devices connected to the ASUS.
My question, since ASUS has VPN director, can I point specific devices connected to Unifi router to go through the VPN also? Or it has to be connected only to the ASUS router? Thx

 

[abir1909]

If you have access to the Unifi hardware, put the RT-AX86U in router mode and forward any ports needed for your VPN needs from the Unifi. In this situation, you would connect the Unifi LAN port to the Asus' WAN port.

I did and it’s working fine. However, I have a usb drive connected to the ASUS router. How do I make that drive visible by devices connected to the Unifi router? Thx

 

[drinkingbird]

I did and it’s working fine. However, I have a usb drive connected to the ASUS router. How do I make that drive visible by devices connected to the Unifi router? Thx

Same way you would open them to the internet if your router was connected directly to it. The drive will be accessible by Unifi clients via the Asus WAN IP (192.168.50.x) once you enable it. LAN clients behind the Asus will need to point to 192.168.1.1

 

[abir1909]

Same way you would open them to the internet if your router was connected directly to it. The drive will be accessible by Unifi clients via the Asus WAN IP (192.168.50.x) once you enable it. LAN clients behind the Asus will need to point to 192.168.1.1

Same way you would open them to the internet if your router was connected directly to it. The drive will be accessible by Unifi clients via the Asus WAN IP (192.168.50.x) once you enable it. LAN clients behind the Asus will need to point to 192.168.1.1

That worked, thank you.
Now, I have vpn client on the ASUS trying to put devices from Unifi on that VPN but no success. Only the devices on ASUS goes on the VPN. What am I missing? Thx

 

[drinkingbird]

That worked, thank you.
Now, I have vpn client on the ASUS trying to put devices from Unifi on that VPN but no success. Only the devices on ASUS goes on the VPN. What am I missing? Thx

As far as that VPN is concerned, those devices are on the internet. So you'll need to enable rules/features to let VPN clients access the internet for at least that subnet.

You're going about this in a very roundabout way so you're going to run into lots of these hiccups. If the Unifi supports a VPN client (not sure which device you're using) just use that and put the Asus in AP mode.

 

[drinkingbird]

That worked, thank you.
Now, I have vpn client on the ASUS trying to put devices from Unifi on that VPN but no success. Only the devices on ASUS goes on the VPN. What am I missing? Thx

Not really sure if this will work, but one thing you could try is not using the WAN port on the Asus. Plug a LAN port into your Unifi, set the Asus LAN to something like 192.168.50.2, and disable DHCP on it. See if wireless clients can get DHCP from the Unifi - they are in the same bridge as the LAN ports so they may be able to. If so, you're essentially using the Asus as an Access point, everything is on the same LAN, and you should be able to maintain most of the features. Now as far as how the VPN client will work with that, not sure, if you add a static route on the Asus for 0.0.0.0/0 via 192.168.50.1 in theory it should route via the Unifi LAN to build its tunnel but not familiar enough with the VPN clients built in, they may be programmed to use the WAN port or something.

 

[abir1909]

Not really sure if this will work, but one thing you could try is not using the WAN port on the Asus. Plug a LAN port into your Unifi, set the Asus LAN to something like 192.168.50.2, and disable DHCP on it. See if wireless clients can get DHCP from the Unifi - they are in the same bridge as the LAN ports so they may be able to. If so, you're essentially using the Asus as an Access point, everything is on the same LAN, and you should be able to maintain most of the features. Now as far as how the VPN client will work with that, not sure, if you add a static route on the Asus for 0.0.0.0/0 via 192.168.50.1 in theory it should route via the Unifi LAN to build its tunnel but not familiar enough with the VPN clients built in, they may be programmed to use the WAN port or something.

Method one doesn’t work.
As for the static route, the only static route I currently have is on the Unifi. See attached.
do I need to add more static routes?

 

[abir1909]

Not really sure if this will work, but one thing you could try is not using the WAN port on the Asus. Plug a LAN port into your Unifi, set the Asus LAN to something like 192.168.50.2, and disable DHCP on it. See if wireless clients can get DHCP from the Unifi - they are in the same bridge as the LAN ports so they may be able to. If so, you're essentially using the Asus as an Access point, everything is on the same LAN, and you should be able to maintain most of the features. Now as far as how the VPN client will work with that, not sure, if you add a static route on the Asus for 0.0.0.0/0 via 192.168.50.1 in theory it should route via the Unifi LAN to build its tunnel but not familiar enough with the VPN clients built in, they may be programmed to use the WAN port or something.

I thought the static route on ASUS only if you have more routers behind it!?

 

[drinkingbird]

Method one doesn’t work.
As for the static route, the only static route I currently have is on the Unifi. See attached.
do I need to add more static routes?

That static route would be put on the Asus if the method of connecting the LAN to the Unifi works (if that doesn't work, no need for the static). The static route would be for your VPN to tell it how to get to the internet.

So if you plug the LAN of the Asus into the LAN of the Unifi, disable DHCP on the asus, and give the Asus a LAN IP of 192.168.50.2/24 (assuming .2 isn't in use, use another if it is), clients connected to the Asus can't get an IP? Wired client definitely should be able to, not positive about wireless. Since they're in the same bridge I'd think they could but there may be firewall rules or other stuff in place that will interefere.

 

[abir1909]

That static route would be put on the Asus if the method of connecting the LAN to the Unifi works (if that doesn't work, no need for the static). The static route would be for your VPN to tell it how to get to the internet.

So if you plug the LAN of the Asus into the LAN of the Unifi, disable DHCP on the asus, and give the Asus a LAN IP of 192.168.50.2/24 (assuming .2 isn't in use, use another if it is), clients connected to the Asus can't get an IP? Wired client definitely should be able to, not positive about wireless. Since they're in the same bridge I'd think they could but there may be firewall rules or other stuff in place that will interefere.

Unfortunately not. I have a red light on the ASUS router with that setup.
I must be missing something, is there a vpn pass through in Unifi pro?

 

[drinkingbird]

Unfortunately not. I have a red light on the ASUS router with that setup.
I must be missing something, is there a vpn pass through in Unifi pro?

You'll have the red light because the WAN isn't connected, that's normal. But can clients get a DHCP IP?

 

[abir1909]

You'll have the red light because the WAN isn't connected, that's normal. But can clients get a DHCP IP?

Most features won’t work because there is no wan. VPN not working.

 

[drinkingbird]

Most features won’t work because there is no wan. VPN not working.

Could probably fake it out and work around it but then you're just creating another mess. Look into whether your Unifi box supports VPN, if so just use the Asus as an access point.