I am trying to use my Netgear DGN3500 to create a second network on a different subnet and connect to the internet via my primary modem/router (netcomm NF18ACV). Ultimately I will have all traffic on the secondary router go through a VPN so I will be able to choose between normal connection or VPN connection just by connecting to either router/network but the first step is to just get it working without the VPN.
I installed OpenWRT on the netgear successfully.
The netgear doesn't have a WAN network port (just a port for telephone port cable as it has a built in modem) so I created a new VLAN and edited the WAN port interface to use a LAN port on the second VLAN:
I am able to connect my computer to the router and successfully get an IP address in the secondary subnet and connect to LUCI.
When I connect the secondary router to the primary router it successfully connects, receives anIP address in the primary subnet and is able to connect to the internet (ping works, and software is able to be installed via the LuCi interface).
However, I can not connect to the internet from the laptop I connect to the router that is on the secondary subnet.
Any ideas as to what I am missing would be greatly appreciated.
You've got your interfaces defined as /8 which means that your WAN and LAN are overlapping.
Change them to /24 and it should presumably work (assuming no other issues).
On the WAN, are you defining that as static or DHCP client (from the upstream router)?
On the upstream router, what is the network/subnet?
EDIT- looking more carefully at your picture, it looks like you do indeed have your WAN as a DHCP client. This means that the upstream network is probably also defined as /8. Can you change that to /24?
Did you manually put in a gateway or DNS server for the DGN3500's LAN interface that's possibly its own IP? If so, then this would be the reason.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip6tables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
If you need two routers then yes. But otherwise, you could do all that (both VPN andVPN-less) on the DGN3500 and set the main routeri n bridge mode to avoid double NATting.
I can't think of a good reason for a resedential modem-router to use a class A IP for its LAN. However, if this is the case for some mysterious reason and you can't change it, then make sure that your DGN3500 IP is on a differnet network. Simply start with anything other than 10 (and use /24).
They would be non-overlapping if they were /24's for example. But as /8, the ENTIRE 10.everything is one big network.
If you can't change it on your upstream router, you can switch to another RFC1918 network space. (172.16.0.0/12 and 192.168.0.0/16). I'd recommend keeping yours defined as /24 if you can -- just makes it much more intuitive to work with.
Your WAN address is currently 10.27.72.31/8
Your LAN address is currently 10.27.27.1/8
Because of the /8, they are overlapping. A /8 is 16.7M hosts! it occupies 10.0.0.0 - 10.255.255.255 (including the network and broadcast addresses at the top and bottom of the range).
You would need to be on a /18 or smaller network (i.e. larger number) to have those addresses non-overlapping -- that would accommodate up to 16K hosts. Still a very large range, and not necessary for anything in the residential domain (and rarely advisable for large networks, either).
Compare that with a /24 which is common in residential networks because it is easy/intuitive to work with and is almost always sufficient. A /24 can have up to 254 hosts.
Can you get an IP address on a client computer (start with wired) connected to your OpenWrt router's LAN port?
From the client computer, can you:
-- ping the router (192.168.1.1)?
-- How about the router upstream of that (10.27.72.1 -- I'm guessing about the last octet)?
-- And can you ping an internet host via IP (18.104.22.168)?
-- How about a domain name (google.com)?
If those don't work from a client computer, what abut from the router itself (when you've connected via ssh)?