Access ip on another subnet

3

I have the below network and I would like access from Client 1 the Client 2.
Is there a way to achieve this by adding a route into the Routing Table of one of the routers?
If not, is there another way?

Main Router - Linksys E2500

  • DHCP enabled
  • Second Router WAN IP is reserved with the MAC address
  • Client 1 IP is reserved with the MAC address

Second Router - TP-Link WR841N

  • DHCP enabled
  • Client 2 IP is reserved with the MAC address
  • NAT is enabled enter image description here

Ionut

Posted 2018-03-20T04:06:20.290

Reputation: 133

Is NAT enabled on the second router? I'm guessing that it is, but I want to confirm that. – ErikF – 2018-03-20T04:12:49.243

@ErikF, yes, NAT is enabled on the second router – Ionut – 2018-03-20T04:22:39.463

Answers

3

In your main router you need to add a route for 192.168.0.0 netmask 255.255.255.0 gateway 192.168.1.3

You also need to ensure the WAN IP address of the second router is either statically encoded in the router or handed out by the main router using DHCP reservation.

davidgo

Posted 2018-03-20T04:06:20.290

Reputation: 49 152

the WAN IP for the second router is reserved with the MAC address. – Ionut – 2018-03-20T04:23:57.327

Ok. that will work then. – davidgo – 2018-03-20T04:24:29.367

Unfortunately, after adding the route and rebooting the routers, I'm not able to reach 192.168.0.100 – Ionut – 2018-03-20T04:38:59.913

1Are you running NAT on the second router? If so, you need to disable it. You should try do a traceroute from client1 to client2 and vice-versa and provide your results to show where traffic is going. – davidgo – 2018-03-20T06:02:00.660

Yes, that did it. Also the VPN kicked in and somehow the tracert was going out instead of taking the route. The best way is to test ping and tracert on the router instead of the client – Ionut – 2018-03-21T01:52:10.880

I have a similar setup using my second router as a vpn router with dd-wrt openvpn with expressvpn credentials. I'm not trying to access another computer on the vpn subnet but rather I would like to remotely access the vpn router. I've added the route as you described in this answer but can't get it to work. I tried adding port forwarding rule in router 1 pointing to the wan ip of router 2 but that didn't work. Is it even possible to access router 2 from outside the entire network (away from home)?? – Chris M – 2020-02-04T20:22:31.833

1@ChrisM this is an entirely other question and maybe you should ask a new question for it. I can't speak for ExpressVPN, only for OpenVPN in general - Provided that (a) the VPN on your router is assigned a world routable address (b) there are no firewall rules stopping it this is entirely doable - provided, of-course, that the VPN is up. – davidgo – 2020-02-04T21:09:06.633

1@ChrisM - From there website, it looks like ExpressVPN is designed to hide your network - this makes it somewhat unlikely they are giving you a routable IP address (which would only be the first hurdle - you would need to set up some kind of Dynamic DNS service as its unlikely they are providing you a static IP). If you really need this service, you may want to google "OpenVPN static IP" - but be aware that these services are less likely to provide anonymity if that is what you are after - A static IP address is in some ways antithetical to anonymity! – davidgo – 2020-02-04T21:13:31.303

1

What's happening is that computer 1 can't see computer 2 because router 2 is taking all the traffic from 192.168.0.0/24 and making it look like it is coming from its address of 192.168.1.3. You'll need to configure the router to allow devices on the "WAN" side to be able to access the resources that you need on the LAN side.

Assuming you are using the standard firmware, here are two methods you can try (page numbers are from the linked PDF of the manual):

  1. If you have only a few services that you are providing, you can set up a virtual server (p. 38). In the router's web interface, go to Forwarding -> Virtual Servers and add the port name and IP address of the computer (this address has to be static: if it changes, this won't work.)

  2. If you have many services, you can put the computer in the router's DMZ (p. 42). In the router's web interface, go to Forwarding -> DMZ and set the DMZ host address to the computer with the resources.

If you're doing this in a home situation or small business, my guess is that your setup is possibly too complex right now however. If you don't actually need two separate sets of IP addresses, I would recommend turning off DHCP completely on the second router and plugging the connection from router 1 into a LAN connection, leaving the WAN connection empty. That way all of your computers will be on the same subnet and you don't have to set anything up (unless you want to expose services to the Internet, of course!)

ErikF

Posted 2018-03-20T04:06:20.290

Reputation: 249

actually, all you need to do is turn NAT off, and let router 1 handle NAT for the whole network. This also gets rid of the "double NAT" issue. Also, turning off DHCP will break things because the networks are on different interfaces. – davidgo – 2018-03-20T06:08:09.280

Asked: 2018-03-20T04:06:20.290

Viewed: 9 053 times

Active: 2018-03-20T05:11:46.210