Hi everyone,
I would like to ask for your help with a little challenge I am facing in my home network. While I am somewhat comfortable with networking basics, this issue is proving difficult to resolve and I’m not sure what I’m getting wrong.
I have a small network at home (please see attached drawing here Network diagram). At the front of the network there is a Google Home Wi-Fi router which connects to the Internet via a cable modem. It is a mesh Wi-Fi network so there are two wireless access points connected wirelessly to the main router. As there is only one WAN port and one LAN port on the router, I have a network switch attached to it, with a few additional devices hooked to the switch.
The Google home router is also the NAT and the DHCP server. Let’s say it’s LAN IP address is 1.1.1.1 with subnet mask 255.255.255.0. It is handing out IP addresses in the range 1.1.1.50–1.1.1.250.
I recently purchased a VPN router with the intention of using it as a VPN server on the network and configuring it so that I can access my home network and the resources on it remotely. I have been trying to configure it for a couple of days now and I am not sure what I am doing wrong but I am unable to access the VPN Router and it’s admin panel from computers hooked to the main network. I can only access it when I connect directly to the VPN router via an ethernet cable on one of its LAN ports. I tried connecting the router to the switch via its WAN port, via its LAN ports, via both at the same time. I tried disabling the DHCP server on the VPN router and manually giving its LAN IP 1.1.2.1, I tried setting it up as a DHCP relay too – no luck at all. Still cannot see it on the network unless directly connected to one of its LAN ports.
Could someone kindly describe how I am supposed to connect the VPN router to the main network, and how i am supposed to configure it and the network, so that it stays behind the Google home router but I can discover it and access it from other devices on the network? Please note that I am aware I need to set up port forwarding on the Google Home router once everything works correctly for me to be able to access the VPN service remotely. However, I am not even at that point yet.
Thanks,
swords1010
Edit: First success: Enabling remote access to the GUI and accessing it on its WAN IP worked! Thanks! Now I can leave it alone in the cupboard and configure it comfortably.
I still need to realise the main use case which is to be able to access what is on the main network remotely - everything connected to the switch that is hooked to the Google router, such as the NAS. What configuration would I need to be able to do this? I guess I need to hook the VPN Router to the switch on the LAN port in addition the the WAN? And do I disable DHCP on the VPN Router… or do I have it run as a DHCP Relay? Also, if it is connected to the switch via LAN, shouldn’t it receive an IP address from the Google DHCP and shouldn’t I somehow be able to access the GUI on that LAN address too?
The problem is probably something else but… why are you using public IP addresses inside your private network? You cannot do it without causing yourself a lot of weird issues. For example, 1.1.1.1 belongs cloudflare.
The only networks you should be ever using inside your private network is 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
Have you tried letting your main router assign the VPN router a WAN IP via DHCP then accessing it with that IP?
So you’re going to need to allow the VPN Router GUI to be accessed on the “WAN” side.
Think of it this way, if you have a public IP assigned to the WAN port of the router, most(if not all) routers block access to the GUI from requests coming from the internet.
In your scenario, since the WAN port of the VPN Router is getting a private IP from your Google edge router, the VPN Router GUI won’t actually be open to the internet due to the extra layer of NAT.
Since I’m not sure which VPN Router you have, this may or may not work, but try adding a port forward for ports 80 and 443 on the VPN Router to the LAN address you have configured on the VPN Router.
To avoid any IP conflicts, you’ll want to make sure your VPN Router LAN is a different subnet than what your Google router is handing out.
With all that being said, if you set up a VPN and then connect to it from the internet, through the Google router and to the VPN Router, you’ll only have access to devices that are behind the VPN Router. But if you just want to be able to access the GUI of the VPN Router, you’ll need to open the web GUI ports. Try googling “Access GUI of ‘router model’ from WAN”.
I’d need to know more about your end goal to be able to offer anymore help.
Hopefully this helps and at least gets you in the right direction to browse the web.
EDIT: Oh and yea, once you get it set up, you’ll need to set up port a port forward on your Google router for the VPN port & IP of the VPN Router in order to be able to access the VPN Router from the web. This is a double NAT type of setup.
Swords1010, I am having a similar problem. My setup is internet → cable co modem/router (giving access to family network → VPN server router giving access to private network.
I can connect to VPN from my family network and access the private network resources. However, I cannot access VPN from internet (this is the need in the first place, accessing my private network from outside locations).
On the cable co modem, I did forwarded a bunch of ports to the vpn server router but it cannot connect. Ports I forwarded are: All (TCP+UPD) 47 + 50 + 443 + 1701, TCP 1723, UPD 500 + 1194 + 4500 + 5500.
Can anyone help me?
P.S. I tried replacing the cable co router by another one I have in stock and I get the same result: cannot connect to VPN.
P.P.S. Yes I did consider other setups but that’s the most efficient one.
You could use 169.254.0.0/16 if you want. I mean… I wouldn’t, but ya know.
I am not really. Sorry. Only using these in the post for illustration but in reality my addresses are in the private range.
Yes that worked just now! But as I need to be able to access the network via VPN, I assume it also needs to be plugged via a LAN port to the network. Shouldn’t I then somehow be able to access the GUI on a LAN IP address?
So first success here: enabling remote access to the GUI and accessing it on its WAN IP worked! Thanks! Now I can leave it alone in the cupboard and configure it comfortably.
The main use case is to be able to access what is on the main network remotely - everything connected to the switch hooked to the Google router such as the NAS. What configuration would I need to be able to do this? I guess I need to hook the VPN Router both on its WAN and LAN ports to the switch? And disable DHCP on the VPN Router… or have it run as a DHCP Relay? Also if it is connected to the switch via LAN, shouldn’t it receive an IP address from the Google DHCP and shouldn’t I somehow be able to access the GUI on that LAN address too?
Move the switch to the LAN side of the VPN router. That puts everything behind the VPN (except devices connected via Wi-Fi). Then, turn off a DHCP server on one or the other.
If you want everything behind VPN, I’d suggest replacing your mesh with a router than runs a VPN server and also does mesh Wi-Fi.
What are you using for your VPN service? Are you configuring something like OpenVPN on the VPN Router or is it using a service like nordVPN, IPvanish, etc.
So there’s potential to make this work with the way you have your diagram setup but you’ll most likely need to configure at least one other LAN, set static DHCP leases, create firewall rules, disable DHCP on the VPN Router, set DNS rules, and more… You also have the potential to cause a loop in the network and bring it down if things aren’t set up 100% properly.
ORRRR a much easier solution, would be to change your physical setup. If you’re going to configure OpenVPN on r VPN router, you can setup like: Modem → VPN Router → Google Router → Switch —> all other LAN devices.
With the setting above, you’ll need to make sure that the VPN router LAN subnet is different than the Google router subnet, otherwise the Google WAN IP will conflict with it’s LAN subnet. After that, you’ll need to create the VPN (are you using openVPN?) and set NAT (port forwards) on the Google router to allow requests from the WAN to it’s LAN.
If you’re going with a VPN service like nordVPN, then it would go Modem → Google Router → VPN Router → Switch —> all other LAN devices.
same rules apply for the subnets needing to be different using this method as well. Check out this article How to use a VPN with Google Wifi or Google Nest Routers - VPN University