Hello,
I am trying to use my Netgear DGN3500 to create a second network on a different subnet and connect to the internet via my primary modem/router (netcomm NF18ACV). Ultimately I will have all traffic on the secondary router go through a VPN so I will be able to choose between normal connection or VPN connection just by connecting to either router/network but the first step is to just get it working without the VPN.
I installed OpenWRT on the netgear successfully.
The netgear doesn't have a WAN network port (just a port for telephone port cable as it has a built in modem) so I created a new VLAN and edited the WAN port interface to use a LAN port on the second VLAN:
I am able to connect my computer to the router and successfully get an IP address in the secondary subnet and connect to LUCI.
When I connect the secondary router to the primary router it successfully connects, receives anIP address in the primary subnet and is able to connect to the internet (ping works, and software is able to be installed via the LuCi interface).
However, I can not connect to the internet from the laptop I connect to the router that is on the secondary subnet.
Any ideas as to what I am missing would be greatly appreciated.
You've got your interfaces defined as /8 which means that your WAN and LAN are overlapping.
Change them to /24 and it should presumably work (assuming no other issues).
On the WAN, are you defining that as static or DHCP client (from the upstream router)?
On the upstream router, what is the network/subnet?
EDIT- looking more carefully at your picture, it looks like you do indeed have your WAN as a DHCP client. This means that the upstream network is probably also defined as /8. Can you change that to /24?
Did you manually put in a gateway or DNS server for the DGN3500's LAN interface that's possibly its own IP? If so, then this would be the reason.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; ip6tables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
If you need two routers then yes. But otherwise, you could do all that (both VPN andVPN-less) on the DGN3500 and set the main routeri n bridge mode to avoid double NATting.
Thanks for the reply - I can't seem to find where to change to /24 (in OpenWRT). ONce I can find this setting in OpenWRT hopefully that means I can find it on the primary router too.
They are different subnets (I think!) - the primary router is using 10.27.7.2x, the secondary is using 10.27.27.x so shouldn't this prevent any overlapping anyway?
I can't think of a good reason for a resedential modem-router to use a class A IP for its LAN. However, if this is the case for some mysterious reason and you can't change it, then make sure that your DGN3500 IP is on a differnet network. Simply start with anything other than 10 (and use /24).
They would be non-overlapping if they were /24's for example. But as /8, the ENTIRE 10.everything is one big network.
If you can't change it on your upstream router, you can switch to another RFC1918 network space. (172.16.0.0/12 and 192.168.0.0/16). I'd recommend keeping yours defined as /24 if you can -- just makes it much more intuitive to work with.
Your WAN address is currently 10.27.72.31/8
Your LAN address is currently 10.27.27.1/8
Because of the /8, they are overlapping. A /8 is 16.7M hosts! it occupies 10.0.0.0 - 10.255.255.255 (including the network and broadcast addresses at the top and bottom of the range).
You would need to be on a /18 or smaller network (i.e. larger number) to have those addresses non-overlapping -- that would accommodate up to 16K hosts. Still a very large range, and not necessary for anything in the residential domain (and rarely advisable for large networks, either).
Compare that with a /24 which is common in residential networks because it is easy/intuitive to work with and is almost always sufficient. A /24 can have up to 254 hosts.
Can you get an IP address on a client computer (start with wired) connected to your OpenWrt router's LAN port?
From the client computer, can you:
-- ping the router (192.168.1.1)?
-- How about the router upstream of that (10.27.72.1 -- I'm guessing about the last octet)?
-- And can you ping an internet host via IP (8.8.8.8)?
-- How about a domain name (google.com)?
If those don't work from a client computer, what abut from the router itself (when you've connected via ssh)?
A client computer connected to the LAN port successfully gets an IP address and I can connect to the router via webinterface (LuCi) and by SSH (and can ping it)
From the client computer I can not ping the upstream router (you guessed the IP correctly) or an internet host and can not connect via browser to any site (except the OpenWrt's web interface).
The OpenWrt router can connect to the internet (it can ping external IPs (both by IP and domain) and can download packages from the System > Software interface.
I did a reset of soft reset of the OpenWrt router back to factory settings and then re-implemented adding a second VLAN and editing the WAN interface to use a LAN port.
It seems doing this with the correct subnets from the start has solved the issue - subject to the additional issue below...
