I’ve got an MT300N V2 that I want to use as a VPN server appliance behind my ISP router. I will port forward the OpenVPN port to the appliance. There is no need for wireless, and I can hook up the appliance to the ISP modem via ethernet. The only part of the MT300N I’m interested in at the moment is the VPN server. I just want to be able to login from outside my network to the MT300N and access my LAN from there.
I’m having trouble figuring out all the settings required. If I configure it as a router and hook up both the LAN and WAN port to my modem, I can access it and it appears to have access to the internet. But it’s flakey and keeps ignoring clicks on the web interface or spontaneously restarting my web connection. If I try it in bridge mode the ethernet connections both disappear from my ISP modem and I can’t connect to it.
Has anyone else done this before, and would you suggest a starting config?
Yes, you should be able to do this with the MT300N V2. I am using a GL iNet microuter-N300 as my Wireguard server, behind my ISP router, which is similar to what you want to do with OpenVPN. My N300 is running with wireless turned off and with its WAN Ethernet port plugged into my ISP router. The N300 is setup as a router and it gets its IP address from my ISP router. On the N300 Firewall Page I have opened ports 22 and 80 so I can manage the N300 using its WAN interface, using any of my systems that are plugged into my ISP router. On my ISP router, I have the external port number I use for Wireguard forwarding to the IP address assigned to my N300. Setting up the VPN server is done in the VPN section of the MT300N. You will also need to know the IP address or DNS name assigned to your ISP router.
To tell you exactly how to do this would require knowing your ISP router, as you will need to setup the port forwarding, possibly open up forwarding rules, and it would be helpful if you assigned the MT300N a constant IP address from your ISP router. The good news is what you are trying to do should work, once your figure out your ISP router.
I’m still having some trouble with this. If I use openvpn client on Ubuntu 18.04 I can login to the MT300N that’s behind my ISP firewall (port-forwarded so I can access it), and I’m able to see the LAN that the MT300N is connected to. Works great. However, I’ve tried two different openvpn clients on my android phone, and while I can connect to openvpn server, I’m unable to see the lan or internet connection once I’ve logged in. There are so many bits and pieces to this that I can’t figure out which one to tweak. I have “access local network” turned on for the openvpn server. I’ve messed around with some static routes on my ISP modem and within the MT300N, but nothing I do makes any difference.
I’m at a loss as to why my laptop can get to the lan but my phone can’t, using the same openvpn config in both cases.
Any ideas on what I can check?
ISP modem with port for openvpn on the MT300N forwarded to the MT300N.
MT300N is LAN connected to the ISP modem behind the firewall via ethernet.
Wireless turned off on the MT300N.
I want to access the LAN that the ISP modem is controlling once I’ve logged in to openvpn.
When you are referring to the laptop, is this the openvpn client on Ubuntu 18.04, and how is it connected?
If I’m following, the internet is connected to the WAN side of the ISP router. The LAN side of the ISP router is running DHCP and handing out addresses to everything connected wired and wireless to the ISP router in a range of <what?>. One of these is a wired connection to the WAN port of the Mango, which has a fixed IP address in that range. Nothing is connected to the LAN port of the Mango, which otherwise would be handing out addresses in a 192.168.8.0/24 range.
When the phone wants to connect, it is connecting to the WAN side of the ISP router, probably on port 1194, which is forwarded to the Mango. (I’m assuming that the phone is not connected over wifi to the ISP router.) The Mango creates a tunnel from the phone to an address, probably in the range of 10.0.8.xx, and creates a route from that to the 192.168.8.0/24 range, which is the “local network”. At this point the phone doesn’t have any idea what the LAN addresses are, so if you want to reach the LAN range, you have to change the phone’s default gateway to 192.168.8.1 (your config is probably doing that anyway) and then add a route in the Mango from 10.0.8.xx to the LAN range (which is the Mango’s WAN network, and would be unusual).
I’m not sure how that laptop is connected, but if it is wireless or wired in the ISP’s LAN range, then you are probably making a connection to the Mango, but perhaps it is reaching the LAN directly, and not through the VPN server at all. If it is connected to someplace else on the WAN side of the ISP router, then I’m not sure what is going on.
Whatever you do, do not connect both the WAN and LAN connections to your ISP router. And do not open ports 22 and 80 on the Mango firewall, and do not forward those ports to the Mango.
Thanks Eric for taking the time, I’ve been away for a while and am just getting back to this again.
I’ve attached a picture of the connection layout. It’s basically going from one residence to another via the internet. Phone and laptop connections are identical, via wireless on the home1 lan. I’m attaching a picture, (hopefully) for clarity. I’ll keep debugging but if you think of anything I can check, I’d appreciate a tap on the shoulder.
Since the laptop is working, I would be looking at differences in the routing tables between the phone and laptop. As I have never had this problem on an andriod phone, I can’t really help on how to do this on a phone
Thanks Eric. I’ve got some networking tools installed on the phone, I’ll explore that. The funny thing is, I have an OpenVPN server set up on a NAS in home1, and my android phone is able to connect to that and see the LAN from there. So it’s seeing the LAN when connected to home1, but not home2. The laptop works on both.