Router cascade w/o double NAT

Started by cmonty14, May 12, 2022, 09:06:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 12, 2022, 09:06:05 AM
Hello,
based on this tutorial I started a setup of router cascade w/o double NAT.

This means primary router is setup with disabled NAT and additional routing rules.
The visualization would look like this:
clients ↔ OpenWRT router (no NAT) ↔ routing rules ↔ ISP router with NAT ↔ Internet

Actually the clients are represented in a LAN subnet (172.16.1.0/24) and DMZ subnet (172.16.11.0/24).

This works as expected.

Now I want to connect a secondary router to a free NIC of the primary router. This secondary router provides multiple subnets, e.g. Office, Guest, IoT.

The visualization would look like this:
clients ↔ OPNsense router (no NAT) ↔routing rules ↔OpenWRT router (no NAT) ↔ routing rules ↔ ISP router with NAT ↔ Internet

The secondary router's LAN subnet is identical to primary router's LAN: 172.16.1.0/24.
This subnet is only for router access (SSH and HTTPS).

As a result the following IPs are assigned:
primary router:
LAN: 172.16.1.1/24
DMZ: 172.16.11.1/24
eth1: 172.16.0.1/30
WAN: 192.168.1.2/24
secondary router:
LAN: 172.16.1.2/24
Office: 172.21.10.1/24 (VLAN)
Guest: 172.21.20.1/24 (VLAN)
WAN: 172.16.0.2/30

The current issue is:
No internet access from secondary router, means I cannot upgrade software packages.
The error message is this:
Code Select
[thomas@lou ~]$ sudo pkg update
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/latest/meta.txz: Connection refused
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.1/latest/packagesite.txz: Connection refused
Unable to update repository OPNsense
Updating mimugmail repository catalogue...
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/meta.txz: Connection refused
repository mimugmail has no meta file, using default settings
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.txz: Connection refused
Unable to update repository mimugmail
Error updating repositories!

DNS on secondary router is (obviously) working, though.

I wonder which route secondary router should take when accessing internet?
Executing traceroute shows this:
Code Select
[thomas@lou ~]$ sudo traceroute openwrt.org
traceroute to openwrt.org (139.59.209.225), 64 hops max, 40 byte packets
1 172.16.0.1 (172.16.0.1) 0.538 ms 0.433 ms 0.355 ms
2 172.16.0.1 (172.16.0.1) 0.355 ms 0.443 ms 0.392 ms

This means secondary router is not using default route of primary router. This is routing table of primary router:
Code Select
root@eddie:~# ip route
default via 192.168.1.1 dev wan src 192.168.1.2
172.16.0.0/30 dev lan5 scope link src 172.16.0.1
172.16.1.0/24 dev lan2 scope link src 172.16.1.1
172.16.11.0/24 dev lan4 scope link src 172.16.11.1
172.21.0.0/16 via 172.16.0.2 dev lan5 onlink
192.168.1.0/24 dev wan scope link src 192.168.1.2

I don't understand how network traffic on this subnet would be routed to WAN interface of primary router.
Can you please advise how to troubleshoot this issue?
Print
Go Up Pages1
User actions