Go Premium for a chance to win a PS4. Enter to Win


Wireless, VPN, router

Posted on 2014-03-03
Medium Priority
Last Modified: 2014-03-26
I have two main routers, probably not idea, but let me explain.

I have a technocolor something or nother from comcast, which is a cable modem/router and has VOip.. unfortuntelly I can not configure too much on this device. So while wireless is enabled, I do not use it.. I cant even disable it.  I cant switch to bridge mode or anything.

So I connected a linksys e4200 wireless router... this is on a different subnet, and is configured for wireless, and etc. This is our main device we connect to and all forwards from this device accordingly.

My question, is somehow I want to enable and have the ability to VPN into home...
I dont think natively I can do this, and would have to add to dmz port forward... not sure... To test, I have a Linksys wrt54gs v 5.0.  I flashed with DDRT but not sure what to do now, and how to add to infrastructure.... I think adding it as a repeat bridge with same SID and passwords and authentication, but i need thoughts are corerect setup and how to enable and use vpn so i can connect from external
Question by:Indyrb
  • 3
  • 2
LVL 26

Expert Comment

by:Fred Marshall
ID: 39901546
It seems most odd that you can't disable wireless on any router in your facility.  That would not really be acceptable.  How do you maintain wireless security and, thus, network security?

Presumably if the Comcast router has wireless then it's providing NAT and a private subnet.  And, if it's on a LAN subnet then you should be able to access it - if you can log in.  The access address is likely the same as the gateway address one would use to connect to it.

If all you are doing is using the e4200 for wireless then I would connect it LAN port to LAN port.  There is a diagram attached for that.

What do you intend to use for terminating the VPN in the office?  That's rather key in this discussion.

Author Comment

ID: 39901654
I know what the comcast router is.. its the 10.x.x.1 I can even login, however I can not disable Wireless or advance rules or features... and it is connected LAN to LAN.. e4200 is 192.168.x.x

Author Comment

ID: 39901665
What do you intend to use for terminating the VPN in the office?  That's rather key in this discussion.

What do you mean by terminating VPN?
Like when the session is closed?  I am new to this, I know what I need, just dont know how to get there, while utilizing the most secure, least amount of effort, and maintaining best practices and guidliness.
-Techno (Comcast)
-LinkSys e4200
-Linksys Switch

-LinkSys Wrt54GS - DDRT-WRT
LVL 26

Accepted Solution

Fred Marshall earned 2000 total points
ID: 39902130
There needs to be a device in the office that is the "end" of the VPN.  It has all the VPN settings, etc.  Usually this is an edge device like a router or firewall.  

With your lack of control over the Technicolor (which seems odd if you can get into it) then all this may be for naught.  I'm going to assume that it won't support the VPN functionality.  In that case, it has to support VPN passthrough which is usually a setting.  What model is it?

The Linksys e4200 doesn't support VPN functionality unless you install DD-WRT.  But I wouldn't do that to this one.  At present, you don't have this set up LAN-toLAN but, rather LAN-to-WAN which is obvious from the IP addresses .. there are two subnets and not just one.

The Linksys WRT54G with DD-WRT does support VPN functionality.  So that's your best bet.  I would set things up like this:

- Technicolor with VPN passthrough enabled    connected to:
- WRT54G with DD-WRT with VPN configured. <<<< so this terminates the VPN.
- WRT54G LAN connected to e4200 LAN port.
- e4200 DHCP server turned OFF.
- e4200 LAN address set to be in the same subnet as the WRT54G LAN and outside the WRT54G DHCP range.  You will have to enter the IP, subnet mask, gateway (WRT54G address), DNS (the same) manually here.

If you plan to use a split VPN in the remote sites then it's a good idea to make your WRT54G subnet some odd number like  This way, no matter the garden variety subnet you happen to be on in the field, they won't conflict.
The split VPN is handy because then you can get to the internet all the time whether the VPN tunnel is established or not.

Author Comment

ID: 39937923
I also have an ASA 5505, but it seems to loose its config all the time, and then I cant get anything to work... But it also could be a rookie user error. Which is perfered. DDRT or ASA 5505. I have 80MB download speed. subscribed to 105+

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question