I am using two routers, one for connecting through VPN, and the other for internal network. My issue is after I connect via VPN, I can't access the internal network in other router. Here's my setup:
DrayTek Vigor 2832n
Used to connect to outside network via ADSL, and also used to connect to my network via VPN.
Firmware: 3.9.1 (latest)
Router IP (LAN1): 192.168.0.1
Subnet (LAN1): 255.255.255.0/24
Bind IP (LAN1): 192.168.0.5 (for the other internal router)
DHCP (LAN1): enabled starting at 192.168.0.2
Static route (LAN1): no rules
VPN IP (LAN1): static at 192.168.0.4
TPLink WR740N
Takes an ethernet connection from DrayTek router, where it is input in the WAN port.
Firmware: dd-wrt v24-sp2 (latest)
WAN IP: 192.168.0.5
Router IP: 192.168.1.1
Subnet: 255.255.255.0
DHCP enabled starting at 192.168.1.100
I have several laptops connected to the TP Link router, where IPs are in the range of 192.168.1.x and through any of then, I can access the router webpages for both TPLink and DrayTek routers.
In addition, I can successfully VPN to my site from outside, where I can open the DrayTek router webpage. However in doing this, I am neither able to open the TPLink webpage, nor open any PC connected at the internal 192.168.1.x network.
Here's the ping status in this scenario:
192.168.0.1 (DrayTek: Success)
192.168.0.5 (TPLink WAN: Success)
192.168.1.1 (TPLink IP: Fail)
192.168.1.100 (PC on TPLink network: Fail)
Here's what trace route shows:
192.168.0.5: 192.168.0.1 to 192.168.0.5
192.168.1.1: 192.168.0.1 to 185.17.235.2xx to 185.17.235.3x (no idea what these IPs are)
I thought its an issue related to the need for a static route in DrayTek router, but when I create one I get "Status: Invalid". Here are my settings:
Destination IP: 192.168.0.5
Subnet Mask: 255.255.255.0/24
Gateway IP: 192.168.0.1
Network Interface: LAN1
Hence, I am not sure what is wrong with these settings.
Also, I originally only had DrayTek router by itself, but weirdly enough, clients kept disconnecting ethernet connections every once and a while, which was causing issues in my network. I never figured out the reason, and since I need VPN access, I put this setup together.
Best Answer
If your vpn puts your outside device in the 192.168.0.x subnet, you’re connected to the Draytek.
I’m not certain what “192.168.0.5 (TPLink WAN: Success)” means. You get the admin page when you browse to this address?
The TPLink’s doing what it’s supposed to do. As far as this router’s concerned, 192.168.0.x is the outside world and it’s to be blocked.
Considering that I've never heard of draytek, my guess is that this router was provided by your isp.
Since the Draytek's not really doing anything, other than to serve as a bridge between your tplink and the internet, the most elegant solution is to bridge it and configure the tplink to communicate directly with your isp, and set the VPN up in the tplink. I've done this for clients (with fios).
Looking at your setup, right now your vpn ends at the Draytek. You can't go past the tplink because it's doing what it's supposed to do (blocking access from the outside). If you set the tplink for remote administration, I'm pretty sure that you'll be able to visit https://192.168.0.5 and see its settings from a remote location (it's advisable NOT to allow this).
Based on my own experience with routers provided by isp's, I wouldn't bother trying to figure out what the Draytek's doing (or not doing).
I'd try things in this order:
Once you get the vpn working the way it should and you know that you have vpn access to your devices, consider bridging the Draytek, or you can use it as a means to provide guest wifi access, which should not have access to anything behind the tplink.
Good luck!
alex
PS: If your isp-provided ip address is dynamic, you might need to set up something that relays your public address to a dynamic dns service (i.e. dyndns.net), but one problem at a time...
PS2: Not all dd-wrt's support vpn (and I'm 99% sure that the flavor they support is OpenVPN). For asus, for example, you have to get an asus-specific variant of dd-wrt, so that's something else you need to check. Otherwise, you'll need to set up something like NetZero (my preferred end-point vpn) or Hamachi on the computers behind your tplink.