Cascated routers, avm 4040 behind VMG1312

Hello,
I am struggling hard with the settings to achieve the following:

  1. avm 4040 (R1) is the router for my LAN & DNS handling
  2. VMG1312 (R2) is the router for providing credentials to connect to internet (has a built-in modem)
  3. R1 is in 192.168.1.0/255.255.255.0, having the IP address 192.168.1.1
  4. R2 is in 192.168.2.0/255.255.255.0, with IP address 192.168.2.1
  5. the WAN port of R1 is on 192.168.2.2 (gateway address)

What I did:

  1. set the interface for the WAN port on R1 (eth1) to static address: 192.168.2.2/255.255.255.0
  2. connected the wan port of R1 to a LAN port of R2
  3. provided data to obtain Internet access on R2
  4. set a static route on R2: target IP is 192.168.1.0/255.255.255.0, Gateway is 192.168.2.2

What works:
connecting PC to R2 for testing purpoes only: internet access works
connecting PC to R1: no internet access
Ping: from R1 to 192.168.2.1, but not to internet (neither to 8.8.8.8 nor to www.openwrt.org)
Ping from PC connected to R1 receives no reply from 192.168.2.1 or 192.168.2.2

I attach my network configuration for better understanding of the settings

cat /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
config globals 'globals'
        option ula_prefix 'gfhgf:5d67:82oe::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.1.1'
        option delegate '0'

config switch
        option name 'switch0'
        option reset '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4'
        option vid '1'

config interface 'WAN'
        option ifname 'eth1'
        option proto 'static'
        option ipaddr '192.168.2.2'
        option netmask '255.255.255.0'
        option auto '0'

I hope someone can advise.

Cheers
Oscar

Seen from the R2 (Internet router), a gateway has been described within its local network (192.168.2.0).

Is it required to point to a gateway also from the other side, i.e. within 192.168.1.0? I have not seen any instructions except for here. It is the inverse to the openwrt doc. Doesn't work either, i.e. no internet

I think you need to make LAN eth0.1.

You are missing the default gateway in the WAN interface.

on AVM 4040 eth1 is dedicated for the wan interface, it is not even listed on the Switch tab.

Thanks for the reply. I tried both changes in the config file:
option gateway '192.168.1.1 (R1 address as router) OR
option gateway '192.168.2.2 (R1 address as client to R2)

Neither worked for internet connection. From a PC connected to R1 I can ping 192.168.1.1, 192.168.2.2, 192.168.2.1 (to R2!) and 192.168.2.3 (a PC connected to R2). Apparently, both networks can communicate.
Just to recal, on R2 a static route has been set from 192.168.2.2 to 192.168.1.0.

ping 8.8.8.8 results in 'Destination host unreachable'.

:thinking:

Just to add: I can ping from the network of R1 to R2, but not from R2 to R1.

So to summarise, 192.168.2.3 (a PC connected to R2) has internet, 192.168.2.2 (R1 connected to R2) does not.

I do not understand at all the logic.

First fix a couple of things:
Add gateway and DNS 192.168.2.1 under WAN interface.
Fix your IPv6 ULA, as this is not a valid address.
Then post here the output of the following command, copy and paste the whole block:

uci show network;uci show wireless; \
uci show firewall; uci show dhcp; \
ip -4 addr ; ip -4 ro ; ip -4 ru; \
iptables-save; \
head -n -0 /etc/firewall.user; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

That did the trick! I had tried 192.168.2.2, 192.168.1.1, but not the IP of R2. Thanks a million.
I changed the gateway only, because I want to deploy the DNS settings on the secondary Router R1.

Next steps: avoid double Nat, use one set of DNS resolution for both routers, etc. But this is another story :smile:

Thank you again @trendy

Oscar

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

impossible, when I click on the tick mark after editing the titel I get 'You are not permitted to view the requested resource.'
Maybe an admin can do it for me? Meanwhile I am completely blocked from editing the thread title

That's fine, nevermind about the title.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.