The problem is I have a windows 10 work laptop (don't have admin rights on this) that has a firewall blocking access to local ip ranges as used above. This means I can’t access cloud storage on my local home network when at home. The only workaround I have found around this is to use an external ip address and connect my network storage through the internet. Example:
However, I am not keen on this because it means I have to be connected to the internet for this workaround. This then got me thinking about using something like WRT – but could this be used to assign an unconventional address such as 58.6.9.70? Granted, I accept by doing this, I could be assigning an address which may be publicly used, and would cause me trouble connecting to any company that actually uses that address, however I am not too concerned about that. My main concern is whether it is easy to assign an unconventional address in WRT or whether there is a better / simpler solution – even a router that supports this feature straight out of the box? My current router is very basic (free isp router with no way of running WRT), so I would have to buy a router for WRT. Therefore I need to know if WRT would be able to do this before I start purchasing items. Also if anyone has any recommendations for a router that is fairly simple to setup with WRT, and will allow me to do what I want to do, I would be very grateful.
Seems to me that if your network admins/IT department have blocked RFC1918 addresses, there is probably a good reason for it and it would be wise to consider that they could potentially have disciplinary actions in place for employees who circumvent the various technical measures that are there to protect the corporate computers and network.
I'm not sure why using your external IP address (which you said works) is problematic -- if it works, stick with it.
That said, there is no theoretical reason that OpneWrt couldn't be used for non RFC1918 addresses. However, this may or may not solve your issue -- the machine may simply block any connections on the same subnet, and might be even more restrictive if it has a non-RFC1918 address (indicting under normal circumstances a direct connection to the internet). You could certainly try your idea on an OpenWrt box -- simple enough to test. But as you point out, you could end up with other problems on the internet, so it may not be worth the effort.
Because it means my storage is exposed to the internet, which is a security issue for me. It also means that access to the storage through the internet is a lot slower than using my home LAN (I have a very slow internet connection where I am). If I transfer large files like video, this makes things a lot slower.
Does the laptop block all private ip ranges, or does it use a VPN? In the latter case there is no way to access an internal address, no matter what fancy router you have. In the first case you can assign a public IP to any interface of the router, and use a port forward to the nas.
In OpenWrt make sure dropbear has enabled the option GatewayPorts. Then start an ssh and expose a port as local proxy.
Point the applications to use this port on localhost.
Tom, did you see the answer from Vladislav? He is suggesting, you setup a private IPv6 network, with so called ULAs. This is done by OpenWrt out of the box. Of course, that requires that
all your devices are IPv6 capable and
your IT administrator did not block that IP range as well.
There is a VPN on the system which is labelled WAN Miniport (SSTP). I suspect that most traffic is setup to be forced through this VPN, as if I disconnect the VPN when connected to my home router, I have no internet or local network access on this laptop. But If I disconnect the VPN and go to CMD, I can ping my cloud storage on my local network successfully, as demonstrated here:
ping 192.168.1.6 with 32 bytes of data:
bytes=32 time=7ms TTL=64
bytes=32 time=7ms TTL=64
bytes=32 time=7ms TTL=64
bytes=32 time=7ms TTL=64
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
It's just I can't seem to connect via a browser or any other way. If I try and SSH I get the following:
ssh pi@192.168.1.6
ssh: connect to host 192.168.1.6 port 22: Permission denied
When Using Putty, I also get permission denied.
So it seems port 22 is also blocked by a firewall.
I wonder if the approach suggested by trendy would work? Think I may have to do a bit of reading, as networking is not my strong point. Not sure if WRT could provide a solution?
Welcome to the community Tommydog, I can fully understand why you would not want to expose your storage to the internet.
So what I am wondering is whether IP4 is supported at all in your workplace, when you are next there maybe you could figure out your IP address, subnet mask and gateway.
I have worked in some big organisations that limit laptops to the VPN for their specific workgroup or floor, it may be that if you find the subnet that you can use it at home.
They may not be happy with you using the device on a network outside the workplace and configured their group policy in Win10 to prevent it. Often they provide remote access via their secure ID and then provide internet via work.
If a Laptop is so locked down I am surprised they let you use it at home or maybe they do not want you having any network or internet access. Might be an idea to ask the IT dept what is permitted.
One thing I have done in the past when my home laptop failed was to take a work Laptop and partition the boot drive, creating a second partition of Windows for my own use at home. Not sure your IT dept or company management would approve but as long as you stay off their partition should be ok. Alternatively you can boot from a separate HD plugged into USB port if not disabled.
The thing about OpenWrt is you can configure it to do stuff that was not conceived by manufacturers. You can split the hardware ports up on the switch tab
You can split up the wifi N and AC radios
You can use routes to specify where traffic goes
You can use firewalls to stop or authorise whatever you need.
