Dual router printer and NAS access

Hi all. Real newbie here with OpenWRT. I have a dual router set up. My main router is running dd-wrt. It's IP address is 192.168.1.1. it is a gateway and has a network printer and NAS on it.

The router that is attached to it (wlan to lan) is an ExpressVPN version of OpenWRT. It's 15.05.1. It's IP is 192.168.42.1. It does appear that it uses 192.168.1.1 as a gateway on the wlan interface. If I don't have the VPN up, I can get to the printer and NAS without problem from the 192.168.42 segment.

But once the VPN is bought up, I can no longer see either the printer or the NAS. I can see the vpn0 interface is using 10.56.0.93 as a gateway. No surprises there since I'm sure that's setup for ExpressVPN.

I figured I could add a route to the vpn0 interface to point to the 192.168.1.0 segment. But when I use the web interface to add the route, I don't see it being added to the route table.

Is there anyway to do this when the VPN interface is up? Thanks.

Do you have the option of removing the dd-wrt router and making your openwrt device the main and only router? Things are much easier with a single router

You are using a very old version of openwrt. If your router supports it, you should upgrade to the latest to have better security and up to date features. If it is not suppoetyes, maybe it is time to get a new router.

With respect to your specific issue, though, the vpn generally will make it difficult to access stuff on the dd-wrt router. You will need set up policy based routing to create rules that direct the specific traffic to the printer and nas outside the vpn tunnel.

1 Like

Add the route to interface wan.

If I add the route to the lan, it does show up, but it does not help. The WAN already has a route with Target of 0.0.0.0/24 with a gateway of 192.168.1.1. Which explains why if I bring the VPN down, everything is visible on the 192.168.1.0 segment.

However the vpn0 has a target of 0.0.0.0/24 which has a gateway of 10.182.0.53. Which I am assuming means once the VPN is up, all traffic is going to that gateway which knows squat about my private 192.168.1.0 segment.

Now I have to say, I've been a computer engineer for 30+ years, but networking had not been my forte, it's a science into itself!!!

Thanks.

Oh I know that everything is easier with a single router, but I have reasons for wanting the separate routers. The main reason is the speed difference. I get about half my bandwidth with the VPN, which is expected.

My reason for trying the ExpressVPN firmware was because with dd-wrt, my Linksys router only got about 20% of the speed that my internet connection is capable of. Everyone there said that's because OpenVPN is single threaded and that's about all you can expect from a router.

So for the nuts of it I tried the ExpressVPN firmware for my router. That is what is based off of the older OpenWRT. Guess it works so they don't move to newer versions. Lo and behold I get about 50% of my total bandwidth through this firmware. Which is much improved. I assume OpenWRT uses OpenVPN also, so the story I got does not jive.

Anyway, I have another router I plan to put the newest version of OpenWRT on, but it looks like there is a pretty steep learning curve here to understand the intricacies of OpenWRT and to learn how to configure it. I hope I still see the higher output.

Looking at the routing table, it does appear that once the VPN is up all the traffic is routed to it's gateway. With dd-wrt, I could still see my local devices on the other segment even though the VPN was up.

So as I said on another post, I was a computer/software engineer for 30+ years. But Operating Systems was my forte, not networking!!!

Thanks for the reply. It's appreciated.

OpenVPN option redirect-gateway def1 shouldn't remove existing routes.
Smaller network 192.168.1.0/24 should have higher priority than larger network 0.0.0.0/0.
Show your routing table when VPN-connection is down and up.

Here is with VPN up:

ARP

IPv4-Address MAC-Address Interface
192.168.1.1 c0:56:27:b7:07:ca eth0
192.168.42.175 d8:50:e6:84:3c:a5 br-lan
192.168.42.146 30:5a:3a:8d:8e:29 br-lan

Active IPv4-Routes

Network Target IPv4-Gateway Metric Table
vpn0 0.0.0.0/0 10.182.0.53 0 vpn
vpn0 10.182.0.1 10.182.0.53 0 vpn
lan 192.168.42.0/24 0 vpn
wan 0.0.0.0/0 192.168.1.1 0 main
vpn0 10.182.0.53 0 main
wan 192.168.1.0/24 192.168.1.1 0 main
wan 192.168.1.1 0 main
lan 192.168.42.0/24 0 main

Here is with VPN down:

ARP

IPv4-Address MAC-Address Interface
192.168.1.1 c0:56:27:b7:07:ca eth0
192.168.42.175 d8:50:e6:84:3c:a5 br-lan
192.168.42.146 30:5a:3a:8d:8e:29 br-lan

Active IPv4-Routes

Network Target IPv4-Gateway Metric Table
lan 192.168.42.0/24 0 vpn
wan 0.0.0.0/0 192.168.1.1 0 main
wan 192.168.1.0/24 192.168.1.1 0 main
wan 192.168.1.1 0 main
lan 192.168.42.0/24 0 main

Thank you for your help!!

You need to add a route to 192.168.1.0/24 in the routing table vpn.
Or add a policy to use routing table main for destination 192.168.1.0/24.
Another way is disable policy based routing and use option redirect-gateway def1.

Yes I tried to add a route to vpn using Luci, but it does not take for whatever reason. Looks like a lot of OpenWRT stuff is done just by editing tables. So looks like I got done reading and learning to do. Thanks!!!

I'm not sure it's feasible via LuCI.
You likely need SSH access.