glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
that doesn't sound right. proper bridge mode would have router disabled and ap disabled.
I don't understand what you are trying to accomplish. In my situation the customer is using the Cable company's modem, connected to an edgerouter X which is the router but doesn't have an wifi capability. Instead of getting him a unifi AP to provide wifi, I just used his previous router, the TP-Link Archer, turned off the routing features and only used the wifi part, thus turning it into an access point.
I only use bridge mode on the ISP-supplied gateway combos to use my own router instead of the built in one from the ISP's combo. In our case, it wasn't a gateway combo, just a plain modem.
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
I see. Different scenario to mine then...
I think I'm going to set up a basic TP-Link modem in bridge mode and the EdgeRouter with VPN.
That AC1200 is a router, not a modem. So you'll either have to get a modem/router combo similar to the Telstra, or a simple modem and edgerouter, in which case I don't think you need to place anything in bridge mode.
Unless Telstra has some requirements that I'm not aware of.
Markverhyden
Well-Known Member
- Reaction score
- 10,806
- Location
- Raleigh, NC
Personally I've only done VPN on business level routers. The specs for the AC1200 says it has OpenVPN which is good. So you could, in theory, setup L2TP. The downside with all residential grade routers is firmware. Historically they don't do much in the way of firmware updates. So I'd be concerned about that. Business grade routers regularly provide upgrades, including Ubiquiti.
On the bridging thing. Sometimes these ISP's don't provide bridging per se. But what one does is turn off the DHCP on the modem which then causes the public IP to be passed downstream. I've run into this many times, especially with Comcast. They have a bridge mode software switch but never seems to work and the level of support one gets cannot do any significant alteration of the ISP firmware.
On a side note I got a chuckle out of the name, AC1200. They sum up the 2.4, 300 mbps, and 5, 867 mbps maximum transmission, 1167mbps,, then round it up, to imply the customer can 1200 mbps total.
Personally I'd stick with a business grade router. The docs to setup L2TP on an ERL3 is well developed and does not take long.
On the bridging thing. Sometimes these ISP's don't provide bridging per se. But what one does is turn off the DHCP on the modem which then causes the public IP to be passed downstream. I've run into this many times, especially with Comcast. They have a bridge mode software switch but never seems to work and the level of support one gets cannot do any significant alteration of the ISP firmware.
On a side note I got a chuckle out of the name, AC1200. They sum up the 2.4, 300 mbps, and 5, 867 mbps maximum transmission, 1167mbps,, then round it up, to imply the customer can 1200 mbps total.
Personally I'd stick with a business grade router. The docs to setup L2TP on an ERL3 is well developed and does not take long.
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
you're right, I grabbed the wrong url.
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
I'd be happy with Ubiquiti but they don't do modems so I'd have to put a modem in front of a Ubiquiti router. This seems to be doable with a TP-Link modem/router in bridge mode (I worked out how to do it). But then I may as well just get a decent modem/router like the TP-Link Archer VR600. This does 3 types of vpn: OpenVPN, PPTP and IPSec.
There is method in that. I can't remember the details but doesn't the 'ac' protocol have a way of combining channels or radios or something?
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
I'm playing with the VR600 vpn modes. So far tried OpenVPN and PPTP vpn. Both work to the point where I can make a connection but it puts me in a subnet that is different to the LAN. In fact it makes a point of disallowing the vpn connections from being on the same subnet. So how can I now make a connection to the machines on the LAN??
Edit: I take that back. I managed to contact a couple of devices inside the LAN using PPTP. The routing table has 1 additional entry:
0.0.0.0 0.0.0.0 On-link 10.7.0.11 11
Everything else, local lan etc., appears to be functional though I notice a tracert to an internet address such as google.com results in a single hop.
Edit: I take that back. I managed to contact a couple of devices inside the LAN using PPTP. The routing table has 1 additional entry:
0.0.0.0 0.0.0.0 On-link 10.7.0.11 11
Everything else, local lan etc., appears to be functional though I notice a tracert to an internet address such as google.com results in a single hop.
Last edited:
Markverhyden
Well-Known Member
- Reaction score
- 10,806
- Location
- Raleigh, NC
These newer technologies are so complex compared to the earliest 802.11 standards. I've read through the n and ac stuff and it's like Mandarin.
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
Well I came up with a solution that works pretty well.
Using OpenVPN supplied by the TP-Link VR600 modem router and the OpenVPN client installed on the remote laptop gives me a secure tunnel into our LAN. Now I use the standard Windows remote desktop application to attach to the person's workstation using the LAN's internal IP addressing.
I chose RDP rather than using the LOB client directly over the vpn to reduce the risk of data corruption in the event of comms interruption and because the LOB seems to generate a lot of network traffic which would make performance bad over our crappy internet. This also gives the customer full access to everything on her work computer.
Using OpenVPN supplied by the TP-Link VR600 modem router and the OpenVPN client installed on the remote laptop gives me a secure tunnel into our LAN. Now I use the standard Windows remote desktop application to attach to the person's workstation using the LAN's internal IP addressing.
I chose RDP rather than using the LOB client directly over the vpn to reduce the risk of data corruption in the event of comms interruption and because the LOB seems to generate a lot of network traffic which would make performance bad over our crappy internet. This also gives the customer full access to everything on her work computer.
seedubya
Well-Known Member
- Reaction score
- 1,019
- Location
- Carlow, Ireland
For a single user I'd probably just have used AnyDesk.
Fred Claus
Well-Known Member
- Reaction score
- 458
- Location
- Grand Island, NY
Sorry if I'm missing something, I didn't read everyone's replies yet. If I were in your shoes, i would say to the client they should look into a cloud based EMR program, and put a good VPN on the laptop to log into the EMR software. Or you could set them up with a VPN and a Microsoft Azure account.
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
why?
Fred Claus
Well-Known Member
- Reaction score
- 458
- Location
- Grand Island, NY
It just seams easier to manage than an on-prem system that she has to remote into. I didn't read all the other posts yet so it looks like someone has a better idea that me.
