VPN connection on flint behind main router with FTTH

liar39 · October 24, 2023, 9:18am

Hi,
I have got a Flint and an Opal to create a VPN so my IP on laptop is always my home IP.

At home I have the service provider router FTTH which is connected directly through a GPON to the fibre and I have not Ethernet ports on the box on the wall.
So at first I tried to connect a LAN Port of the main router with la Flint WAN port and I am able to connect to internet with the flint.
Than I forwarded the 51820 in the main router, but using the wireguard client on a phone I cannot connect to the server and to internet.

Using Nmap -p 51820 “homeIP” it says:

PORT STATE SERVICE
51820/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds

main router is on 192.168.1.1 and gave to the flint 192.168.1.159
I can connect also on flint is on 192.168.8.1

the client conf:

[Interface]
Address = 10.0.0.3/24
PrivateKey = ***nnxfnxm
DNS = 64.6.64.6
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = ...:51820
PersistentKeepalive = 25
PublicKey = ***xmxghmx

please can someone help me?
thanks

admon · October 24, 2023, 9:34am

Hey there and welcome to the community

This means that there is a firewall active and blocks the port.
nmap will only work if you are not inside the network you want to scan - so this might be the issue for testing here.

In my opinion, the best way to get a stable network would be to use the GPON router as a modem only. This depends on the configuration, however. Router behind router is often something where you need much more time to troubleshoot than you want to.

Does your GPON router support “modem” only mode?

Edit: Since it’s FTTH there might be no real modem - but maybe switching mode only or something like that. The main router should do as fewer jobs as it needs to keep the internet up and running.

liar39 · October 24, 2023, 10:19am

Hi Admon, thanks for your reply.
the main router is a Home&Life HUB by zyxel.
Home & Life

I tried to change the WAN interface from routing to bridge mode but then I had to reset the modem because I was not able to go to internet or access the zyxel.
Maybe I should had changed the ethernet links between the two router?

here I can change from routing to bridge
routing bridge mode

admon · October 24, 2023, 10:38am

You could change the main router to bridge mode and enter the PPPoE details on your Flint - so the main router will mainly work as an modem and the connection will be terminated on the Flint.

This means that the main IP will move to the Flint (which is good because then there is one point of failure less) - but you will not be able to access the Home&Life Hub anymore - depending on the config. In this scenario, all devices must be connected to the Flint instead of the main router.

liar39 · October 24, 2023, 11:12am

which one should I turn into bridge mode?
WAN interface
And if bridge works, still the two routers must be connected LAN zyxel <----> WAN FLint?

admon · October 24, 2023, 11:14am

Not completely sure about the config, tbh. I would say the WAN port should go into bridge mode. And yes, LAN Zyxel ↔ WAN Flint

liar39 · October 24, 2023, 2:07pm

thanks! it worked
i bridged the fourth interface in the screenshot on the home&life and put the PPP admin and password on the flint.

admon · October 24, 2023, 2:13pm

Happy to hear that & have fun with the Flint!