Here’s my situation. I have a VPN account that came free with my Usenet account. I grabbed a router that was capable of having DD-WRT flashed on it and was able to do that part. My issue now is trying to get that router on my network to run alongside my Verizon Fios router. Basically I’d like to have a setup where I can either connect to the Fios router for standard internet and then have my server run through the other router for the VPN. I have heard that the VPN slows down the router speed, which is why I grabbed another one, specifically for my router.
Can this be done by just plugging the cable into the LAN port on the Fios router and then run into the WAN port of the VPN router? Wouldn’t both have the same IP of 192.168.1.1 and throw it all off?
I’m still kind of new to this and figuring it out, so sorry if this seems like a silly question to have.
So your fios router is probably handing out addresses in one of those ranges. So ideally you want to setup your DD-WRT device to use one of the OTHER ranges. This allows you to quickly look at an IP and understand which network it’s on.
Then, depending on the features of your fios router (I’ve never seen one), you’re going to want to set a static DHCP lease on the MAC address of the DD-WRT device. That way you can be sure it gets the same IP via DHCP every time it connects (this isn’t a requirement, but it helps in remembering which IP is what). http://www.dslreports.com/faq/16728
What this setup essentially does is provide a double NAT’d connection to your second router with the firewall disabled on the first NAT.
This is how my network is setup. I don’t use my AT&T provided router network at all. I disabled the wireless and the only wired connection I have on that network is the secondary router (Netgear).
So let me ask this, I connect to my server through my office computer at home. I have a CIFS share setup on my server to allow my desktop to connect to it and manage it this way. If the server is running on the VPN router, but my desktop is on the Fios router, will it still connect?
I have DDWRT on my router but haven’t really done anything advanced with it. I tried it when I was having all the issues with the wireless repeater I was using for getting better wifi out to the back yard.
No, because the DD-WRT is firewalling all traffic behind it. If you want to do that, you may be able to do so by setting up port forwarding on the DD-WRT. Just remember that port forwarding might open it up to the Internet since you’re in DMZ host mode.
If it were ME, I wouldn’t run the VPN on the router. I’d run it on the server.
Random thought; you could also put a secondary network card on the server, setup static routes and put the machine on both networks.
Updated - - -
Here is another workable solution:
This allows you to put everything behind the DD-WRT and route only specific devices through the VPN connection by using static routes. It’s messy stuff and pretty dangerous if you don’t understand it. But it allows you to simplify your network. You need to change SOURCETOROUTE to be the IP of your server. For this, you will also want a static DHCP lease on your server as well, because if the IP changes, then the static route wouldn’t work.
Note this is for PPTP vpn connection, the interface might be different if you’re using a different vpn connection type. It’s an old post, so things might have changed, but the theory that you can statically route certain IPs through the VPN and certain IPs through the default interface still holds true. Just need the special sauce commands to make it happen.
This was my original plan, to run OpenVPN in one of the jails setup on my server for the Transmission plugin that downloads my torrents. That’s really all I need it for anyways since the Usenet stuff is encrypted. I just couldn’t get it to work though and decided to grab a cheap router and try that.
Updated - - -
I use FreeNAS which is based on FreeBSD software and has been a nightmare for me. I was thinking of switching to Windows, but I feel like I have invested so much time and I have come along way, I should just stick it out and make it work. I’m close to having it all setup.
Seems overly complicated why not just run the VPN client on a single machine?
If you use the VPN client if its not split tunnel it will route all traffic out the VPN besides most specific routes which would be stuff for the internal LAN like 192.168.1.0/24
I guess that’s my easiest solution. When the plugins get installed on my server, they are issued their own IP. I just need to install the OpenVPN plugin in my jail and then run it that way. I think the problem was that I forgot to open the firewall to allow that jail to access the VPN.
Again, this is still new to me, but I’m not about to start downloading torrents without having the VPN in place. I’ve been sticking with just Usenet stuff for now…
Problem is that he is running appliance software so he doesn’t have as many options as a self-built server might have. I’ve never used the stuff he’s using, but I agree, run the VPN on the host and stick to having a single network behind the DD-WRT.
how fast are your fios speeds? and what kind of router did you toss ddwrt on. if it was a Linksys wrt54g variant look up to see what kind of chip/cpu it has, some were 200 or 216mhz or other. i upgraded to the 50mb roadrunner and was running ddwrt on a wrt54g and barely hit 35mbps on a rr speed test… found out limitation of the cpu speed was maxing out bandwidth. tried a second router, different open source, same thing… switched to untangle and full speed retained. now run some asus router with no problems as well.
Realistically im sure you could get away with just making the IP scheme on the new router 192.168.2.0/24 having it double NAT and not notice a difference.
Updated - - -
What about putting your FIOS router in bridge mode and making a single port on the new DDWRT router on a separate VLAN with VPN.
Currently my server is on my Fios router, the maing web GUI is on 192.168.1.2. As I add the plugins (CouchPotato, Sickrage, Sab, and Transmission) they are assigned their own IPs/ports on my network. I access these plugins by entering the IP in my address bar.
Basically, I just need the Transmission plugin/IP to run through the VPN. It’s probably easier to run it in the jail, but should SAB be running through the VPN as well? I’m setup to have Sab grab the nzb files and Transmission handles the torrents.
In my opinion, running Usenet over SSL provides enough privacy. It’s obviously not bulletproof, and some 3-letter gov’t agencies can probably attack it, but I wouldn’t be worried.
Ok, so if I took this route and ditched the torrents, should I still run through the DD-WRT router behind the Fios router? Do I even need the VPN then?