Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


518 posts

Ultimate Geek
+1 received by user: 25


Topic # 198766 21-Jul-2016 16:02
Send private message

Hey, hopefully someone kind can help me or point me in a right direction.

 

Putting together a proof of concept to access a mobile bit of kit when it's out on the road for diagnostic purposes. Have a 3g router, unfortunately due to CGNAT, accessing the router (and anything on it's LAN) via WAN wasn't going to work without a VPN (correct me if I'm wrong?).

 

Anyway.. this is roughly how the gear is setup.

 

Primary Router (running OpenVPN server) on 192.168.1.x (yes, I know this isn't ideal!) with DynDNS service to get WAN IP

 

3G router, connecting to Primary router via VPN Client config - lan is 192.168.0.x - receives 192.168.1.200 from VPN server

 

other laptops connecting to the Primary router via VPN - 192.168.45.x - receives 192.168.1.201 from VPN server

 

 

 

I am having trouble accessing the 192.168.0.x network as another VPN Client (192.168.45.x).  Accessing the 192.168.0.x network is fine from the 192.168.1.x - so provided you're not connecting via VPN, you can access the VPN clients.  192.168.1.201 can access 192.168.1.200 (brings up the 3g router login pages, same as accessing 192.168.0.1, however accessing 192.168.0.1 does not work)

 

 

 

I have enabled client - client in the OpenVPN settings. so scratching my head, I believe I need to put some static routes inplace - but not sure if this needs to be in the Primary router or the 3g router, or both?  Any help would be appreciated!

 

I have already done this on the main router:

 

Destination        Gateway / Next Hop            SubnetMask          Metric         Interface

 

192.168.0.1             192.168.1.200              255.255.255.0            0          br0 (LAN)


Create new topic
2413 posts

Uber Geek
+1 received by user: 704

Trusted
Lifetime subscriber

  Reply # 1596384 21-Jul-2016 16:08
Send private message

Have you got the APN for the cellular network set to direct ?  Currently it is likely set to internet which will in most cases geta  CGNAT address - fine for browsing and email but not fine for VPNs and incoming port forwarding.

 

This should get you a real public IP address.  We frequently have to do this for client VPNs from devices using the cellular network.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



518 posts

Ultimate Geek
+1 received by user: 25


  Reply # 1596513 21-Jul-2016 21:16
Send private message

Thanks, yeah, might have to bite the bullet and get a spark sim and change the APN to get a public IP on the 3g router.

Seems Vodafone don't do it anymore?

Doing it this was is going to be a more elegant end product too. Hmm

3532 posts

Uber Geek
+1 received by user: 1292

Subscriber

  Reply # 1596521 21-Jul-2016 21:35
Send private message

If I'm understanding correctly you aren't having any trouble getting the remote (3g) router to connect to your core router? If it was an APN issue then the VPN shouldn't even establish (like on 2degrees for example).

Also, you say you have no problem accessing the remote subnet from your core? But only have an issue when connecting to the core via vpn and then trying to go on to the remote subnet.

I think your issue will come down to your route table not having the correct routes in place.

2277 posts

Uber Geek
+1 received by user: 370

Trusted
Subscriber

  Reply # 1596526 21-Jul-2016 21:40
Send private message

Just setup a reverse SSH tunnel, then the remote end always phones home so to speak, and it doesn't matter where it's sitting behind, CGNAT or not. 




518 posts

Ultimate Geek
+1 received by user: 25


  Reply # 1596699 22-Jul-2016 10:06
Send private message

chevrolux: If I'm understanding correctly you aren't having any trouble getting the remote (3g) router to connect to your core router? If it was an APN issue then the VPN shouldn't even establish (like on 2degrees for example).

Also, you say you have no problem accessing the remote subnet from your core? But only have an issue when connecting to the core via vpn and then trying to go on to the remote subnet.

I think your issue will come down to your route table not having the correct routes in place.

 

 

 

Yep exactly, just not sure what else needs to be there on the route table. 

 

 

 

 

 

insane:

 

Just setup a reverse SSH tunnel, then the remote end always phones home so to speak, and it doesn't matter where it's sitting behind, CGNAT or not. 

 

 

VPN tunnel is working fine, its getting another VPN client talking to the clients behind the remote 3G client (if that makes sense).


2004 posts

Uber Geek
+1 received by user: 324

Lifetime subscriber

  Reply # 1596701 22-Jul-2016 10:16
One person supports this post
Send private message




Ross

 

Spark FibreMAX using Mikrotik CCR1009-8G-1S-1S+

 


Speed Test




518 posts

Ultimate Geek
+1 received by user: 25


  Reply # 1602100 1-Aug-2016 11:16
Send private message

Thanks for your help and advice. Ended up getting the Spark Sim and using direct.telecom.co.nz + VPN server on the remote device.  It's the far better way to do it!


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44


OPPO brings advanced technology to the smartphone market with new device
Posted 24-Jul-2018 09:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.