I have just purchased 2 more GL-iNet routers to replace two older models. But I also have a very specific use I require of them and the settings provided in the interface seem to support this, but I can't make this work!
Basically, I recently changed ISP due to poor service and replaced them with a new service but the new ISP router comes with no accessible settings. For most of my devices this is fine, but there are a few devices I want to be able to connect to remotely. As such, I have purchased a VPN service with a static IP and port forwarding to allow for this.
I have set the network up as follows:
On receiving the GL-MT2500 router, I connected it's WAN port to the ISP Router LAN port and set the WAN to static 192.168.12.200/24.
ISP subnet is: 192.168.12.0/24
Eero mesh router is connected to a different LAN port on the ISP router and it has a static IP: 192.168.1.1 (it is also the DHCP Server: 192.168.1.100-192.168.1.220)
From this set up I have tried multiple variations in the GL-iNet settings:
Connected LAN port to Switch which also has Eero LAN port connected for DHCP, and then set the GL-iNet to have LAN IP of 192.168.1.2/24
I have also removed the connection with the switch so only the WAN port is connected (for all the variations below; just for clarity, the switch for my home wired network I have connected and disconnected from the GL-iNet router LAN port for all variations below)
I have enabled and disabled the DHCP server on the GL-iNet router, when enabled I have set it to provide IPs: 192.168.1.221/24-192.168.1.250/24 and with a gateway: 192.168.12.200 (as well as trying 192.168.1.2)
No change to the GL-iNet settings described cause me to lose connection to the GL-iNet router on its WAN (or when connected it LAN) IP address. But when I then change my Windows computer ethernet adapter settings (used to configure the GL-iNet router) to a IP on both the ISP subnet as well as the Eero subnet, and then use the same gateway & DNS IP settings for both the WAN (192.168.12.200) or when connected to the switch the LAN (192.168.1.2) I lose internet connection with my windows PC. I have tried disabling the firewall on the Windows machine and multiple variations of the settings above without success.
Any help in finding my error will be appreciated!!
(note I have successfully been able to install a VPN configuration and connect to the VPN: but all my testing was done without the VPN being connected)
So this has not been successful. I have uploaded an image showing the design as outlined in the original post...
(and I am familiar with the fact that I was not expecting that connecting the GL-iNet router to the switch or enabling DHCP on the same subnet as the Eero would work. But ideally I wanted to be able to just change the gateway to affect how I accessed the internet (I also ideally don't want to set up 2 WiFi networks given that some devices will connect to either gateway only on WiFi)
**Note: ** 1. Please understand carefully about work principles of the drop-in gateway mode before you configure! 2. Can use the GL router instead of the Eero, so you wouldn't need to configure the drop-in mode, and your network topology will be easier.
As an update, I have adjusted the settings successfully and the router now operates as a 2nd gateway for my LAN.
But this has caused a second problem... my primary gateway & router is using an Eero mesh wifi setup (as described above) and now this defaults over time to automatically use the GL-iNet drop-in gateway as the primary gateway. If I reset the network the system works as required with the Eero router (192.168.1.1) being both the client gateway and the DNS. But perhaps a few hours/day later those same clients that had the correct settings have transitioned to use the GL-iNet (192.168.1.2) as their gateway & DNS. I can fix this by using static IP addresses but that is not what I want to do (and for some devices it is not possible).
I suspect that when the lease on the IP is up and it is renewed there is something that the GL-iNet router is broadcasting that trumps the Eero setup.
Please advise how to prevent this... as I only want to use the Drop-in gateway router when I need it.
So how do I fix that? I don't specifically need the Gl-iNet router on the same subnet if I can use it as a gateway within the existing subnet. I'll need help to correct this as my network knowledge is only at a basic level...
I tried to understand what you want to achieve but I am confusing.
You want to use VPN for remote access. But you need to tell us how do you want to access. e.g. you want to access device 1, 2 and 3 from a remote area.
As you said the ISP router is not configurable, it seems that you cannot set up port forward on that router. In that case, you may not set up vpn server.
If you are using MT2500 as vpn client, and you connect vpn from another router outside of your network so that you can access network of MT2500, you should consider the Site-2-Site settings.
You should not set up Drop-in gateway mode which seems caused you the issue. Just set MT2500 in general router mode and we can continue to talk about Site-2-Site.
Thanks and apologies for the delayed reply but I have been unavailable to solve this for the past couple of weeks.
To explain further:
I want to use the MT2500 as a VPN gateway for my local network but only for select devices (hence having it as a 2nd gateway). But I don't want the whole LAN to use it as it does not have sufficient bandwidth for streaming etc.
I want it to form a secure connection to my devices when I travel (so provide some form of a VPN server).
As mentioned, I do have a VPN service and have a static IP that I can use for this purpose... but I was planning on using one of the apps in the software interface of the MT2500. The topography map above almost worked, but the last issue I had was having the MT2500 demand to be the primary gateway and thereby force every device to connect to the internet through itself. This was odd to me as it is a client on my LAN to the main router... but regardless it did succeed in changing all the DHCP gateway setting of clients to its own IP.
I want to help but your setup is too complicated to follow.
Simple speaking, you have two GL.iNet router, you are supposed to use one as VPN server at your home and one as VPN client when you travel.
In this case you don't need 3rd pary vpn service.
The first thing to make sure if that the one in your home can work as vpn server. So you need to access your ISP router and configure port forward etc. Otherwise we are stuck here.
So you have described one element of the set up I want, but I also want the home device to perform as a gateway connection to a VPN to prevent my ISP from limiting my network. Some ports and functions are barred by my ISP so I can only then use a specific VPN connection that permits me to access the network securely. And by having it as a gateway it also then protects my network from ISP interference...
Add to this that when I recently changed ISP providers so did their rules and that made my network setup invalid at that time. In the future, if all I need to do is change the link to my VPN then my existing in and out network connection will remain unaffected...
If you use the router as drop-in gateway, you should let it manage the gateway and dhcp etc., i.e. the default settings.
Otherwise you just need to separate your network to VPN or non-VPN network. Let the device want to use VPN connect to GL.iNet router directly. Let non-VPN device connect to EERO.
So your second option is what I want to do (and is how I set up the network). But the DHCP of the GL.iNet router resets all the client device gateways to itself (even though I have disabled DHCP on GL.iNet router and only maintained the Eero DHCP server... and the Wifi/LAN is all routed through the Eero router). So hence why I am looking for a setting to ensure that the Eero router can maintain itself as the primary DHCP router and gateway while still having the GL.iNet router as a secondary gateway which is only used via a static IP network setup...
This can't be if you disabled the DHCP server - please double-check that it's really disabled.
But it might work different in Drop-in gateway mode, maybe it overrides some DHCP requests by using ARP-magic and stuff, not 100% sure about that.