Using ER605 as VPN client for streaming devices
Please bear with me as I am a networking noobie!
I have introduced an ER605 in my home network for the purposes of having my streaming devices on NordVPN - see diagram below.
Basically the below setup is working including the VPN setup which allows me to view geoblocked content on the streaming devices. However, in order to easily enable and disable VPN's on the ER605 (i.e. switch countries or disable the VPN), I would like to implement some SSH scripting which controls this but which can be run from within the 192.168.10.xxx network.
I have tried to setup a static route on the Verizon Router, and it works in the sense that I can ping 192.168.11.1 (ER605) from a device on 192.168.10.xxx, however I can not browse to 192.168.11.1 (e.g. manage the ER605 using a browser) or telnet/SSH etc. Since the ER605 already is behind the Verizon router I am fine with disabling the firewall on the ER605 if that will make it work (if so how?)
Any idea how to make this happen?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @mrwassen
Thanks for posting in our business forum.
If your IP is 192.168.10.0/24, you want to browse the ER605 admin page, use the ER605 WAN IP, 192.168.10.254, and make sure you have enabled Remote Management.
If SSH and from 192.168.10.0/24, you should SSH the IP address 192.168.10.254.
- Copy Link
- Report Inappropriate Content
Thanks both for the suggestions. The good news is that I now can access the router from the 192.168.10.xxx network and open an SSH session.
The potentially bad news is that after getting access to the command line, I was unable to find any CLI commands that allow me to manage the configured VPN's. My last hope is that there are some undocumented commands - if not, it seems I will not be able to get to my goal which was to manage the VPN's using scripting :-(.
If such VPN related commands are not available on this particular device, could somebody suggest a different device? (there are still 28 days left in the Amazon return window :-))
Any help appreciated.
- Copy Link
- Report Inappropriate Content
Hi @mrwassen
Thanks for posting in our business forum.
mrwassen wrote
The potentially bad news is that after getting access to the command line, I was unable to find any CLI commands that allow me to manage the configured VPN's. My last hope is that there are some undocumented commands - if not, it seems I will not be able to get to my goal which was to manage the VPN's using scripting :-(.
CLI guide: https://static.tp-link.com/upload/manual/2023/202307/20230725/1910013378_ER605(UN)2.0_CLI.pdf
If there are no lines mentioning the VPN type you use, or enable/disable it, then we don't provide that line.
mrwassen wrote
If such VPN related commands are not available on this particular device, could somebody suggest a different device? (there are still 28 days left in the Amazon return window :-))
Any help appreciated.
You may take a look at the open source software like pfSense. Or other pre-build brands like UBNT or Mikrotik. They seem to fully support all configs in command-line mode. Try them out before you make the final choice.
- Copy Link
- Report Inappropriate Content
Thanks again. I ended up implementing a laughably low-tech solution. I will keep the ER605 in place as the VPN client, then insert a $10 ethernet switching device allowing the streaming device switch between the regular network switch or the VPN router (in order to "switch countries").
On a related note though, I had one more question (also with reference to the diagram in my initial post):
Is there any way to allow resources on the 192.168.10.xxx network to access devices on the 192.168.11.xxx network, e.g. RDP sessions. (The opposite direction seems to work fine).
I have experimented with setting up static routes on the Verizon router, but am not able to get it to work. Is there a firewall on ER605 I can disable or open a port on?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks for the suggestion. Is it correct that "Virtual Server" in reality is what is known as port forwarding on consumer grade routers? If so this is helpful to some extent, but I was hoping for a way to get more complete access.
So without specifying the target IP on the 192.168.11.xxx network, I would like to simply access any client on the .11 network from the .10 without having to setup individual entries. I was thinking this could be achieved using a (static) routing entry of some sort, but I may be wrong?
Thanks
Dennis
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1647
Replies: 7
Voters 0
No one has voted for it yet.