[kwlug-disc] Web references on issues of router behind router?
John Van Ostrand
john at netdirect.ca
Wed May 26 22:05:02 EDT 2010
----- "unsolicited" <unsolicited at swiz.ca> wrote:
> I'm playing with a (different) wi-fi residential router behind my main
> home gateway.
> I'm intentionally using the wan port, examining what's what. The WAN
> port is getting DHCP internally, and computers on the subnet get out
> to the internet just fine.
> Anyone got any good links to articles that discuss this setup - I'm
> not getting expected results, and I suspect I'm over-thinking things.
> - I'd be surprised if something like VPN made it through both routers
> to the additional internal subnet. Anyone know of articles that
> discuss what else might be broken?
> - as expected, machines on the internal subnets can't talk to each
> other. But what if I wanted them to?
> Anyone have any favourite web links that discuss this?
I don't have articles but I do have some pointers:
1. Make sure the subnets are different. e.g. use 192.168.1.x on one router and 192.168.2.x on the other.
2. If #1 is good, then you should be able to have the inner subnet access the outer subnet's systems.
3. VPNs like openvpn should work fine. IPSec can work as well, but it's trickier.
4. PPTP (is anyone still using this?) can have issues with multiple VPNS sharing the same IP address.
5. Complications can arise with timeouts. VPNs often use UDP packets and since they do not have recognizable sessions routers use timeouts to determine when a connection is done. Timeouts are often in the single digit minute range. If your VPN does not send a packet, say in 2 minutes, the router will forget the connection and response packets will not pass through. Having two routers with two different timers will fail using the lowest timeout.
John Van Ostrand
Net Direct Inc.
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6
Ph: 866-883-1172 x5102
Linux Solutions / IBM Hardware
More information about the kwlug-disc_kwlug.org