You might create a 58.6.9.0 network that is totally self contained, only allows access to the MAC address of your laptop but that subnet has no internet access. Then separately create a subnet that can see the internet but has a route for 58.6.9.0 so it does not head out.
You can pickup cheap second hand routers from eBay to mess about with, I think the cheapest I bought was £5 for a TPLink router with gigabit ports. You have to check the versions of any router with the ones shown on respective page on here, just google the model of the router and add OpenWrt to the search.
Routers to experiment will probably have low memory compared to the latest and greatest, take the 1043 below, an 8mb flash and 32mb ram will be less desirable than an 8/64, better still might be the 16/64 but I have a V2.x that worked well.
Cpu can change between the models too, V1 is 400MHZ while V2 is 720 and the rest a little higher.
OpenWrt Factory Firmware: Use this file the first time you flash OpenWrt onto the router as it came from the “factory.” OpenWrt Sysupgrade Firmware: Use this file to upgrade an OpenWrt “system” to a newer OpenWrt version. OEM Stock Firmware: Use this file to restore the router to the “stock” firmware as it shipped from the manufacturer.
For Archer C7 (confirmed for v1.1, v2, v2.1 and V5 (fw1.0.11) installing OpenWrt is confirmed to work by simply uploading the OpenWrt firmware in the stock OEM's firmware-upgrade page.
Please note however that this page will refuse to install firmware uploaded with a long filename. To bypass this limitation, download the relevant factory-flash BIN-file and then rename the file to firmware.bin before uploading.
For older stock firmware version for the Archer C7 V5, installing OpenWrt is only possible through TFTP server, (V18.06.1 confirmed) Make sure to upgrade the stock firmware first if you want to use the manual firmware upload feature which can be easier than setting up a TFTP server.
===============================
Do not assume the highest version number is the best version number to get, for example in the TP Link C7 you can see that V4 is better than V5 both in CPU and tech issues
Archer C7 AC1750 v1, v1.1 ath10k on this device causes a boot loop in 17.03 and newer OpenWrt, removing minipcie card or building image without ath10k should work 3x3
Archer C7 AC1750 v2, v2.1 3x3
Archer C7 AC1750 v3 C7 v3 works with images of C7 v2 3x3
Archer C7 AC1750 v4
Archer C7 AC1750 v5 Some devices can not be directly flashed with 18.06.1, this was fixed in snapshots. Either use TFTP recovery like https://openwrt.org/toh/tp-link/tp-link_archer_c20_v4\
You can't assume all models from a manufacturer will be easy to install, or even work at all. For example the TP-Link D7 is harder work than the C7, some will not work at all because of their wifi chip and driver support.
So starting with a 1043 is pretty low risk, if you are patient you will find one cheap enough, the C7 would also be good if you have a bit more to spend but with any router, search the OpenWrt forum for what people are saying about it (check the date of the post to make sure any issues are still issues)
Once you are sold and you want to invest you have three choices BEFORE getting into the latest and greatest NEW routers:
Netgear R7800 - best for wifi
Linksys AC3200 / AC32X - best for lan port speed
or new routers that are about same price but have interesting hardware. Usually these come from China, may use great CPU and Chipsets but may require more technical install process.
When buying I take the view that I will be able to sell an R7800 or W32X for more than I paid second hand, while selling some Chinese model nobody has heard of may not be so easy. Even if I sell for £5 over what I paid it means I had free use of the product.
Others will share with you their favourite models and solutions, so do not take mine as gospel.
Many thanks for your reply and router suggestions for WRT. Based on what you say, I am tempted to pick up a used Archer C7 to have a play about with. From what you say, it seems the C7 will be relatively straightforward to get working with WRT.
As for the laptop, it does connect via a VPN to establish internet access (this is labelled WAN Miniport (SSTP) on the widows 10 system). If I disconnect from this VPN I can't connect to the internet. When connected through the company VPN at home, I did an ipconfig and got the following:
Not sure if the above could provide a solution in WRT?
When I am disconnected from the VPN I can successfully ping my cloud storage on 192.168.1.6 (with no packets lost), however I can't access the cloud storage in any way. I have tried to SSH to it, but it seems port 22 is blocked. What I thought about doing was buying a router and creating a NAS with WRT. There seems to be a lot of tutorials on creating a NAS with WRT on a router. Could I then setup WRT to enable access to my NAS using port 443? The reason for my thinking is that I guess port 443 is not blocked on the computer due to it being a VPN port. Would this work with WRT?
The tl-wr1043nd really isn't a device to consider in 2021 - and the archer c7 isn't that much better either, it's a proven and solid device, but rather aged by now. mt7621, ipq40xx, ipq806x or mt7622 do provide better performance. mt7621 would even be slightly cheaper, ipq40xx (better wireless than mt7621, also more cores) costs roundabout the same as the older ath79 devices, with ipq806x or mt7622 providing more performance for higher prices.