Does anyone have experience with dual WAN routers? I want to have one WAN go to the internet and one to the mesh. Most of the ones I see are more concerned with load balancing and failover. Ones with wifi are over $200, so I don't want to put down the money unless I'm sure it will work.
I was also wondering if I flashed a cheaper router with DD-WRT, would that work?
JJ
You more likely want a router with a DMZ port where you can assign one (or more) of the onboard ports to an 'isolated' network that is not part of the "lan"
Dual WAN is usually when you have two Internet connections, not two internal networks. (It depends on the router some can switch it to a DMZ port some can not)
Depending on the router you may be able to do it with a 3rd party firmware like DD-WRT it just depends on the hardware and open source capabilities.
JJ, Can you describe the senario or the problem being solved to bring a little more clarify? Is the issue that you want the computers in the shack to have direct access to both the mesh AND the internet? When you have traffic to the internet, you don't want this traffic going over the mesh and/or to worry about part 97 rules on encryption and conducting business?
If this is the issue, there is a way to handle this. When a computer is on the LAN of a node and this node is connected to your homenetwork->internet (via its WAN interface), then this computer does not have any RF traffic and thus no part 97 rules are involved for the internet traffic. At the same time the 'gateway' box in setup can be left unchecked to NOT advertise and make this node an internet gateway for other devices on the mesh. Thus the node is only routing traffic to the internet from it's own LAN devices and no RF links are ever used. You may optionally enable other devices on the mesh (that will use RF) to access your gateway to the internet by checking the gateway box in setup--a sepearte choice.
Joe AE6XE
I'll attach a drawing of my network.
You can see that I have multiple routers.
1. The objective of the network is to allow any device to access any network, including wifi phones, laptops, etc
2. Also the services on the server can be accessed from either the mesh or the internet. (subject to port forwarding rules)
Item one can be achieved with the multiple router configuration and some static routing in the Archer router, no problem.
Item two is the issue. Windows does not like having two gateways. If I only use one gateway, the inbound mesh service requests do not work.
So I setup two gateways with two interfaces into the archer router.
This works mostly but it is unstable. Microsoft warns about this in their documentation and says to use one gateway with appropriate routing commands.
I can access the internet and the mesh from anywhere with no problem (except for an occasional DNS delay).
However, One gateway does not seems to handle multiple NAT sources. (one NAT through the Archer and one through the Netgear)
So.. I was hoping a dual Wan router would handle this situation, be more stable and maybe eliminate the Netgear router.
I hope this explains my situation.
JJ
If your router supports customizing the DHCP options or setting static routes (not all do) you can actually do this with only a single router. (DD-WRT or similar will likely allow this if you can flash the router)
Your main router should be your DHCP server, your mesh node you intend to connect to your existing network have DHCP disabled and be in NAT mode.
It will have its IP address in your 192.168.0.* range such as 192.168.0.2
You than setup your main mesh router to either support a static route to 10.* and 172.16.* through the mesh nodes NAT ip address (192.168.0.2)
OR
You configure the DHCP server on the main router to advertise a DHCP routing gateway (DHCP Options 121 and 249) via the mesh nodes NAT address (192.168.0.2).
Both cases get you access to the mesh a single router, than you only need to port forward from MESH to LAN to get to the server.
Only the 802.11AC router has DHCP enabled. It is also the only one with WiFi enabled. Some addresses must be static.
I don't think I can configure my router with DHCP options you suggest. (at least I don't see that option).
I configure the clients DNS to 192.168.0.1 and 192.168.0.2
The mesh nodes are configured as 5 host direct. I thought about configuring them as a NAT and eliminating the router, but then I would end up with 3 NATs. Windows likes to see a single NAT.
I think SNAT would work if I had a router capable of that. See comment below.
I was looking at a TP-Link RL-470T Multi Wan router for $47 on Amazon. Most others are $100 plus.
Sorry the router labeled 802.11AC is the Archer router.
The one just labeled router is the Netgear Router.
BTW I have tested the WAN connection from the Mesh as well as a Client Tunnel and they work fine.
JJ
With the current architecture, I suspect all you need to do is configure the netgear router to have SNAT capability. Basically this means that when the Windows server is trying to talk back to a mesh device, it only knowns to use the IP address of the netgear on 192.168.x.x as the path going back, not the 10.x.x.x address.
Loading DD-WRT on your netgear and using both DNAT & SNAT on the forward may do the trick (I'm assuming netgear does not have this option out of box). This assumes everything else is working and this is the only problem to solve.
The windows server can route to the internet and the mesh at the same time when initiatiating a connection, but can't route back to the mesh from forwarded traffic through the netgear? Seems like both should fail or work the same, not just one. Sometimes it's just a mystery and we're happy it works :) .
Joe AE6XE
Thanks. I had thought about SNAT but none of my routers support that. I haven't tried flashing any of my routers with other firmware.
I think I will try the TP-Link Multi Wan router (TL-470T) and see how that works. If not, I will try flashing other firmware.
It is a mystery sometimes. Like my WAN connection from the mesh would not work when plugged into the main router but would work when plugged into the netgear router as shown on the diagram. I don't know why. I saw some comments about routers not liking inputs from tagged VLANs but I wouldn't think the netgear's router's input would change that.
Generally, the lower the cost of the router, the lower the feature set and limitations. At least one of the TP-Link routers has hardcoded vlan1 used internal in conflict to the UBNT node use of vlan1 for the WAN. Check the other posts for this dialog occuring--the model in question will be problematic. The TP-Link router is unlikely to change the equation.
What you are doing is a similiar and a common issue with companies that have multiple sites and internet connections on their internal 10.x.x.x network. The smarter routers (and a MS Windows server) are more virus aware and not going to do some things that a less smarter switch will do--although probably every router is matching up reply traffic now days. They're not going to let out going internet (reply) connections going back unless it is the same route/device path comming or forwarded in. This might explain how your windows server can initiate a connection, but not talk back to a mesh device.
We also need to have the forward rules going into the mesh do the same thing. There might be multiple gateways on the mesh. On the node where the traffic is forwarded in, the rules should do both DNAT and SNAT (translate to the internal mesh node's IP and tell it that I'm the IP path back). The device on your internal network never knows it is an external IP address.
Joe AE6XE
Does the GS108E remove the vlan1 tag when the traffic goes to the router (it should)? the netgear might be vlan blind, but the other router might be vlan aware and ignore.
From what I have been able to research, it does not. However, if your route the output through a standard switch, it is supposed to strip it off. My netgear router should act as a switch and then connect to the Archer router with it stripped off.
There may be a way to setup the SG108E so it strips it off. But thats another day.
JJ
See reply to your post in the other thread with the published switch configuration. The "U" configuration removes the tag of a packet going out the switch port. The 108E can be (should be) configured to not send tagged packets to devices that are vlan blind.
Here is my revised network using a Multi-wan Router. It is much more stable and works pretty well.
The router was only about 50 bucks through Amazon.
JJ
glad you got it working!