Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


11 posts

Geek


Topic # 192048 25-Feb-2016 11:57

Hi all, I need a little help configuring my home network.

 

 

I live in a remote location, and to obtain internet access I have built a wifi system. This uses a series of Ubiquiti M5-400 radios to transmit from my house to a solar powered repeater on the top of a 3000 ft hill 8 km away, and from there to a friends house another 18 km away where I join his home network. He has 1000 mbs fibre access to the internet. I have a remote camera and weather station located on the hilltop as well. I want to be able to set up a VPN from within my house, and I want to set this up on my router which is a Ausu RT AC68U. I currently use a VPN by using an old laptop and sharing the port which is clumsy. My speeds are good at around 250 - 300 MB/s at the moment.

 

 

Currently I am using my router to connect to the network via a LAN port, but to enable the VPN I think I need to use the WAN. I obviously want to be able to access my remote radios, switch and camera after the change.

 

 

At my friends house he has a Huawei HG630b however these are quite limited in configuring the VPN. I guess I could swap our routers, but I like my Asus.

 

 

It is said that a picture is worth a thousand words, I guess whoever said that never saw my drawing, but I have a bit of a picture to show you what it looks like.

 

 

Any help would be appreciated.

 

 

Click to see full size

Create new topic
1492 posts

Uber Geek
+1 received by user: 559


  Reply # 1499079 25-Feb-2016 12:26
Send private message

- Where do you want the VPN to connect to?

 

- I don't think your friend has a HG630b, that can only handle 100Mbps not gigabit.


4131 posts

Uber Geek
+1 received by user: 2347

Lifetime subscriber

  Reply # 1499128 25-Feb-2016 13:19
Send private message

Your image is unreadable - can you post a better one please?





Sideface




11 posts

Geek


  Reply # 1499152 25-Feb-2016 13:46

Your right, it is not a HG630b it is a HG659b, my bad.

 

 

I use several VPN's, they connect all over the place so it shouldn't matter.

 

 

This is a higher resolution image.

 

 

Click to see full size

218 posts

Master Geek
+1 received by user: 11


  Reply # 1499162 25-Feb-2016 13:59
Send private message

i can see what you are wanting to do.

 

can you put IP addressing on your diagram?

 

 

 

here's an example setup if for instance your mates router LAN IP is 192.168.1.1/24

 

you'll need to use a new private subnet for your LAN, e.g 192.168.2.0/24 and make your router LAN IP 192.168.2.1, and run DHCP for your clients

 

set an address on your router wan port, for example 192.168.1.254, next hop / default route is your mates router at 192.168.1.1

 

you want your router to route, not NAT.

 

your mates router will need a static route to your network, eg. 192.168.2.0/24 via 192.168.1.254

 

you can probably get rid of the switch at your house and your mates house with this setup, unless there are other devices on it that aren't in the diagram

 

 

 

well done on the awesome wifi links too!!!!!  very impressive.


218 posts

Master Geek
+1 received by user: 11


  Reply # 1499173 25-Feb-2016 14:22
Send private message

edit: error on diagram, static route on huawei should be via 192.168.1.254, not 192.168.1.25

 

 

 

Click to see full size

 

 




11 posts

Geek


  Reply # 1499191 25-Feb-2016 14:37

OK I see. I will try that when I get home tonight. Will this still allow me to access my section of the network on the 192.168.1.x subnet? What happens when the radio link goes down with the router sitting on the other side of the radio link?

 

 

Click to see full size

218 posts

Master Geek
+1 received by user: 11


  Reply # 1499206 25-Feb-2016 14:45
Send private message

yeah, the trick is going to be getting the static route on the huawei... who knows how flexible the GUI is on that.

 

the static route to 192.168.2.0/24 will need to have the LAN as the outbound interface for the route

 

your radios, camera and weather station will have the huawei as their default gateway (if you want them to retain access to the internet), so when they want to get to 192.168.2.0/24 (your new LAN at your house) they will ask the huawei, and the huawei will tell them to go via 192.168.1.254, which is your router.  it's an ICMP redirect which is not ideal, but will work.

 

 

 

ummm, when you say radio link goes down, which one?


218 posts

Master Geek
+1 received by user: 11


  Reply # 1499208 25-Feb-2016 14:49
Send private message

you will have to plan this out quite methodically, as you don't want to end up losing access to your remote devices on the hill!

 

you'll need a step by step implementation plan really, which is beyond the level of advice I can give on here i'm afraid.




11 posts

Geek


  Reply # 1499213 25-Feb-2016 15:06

Yes, the Huawei does seem to be limited in options one can use. How about if I made a subnet for the wireless section and routed that through the Asus router?

 

 

I seem to get a few dropped links on the 18km link, this occurs only on some channels. When I set it up I enabled frequency hopping and have not been able to successfully switch this off. I have it set-up to reconnect, but it can take up to a couple of minutes to re-establish the link. As it takes me up to an hour to access the remote site I am reluctant to touch it too much, but I guess I should before winter when it becomes unassailable.

218 posts

Master Geek
+1 received by user: 11


  Reply # 1499215 25-Feb-2016 15:14
Send private message

nah i wouldn't worry about another subnet... if you leave the wifi devices as they are, then you can always plug a laptop into the radio segment of the network at your house, or your mates house, give the laptop a 192.168.1.x address and access your radios.


1984 posts

Uber Geek
+1 received by user: 133

Trusted

  Reply # 1500160 26-Feb-2016 20:33
Send private message

Don't know whether you Asus can terminate a VPN, most consumer-grade gear only supports VPN passthrough as far as I know. Also most will probably only pass 1 VPN at a time.





Qualified in business, certified in fibre, stuck in copper, have to keep going  ^_^

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44


OPPO brings advanced technology to the smartphone market with new device
Posted 24-Jul-2018 09:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.