Router OpenWrt don't see my LAN

Hello to all,
I have this network situation that I don't know how to fix.
The OpenWrt router is connected via its Internet port to the LAN port of the modem / router of the Internet provider.

The OpenWrt Route has an IP address of
The modem / router has an IP address of - no firewall active

If I connect my laptop to the wifi network I don't see the OpenWrt router (I can't connect to the console
If I connect my laptop to the wifi network I don't see/navigate the network

Could the problem be the Netmask

Is there any firewall enabling/accept on the OpenWrt router that needs to be done?


openwrt device should be on the same subnet as the modem, unless you want to use it's firewall, then it should be connected using the WAN port to the modems LAN port.

if you want to keep the current IP configuration, connect WAN-LAN.

if you only want the wifi and the switch, on the same LAN, use

1 Like

What @frollic said, you probably want a dumb AP configuration if you are connecting directly to the main router network and the OpenWrt router and want all devices on either connection to have full access to each other.

If you do want two separate networks you need to leave the firewall enabled to facilitate routing between them. The default configuration will NAT (masquerade) access to the wan network ( and the Internet) to appear to come from the 192.168.1.X IP address that the wan side of OpenWrt holds. This is good for many cases since the main router does not need to know that there is a network. If you want to log into OpenWrt from a .1.X machine you will need to use OpenWrt's .1 address and also have the firewall open for that port.

The alternative is to turn off NAT and have full symmetric routing. This requires installing a route to via 192.168.1.X (X being OpenWrt's wan) in the main router. Also change the OpenWrt firewall to forward from wan to lan in addition to the existing lan to wan.

This is my solution a I need change the ip of my OpenWrt from to 192.168.1.x/24 ? did I get it right?

No, the wan and lan must have separate IP subnets such as .1.0/24 and .2.0/24 like you were doing. Other than changing the LAN to so it won't conflict with the wan at, it is a default configuration.

You probably want to make the wan a static IP or make a DHCP reservation in the main router so the OpenWrt router gets a consistent known 192.168.1.X IP. If you want to log into the OpenWrt router from the main router (.1) network, you will need to use that IP and also open http, https, and/or ssh ports on the OpenWrt WAN.

With this network it is possible to contact hosts from the network, but not the other way, since OpenWrt is NATing all devices to its single 192.168.1.X IP. If there are only a few situations where you want to contact from, such as a single printer, you can forward ports to it (the machines would use the OpenWrt router's IP as if it were the printer). Otherwise don't do NAT, either bridge all devices (dumb AP) or set up symmetric routing like I said in the last paragraph.

1 Like

I try to explain what I want to do ... now my OpenWrt router is a vpn client. I want it to become a VPN server as well so that I can connect from the outside. From the outside I have to reach my modem/router and with a port forwarding send the call of the VPN client to the VPN server that is active on the OpenWrt router. Once connected, my entire network which is 192.168.1.x / 24 must be able to reach it. Is it possible to do this by keeping the wan and lan on two separate networks as they are now?

...sorry but I don't understand much about networks...

To run a VPN server like this the main router needs several things:

  • It must have a public IP on its WAN side.
  • The service provider's network must allow incoming traffic through.
  • You need access to the main router administration, and it needs to allow you to install static routes and forward ports.

Then you can start by seting up an OpenWrt machine as a LAN device (dumb AP). So far the only network it has is the main router's LAN, which is also its LAN. You will be adding another network of a VPN tunnel and forwarding traffic to / from VPN clients that are out on the Internet.

Today I already have a VPN where the server is a Raspberry. I would like to replace the Raspberry VPN server with OpenWrt. The architecture is already there and working, I just have to configure OpenWrt as a VPN server and make sure to see my network 192.168.1.x / 24

There are several ways you can approach this. Since you already have a working VPN configuration on the Pi, I think most of the requirements have been met. The only remaining question is this one:

Does your router expose this functionality? This impacts some of the implementation details.


What is "it" in this case. I am assuming the remote client(s)? Do you need to be able to initiate a connection from your LAN > remote VPN client, or is it simply an issue of the LAN being reachable (and able to respond) to the connections initiated from the remote VPN client?

Yes, I can access to my router administration and the forward ports work properly. The static routes I think yes…my vpn works correctly for me.

Yes, the remote client(s)

I quickly looked at the configuration of the VPN server on LuCE and it seems to me that it is enough to create the necessary files and start the service.
But before I get to setting up the VPN server I need someone to explain to me how I can do it:

  • OpenWrt network router
  • port OpenWrt WAN internet port masquerade connected to the modem / router on the network

I need that when I am connected to OpenWrt with example my laptop which will have ip ​​can see the whole network

.... I don't know if I was able to explain myself

I am attaching a drawing of the network

The way you appear to have your network setup actually negates the need for static routes. However, what you seem to be trying to achieve does require that you can setup static routes on the main router. Please look at the configuration interface of the main router to see if static routes can be set.

It is not clear to me what it means to be able to do static route.... could you give me an example?

looking on the web for my modem I found this info:
TIM routers do not manage VLANs in the LAN network, they can only do untagged traffic in VLANs.
The router does not allow the addition of static gateways for complex LANs, it is recommended that you install a firewall or a router that supports VLANs between the LAN and the TIM router and do all the VLAN switching and routing configurations on the external router

Assuming the above comes from the manual or other official information, this indicates that static routes are not possible on your main router. The result here is that your VPN can work in one direction, but not both. By this, I mean to say that the remote VPN clients can connect to your main network (and the devices on the main network can respond, forming a functional connection), but the devices on the main network cannot initiate connections to those VPN clients. I believe that this is the current state of operation based on the description you have provided, and this is the only way that you will be able to use your VPN unless you make some other changes to your network (i.e. replacing the existing main router or putting all devices behind the OpenVPN router).

So looking at my drawing all the devices that connect to the "wifi router" (OpenWrt) [which I call A] on the 192.168.2.x / 24 network (wifi, lan, VPN) cannot see the network behind the "modem / Tim router "[which I call B] network 192.168.1.x / 24.
If I have not misunderstood I would have two solutions:

  1. change B
  2. put A behind B.

Did I get it right?
In solution 2 which IP should I assign to A?
Would 192.168.1.x / 24 be okay? And does A's 'internet' port have a separate network?
Can I connect A's 'internet' port to the switch?

Sorry for the many questions but I would like to understand how I have to change.

Based on your drawing, I would expect the following:

  • Connections cannot be initiated from hosts on to
  • all devices on the network (on router A) should be able to communicate with devices on (router B's network), unless router A has a firewall rule that blocks it.

If you want to make it possible for hosts on both networks to initiate connections to any other host on either network, your main router (router B) needs to have the ability to set static routes (which it does not). The means that you have two options:

  1. replace router B with a model that supports static routes (and make corresponding changes to the OpenWrt configuration, too).
  2. connect the switch to router A and use only the wifi on router A, thus making all devices part of the same network.
    -- Ideally, you'd be able to put the modem/router into bridge mode so that it passes the ISP provided IP address directly to your OpenWrt router's WAN port.. this avoids double-NAT which can cause problems in certain circumstances.