Reply to: VPN Setup - Client and Host

Don't know about the specifics of the devices being discussed, but the "using public IP" should be a simple matter of routing. The original built in Windows VPN used to route everything by default through the remote network (and so appear to come from there) because the "use default gateway on remote network" was switched on.

You could set up static routes to make certain sites route that way if you needed to, without all your internet taking the slower route. I used to do this because we had a company webserver that only allowed access from the company's public IP, but with a static route setup at home I could get round it by routing just that IP through the company network.

Most of this thread is beyond me unfortunately, but I know there are VPN options built in to the range of Asus routers you appear to be using in Spain; I'm using the RT-N66U myself and have set up a VPN on it (although admittedly that's for connecting TO it). There appears to be some sort of option to set up the router a VPN client as far as I can see, but it's way beyond my understanding so no idea if it will suit you.

I can't remember if the standard firmware supports this out of the box, or if you need the grey Merlin firmware from Asuswrt-Merlin - custom firmware for Asus routers | Merlin's Tower (Asus unofficially supports this guy by giving him the source code, and even steals some of his good stuff for their own official firmware from time to time).

Anyway, thought I'd mention it as overall the grey firmware seems pretty good to me so wanted to make sure you're aware of it (I use it as it contains an option to allow me to connect to my OpenReach fibre modem, rather than using Sky's own router).

Yes so easiest way to do that (IMO) with a router with an ethernet WAN port is to plug the WAN port on the second router into a LAN port on the first one and have it pick up an IP address from the first one, then set up forwarding on the first one so that all traffic to the WAN IP on the first router is forwarded to that LAN address, effectively just passing everything through the first router as if it's "just a modem" albeit with NAT as well. That way all outgoing traffic appears to come from the WAN IP and you can let the second router handle the NAT & firewall duties etc for your actual devices and it should be able to tunnel out for VPN as well.

The best bet is to replace the old router with a new one ideally though.

Most routers require the public facing IP to be used which is why if it's behind another router that needs to be bridged

Some places use different DSL flavours as well i.e. VDSL rather than ADSL and so on. The ideal is to have a separate modem that presents you with an Ethernet connection IMO.

Having said that you should be able to plug a router with an ethernet WAN port into a LAN port on an existing router and use it as "just a modem". You might need to faff about with the port forwarding / DMZ on the first router to get everything working though. And switch all the NAT, firewall off etc as well.

Problem is not sure of the setup of the Spanish ISP (might be a microwave link rather than DSL) so not sure what I can use as oner rather than sit behind another router as a bridge

It may well do. I have one of their small business switches and it's excellent for the money. I'd check the reviews though as I know some of their older small business stuff was rebranded linksys after the buyout and it had issues like the config pages only working with IE6. I expect they have ironed those sort of problems out now though.

I was looking at it a few years ago now to be fair, so the options were quite limited, My lab setup was with a couple of 2650XM or similar I got off ebay when I went through a "cisco lab" phase and I'd have needed a couple of 1800 or 8xx if I wanted wireless and ADSL2+ which would have set me back the best part of a grand at the time (would be worth **** all now probably)

The Cisco RV220W sounds like it does very thing needed and that's only £150 if I bridge the router given to my by my Spanish IP and use the Cisco for PPPoE

You need to have a look at routers that will do a reliable site to site VPN then. I don't know about the Asustek ones, thay might be fine but I found various netgears and linksys I tried just didn't handle the site to site IPSec VPN well at all. Draytek ones seem to have a good rep but I've not actually tried them myself. As I say gave up on IPSec and went with OpenVPN (which is free) running on a couple of PCs and it was rock solid. Client co use it as well, though I'm not sure that's much of an endorsement

If you want useful Cisco or similar kit you're looking at quite an outlay, so I'd probably avoid that. I did get a couple of cheap second hand ciscos working in a lab setup but they were old ones that would only support 8mb DSL cards and no wireless, and they are relatively complex to set up (and I say that having some previous IOS configuration experience).

I'm not adverse to spending money on a business class setup if needed, I know I can do host to client on each machine but I was looking for something a bit more hardcore, ideally I don't want anyone to know the "other" office is out side the UK no matter what device is attached to it

Not sure you can have the same public facing IP on both routers but you can certainly get a VPN between two sites.

I prefer to use OpenVPN running on a server or individual PC and punch holes through the firewalls on the routers rather than use IPSec or other VPN facilities on routers directly as I've found the latter unreliable over mobile / 3G connections and suchlike and I think home class routers often aren't up to the job in terms of CPU/memory etc. I've used this to allow myself to VPN back home from all over the place.

I've always gone with static routing, so basically, set up a host in wherever that communicates via the VPN tunnel to a host in the UK (that's one subnet), configure both hosts to route traffic between the VPN subnet and their local LAN subnets and then set up suitable static routes on the routers at both ends to tell them the local VPN host is a gateway to the LAN subnet at the other end of the pipe. You can also run the Open VPN client on a host PC and connect directly to the VPN in the case that you only need a single client, it's almost the same setup but the routing is a bit simpler.

You can of course set up a direct router-router IPSec or SSL tunnel between two sites but as I say home class routers seem to struggle a bit with this so you might have to spend a bit of cash to get a reliable solution.