Subnet conflicts. Please change LAN IP

Shadow inside lan for a Nas to sit behind cant make it work, it says the message

‘‘Subnet conflicts. Please change LAN IP address. Set LAN IP’’

I just want this device (Shadow) to sit on the lan asd a vpn router to punch out to the same set up offsite

I cant use main routers on site or offsite for this purpse, alreade used for services like this.

Also any ip that i change it too, 192.168.8 xxx it rejects

Could you please try to draw your current setup so we can understand it more easily? Please post the used IPs for each device as well.

Sure I will but this is a new issue that i cant fix for now

cheeers for the reply mate I am very grateful
main router is

just got a new glinet router Shadow

with lan and wan

but when Lan from router is plugged into Shadow

i get no internet? why?

same on lan mode?

and the other modes on the router stop me from seeing GUI,

for the offsite Router this is not a viable option I need to be able to see that GUI through the vpn tunnel that im to create later


Router main (flint with services used like vpn) with Glinet shadow on lan

this router behind lan needs to have full access to internet and the ablility to vpn

how do i do this?

on the same subnet so i can acces it via normal web gui

All this will apply to the offsite setup but This needs sorting first :slight_smile:

Unfortunately, I don’t know many details about the GL-ARM300M (Shadow).

On a Flint you have to convert the WAN port to a LAN port. Maybe there is an option like this as well on the Shadow?

Just to understand the desired end state: You want the shadow router to exist on the same network as the home network, and then you want to manually set routes to route them through the VPN?

So sth like this?

I can access the secondary glinet router either on the same lan connection , so on my laptop for to be seen by internet on my laptop i have to connect to its wifi?

i want it all to work from one connection.

also i will do this now but i have to swap wifi ever time i make changes

EDIT: I just changed wan to lan, and The GUI says no internet?

I need internet into SHADOW

so it can generate VPN for me to connect to

I will assess your image but for right now:

I need my shadow connected to flint with internet and ability to create a tunnel out of my home

Edit, ive just looked, I didnt know my home could have two routers exposed to the internet?

isnt that a security risk?

can i not have it behind Flints internet?

Basically its not doing what i expect

in lan mode it cant see the internet

That picture is correct however, only one device is going to be connected to Shadow , my NAS L:):):):):

every other connection goes straight to flint


so flint main router is

it would not work on same subnet so i changed it to

is this why it not letting me access the GUI


Only devices within the same subnet can access each others.

If your computer’s subnet isn’t set up right, it’s like being in the wrong neighborhood. So, your computer will use the gateway, which is like a town center, to find its way to the right place.

So if you are in subnet 192.168.8.x (with subnet mask you can only access devices within the 192.168.8.x. If you use a broader subnet mask (like you can access all devices within the network 192.168.x.x

But this is just for your understanding - not for solving the issue so far.

And now I’ll wait for @LupusE - he is pretty good in describing what to change.

Thank you so much for your reply, I feel i am a little in over my head but the reality is I don’t want to use cloud storage,

I have a second home I’m going to punch a vpn too, and it needs to be via a independent router connected to the internet some how

when i set up initially, I couldn’t have this new glinet shadow on the sae subnet it was telling me there was conflicts


Another question from my side: Why can’t you use the Flint as your VPN gateway?
I mean … it handles VPN really great.

A subnet ( can only exist one time. So you need to change the network of your ISP LAN or your GL.iNet LAN. Than you’ll have a double NAT for all devices behind the GL.iNet LAN.
In that case the Shadow admin panel is reachable only from the LAN site (all devices in the LAN/WLAN settings of the Shadow). Or you explicit allow access to the admin panel from WAN, than the clients at the ISP LAN can reach the Shadow, but at the WAN IP, not the GL.iNet LAN IP.

On the other hand you can can switch the Shadow to Bridged mode. Than it does no DHCP, DNS, Routing. It is just another Client in the network, that can hand over all WLAN to LAN, in the same Network.
In that case your Shadow is reachable from the Whole LAN by the settled or assigned (via DHCP) address.

I like! but I am not really sober at the moment :wink:

1 Like

Already using it for my own connections, my personal vpn for guarding my internet

and the router offsite is a home router and i cant change it as its for people living there, custom routers on the other side can not be done

so for the sake of the set up being the same on both sides ,

I want a main router and another router with a vpn on it with a nas plugged into it

on both sides, thank you for your suggestion its brilliant, unfortunately its not viable for this scenario

No. Two sites with the same Subnet won’t work. Never. Regardless how many people people living there.

Lets live in a ideal world:
SiteA: LAN (.1 is the router, .2 the first client)
SiteB: LAN: (.1 is the router, .2 the first client)

Now you can create a VPN in between, with the network or (a little oversized, but okay for this picture).

The issue in the wrong setup: Because it is more easy in your head, you’d like to use on both sites, because there is a VPN in between → But the SiteA is routing all to itself, SiteB is routing al to itself … The VPN is confused what is the target address.

The Network at the Shadow isn’t working, right? So you can change it and lose nothing.

Solution 1:

  • Connect any device to the Shadow.
  • open the admin panel at (or the IP)
  • Go on the menu left to Network - LAN
  • Change the ‘Router IP Address’ to 192.168.x.1, where x is any number you haven’t used in any network within your LAN or VPN.

Solution 2:

  • Connect any device to the Shadow.
  • open the admin panel at (or the IP)
  • Go on the menu left to Network - Network Mode
  • change The setting to ‘access point’.
    Now the Shadow is a client … I already wrote this before.
1 Like

There is no vpn mode in The other router when in accesspoint mode, and I see no bridged mode?

So i already have my nas’ set up everything is ready to go , i just need a hole punching,

This double nat how do i do it, does that mean I have two ip adresses via /32 0r some magic number

No there is no offsite yet, im saying that i have the hardware so i can experemnt, i need to first get my stable known working network to see Shadow and let it vpn

ill read this now and wrap my head around the logic of what to do

Network with the CIDR /32 will be only one IP … I really don’t think this will represent your network.
Yeah, the bridged is on another device. Sorry that I have more than one router config. sometimes I confuse them.

But please make sure you are using Firmware 4.x, not 3.x

That will mostly not work. You can’t VPN from inside the network you want to VPN to.

  • Go on the menu left to Network - Network Mode
  • change The setting to ‘access point’.

I did this and couldnt see vpn client or vpn server