US Telco Support > Verizon > Verizon Fiber Optics > [Northeast] VPN into my home

reply to MannyL

Re: [Northeast] VPN into my home

This is one of the shortcomings of double NAT'ing. You'll either need to stick the VPN server on the same subnet as the Netgear WAN behind the Actiontec or replace one of the devices with one that has VPN capability.

It might be possible to get this working by adding a static route on the actiontec if it supports it, but it would get messy and still may not work right for a VPN tunnel.

The VPN Server has an IP of 192.168.3.4 and the Netgear Wan which is behind the actiontek has an IP of 192.168.1.2 and 192.168.3.2

This is the info from the Netgear unit

Internet Port
MAC Address 30:46:9A:99:C9:9F
IP Address 192.168.1.2
DHCP FixedIP
IP Subnet Mask 255.255.255.0
Domain Name Server
192.168.1.1

LAN Port
MAC Address 30:46:9A:99:C9:9E
IP Address 192.168.3.2
DHCP Off
IP Subnet Mask 255.255.255.0

Here is a good read of what you are trying to do:

»portforward.com/help/doubleroute···ding.htm

Thanks I'll look at that.

I wonder if as an option can I change the internal IP of the Actiontec to 192.168.3.1 then just reboot the STB's so they are in the right IP range. Then everything will be in the 192.168.3.X range

If you do that you would basically be eliminating the need for having the netgear because it sounds like you would be moving everything to the Actiontec LAN.

Is there a specific purpose for the Netgear on your network? If not ditch it along with the double NAT headache. If you would rather keep the netgear than the Actiontec get a MOCA bridge and hook it up to one of the Netgear ports for your STBs to get internet (Doing this breaks on screen caller ID and android/iPhone remote DVR which require the actiontec/westell routers to work right, though)

I am using the netgear for better wireless support and my gigabit switch doesn't have enough ports.

I would do the MOCA bridge solution in that case then if the remote DVR and on screen caller ID are not that big a deal for you. If losing those would be a deal breaker for you then you've gotta get that double port forwarding to work as described in the article.

I use a Netgear wireless as well on the same setup because I dislike the actiontecs and their capability and the features I lose are not important to me.

I'm at a point where I can't spend any more money. If I could I would just buy a larger switch.

The on screen caller ID is not something we use in the house but the remote DVR is very important to us.

I know there has to be a simpler solution that I'm overlooking.

The STB's are being given 192.168.1.100-1.105 If I could switch them to 192.168.3.10 to 192.168.3.15 and set the LAN port of the Actiontec to 192.168.3.1 then everything would be on the same subnet.

reply to MannyL