Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Double Router OpenVpn Port Forwarding

May 19, 2017 8:31AM PDT

Here Is my Scenario :
REFS:
ROUTER1------------ -IS A ROUTER/MODEM combo. and connects to internet through Isp phone line.
Does not support dd-wrt firmware, so the need for second router

ROUTER2..............just router only, connects to the wan port of Router1 to get to internet, Flashed with dd-wrt for vpn client support

ROUTER_1 _INTERNAL IP: 192.168.1.1, DHCP is enabled.

ROUTER_2 _INTERNAL IP: 192.168.2.1, GATEWAYShocked.0.0.0, DNS:dns: 0.0.0.0.


ROUTER_2 _EXTERNAL IP: 192.168.1.20, GATEWAY:192.168.1.1, DNS:dns: from vpn provider.

PC1 _INTERNAL IP: 192.168.2.102, GATEWAY:192.168.2.1, DNS:dns: from vpn provider.
PC2 _INTERNAL IP: 192.168.2.103, GATEWAY:192.168.2.1, DNS:dns: from vpn provider.


DHCP IS DISABLED ON ROUTER2 SO EVERYTHING IS STATIC


VPN (openvpn client) is INSTALLED ON Router2 through commandline.

Now all PC1 & PC2 can now connect to wireless ssid of Router2 and vpn works on them all


PORT FORWARDING ON PC1 & PC2 FOR EXTERNAL SERVICE TO ACCESS THEM
Everything works well without vpn , but once i turn on vpn I loose access to the port.

PROBLEM HERE:
The vpn provider said the problem has nothing to do with their service.
I did as adviced on here http://www.dd-wrt.com/phpBB2/viewtopic.php?p=707694&sid=781f956c7bdd025e69e0a4a1659b9499
and it still failed.
here is what i executed on the dd-wrt console for PC1:
iptables -t nat -I PREROUTING -i ath0 -p tcp --dport 2300 -j DNAT --to-destination 192.168.2.102
iptables -I FORWARD -p tcp -d 192.168.2.102 --dport 2300 -j ACCEPT

and I can't still see the service.
Please any help to make it work would be appreciated.

Discussion is locked

- Collapse -
Answer
I read this and see an issue.
May 19, 2017 9:24AM PDT

A VPN is curently defined (and this is the simple definition) as if you were plugged into that other network. Your other connections SHALL fail because of how VPNs work.

I run into folk all the time that want a broken VPN that allows local network connections and the VPN.

If you ever see this, that's not a VPN.

- Collapse -
Then what next
May 19, 2017 9:49AM PDT

Then do you have any idea of what I should be doing ? Because from the article in that link , it worked for the user, seem i am getting something wrong .

- Collapse -
I'm just a programmer that
May 19, 2017 10:05AM PDT

Wrote router code over the years. To me a VPN that does something other than a VPN is not a VPN. So in my view this would break what a VPN does and as such should fail.

If you feel that article is good, post there or email the author and contributors but here, I'm going with not expected to work.

- Collapse -
Still on it
May 19, 2017 10:17AM PDT

The article is 2015, and no longer active. unlike in PIA vpn, you can forward a port on the vpn directly.. All I wanted was for the connection to outside to tunnel through the vpn. If the vpn does not have anything to do with my portforward , does it not mean that I can still bypass vpn to forward , since my service can't listen through the vpn?

- Collapse -
Redo.
May 19, 2017 10:36AM PDT

Let's redo this. As you'll discover, double routers or two routers in a row does not find any support out there.

If you want to fix this, fix the reason you have two routers.

In the meantime I thought of one thing. Put the second router's IP into the DMZ entry of the first router. Not that it may help since two routers is one too many.

- Collapse -
Did that Already
May 19, 2017 11:05AM PDT

I already have that setup in router1. the initial reason for the introduction of the second router is; the first router does not support vpn client and the only way to extend the router1 for vpn client is to flash with custom firmware. Still first router is not supported by dd-wrt or any other open source firmware., so the need to introduce another router(router2). port forwarding works only when i disable the vpn on router2, but once i turn vpn on, it fails to work.

- Collapse -
I find it odd....
May 20, 2017 7:55AM PDT

The statement about not supporting the vpn client. That is, my Windows running Opera's VPN is a CLIENT and the HOST is out there. I've yet to find a router this didn't work on.

Now if someone wanted to install a VPN CLIENT in the router, well that's a whole 'nuther kettle of fish.

- Collapse -
Now a change of mind.
May 21, 2017 3:41AM PDT

Now am wondering if i could do same thing with a hosted vps service , such that i setup my own vpn server and have multiple client behind my router connected to it. Then each client can forward port as they like ? Just wondering though. I really would prefer vpn client on router installation with forwarded port for each client with a static local ip.

- Collapse -
Great way to immerse yourself in deep networking.
May 22, 2017 5:01PM PDT

It's advanced so you'll love all the new stuff to learn. Most folk prefer simple.