This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I have the simple and fairly generic Comcast business SMC cable modem. I can't get an exact model right now but it is the one that has the 4 port switch on the back.
In the UI for this modem it presents a LAN address (currently set to 10.2.10.1) and a DHCP server (currently disabled).
I bought the R7000 for the VPN. I'd like to connect and have access to devices on the LAN. I have static IPs. The comcast cable modem is at XXX.xxx.xxx.A, and the other one I pay for is XXX.xxx.xxx.B. The comcast SMC modem shows the .A address in the gateway setup. From the internet I can ping that IP and it returns a ping.
Prior to the nighthawk I had a sonicwall tz100. In this I simply set it's WAN ip to the .B address sort of in punch through mode and connected the wan port of the sonic wall to the smc 4 port switch and it worked. The problem with the TZ100 was that it caused all kinds of issues with my company Cisco software VPN.
I bought the R7000 hoping for a personal VPN solution that would not kill my company Cisco VPN needs. So I installed the nighthawk and gave it IP address 10.2.10.2 on the LAN. I tried a number of different things for the internet setup. Right now I'm using it in punch through mode as well by setting the XXX.xxx.xxx.B address in the WAN port. I point the gateway at the .A address.
This sort of works. Computers connected to the nighthawk get DHCP addresses and can get out to the internet. Asking about public IP does in fact return the .B address as I expected.
Here is the problem:
A) The open VPN client will not connect. It just sits there waiting for host response. I've tried several different computers both Win and Mac with no luck.
B) To support A even though I have remote management enabled if I from the internet attempt to connect to XXX.xxx.xxx.B:8443 it too will timeout and not connect.
So I suspect something like the following:
Even though the router (nighthawk) has wan set to XXX.xxx.xxx.B it really isn't present at that address. IE outgoing works, incoming does not. Somehow the SMC cable modem is like in the way.
So I tried the following:
SMC cable modem, enable DHCP server from 10.2.10.2 to 10.2.10.4. In nighthawk set WAN port to get address automatically.
This did something strange. I want my home LAN to be on 10.2.10.xxx but the nighthawk doesn't like having the IP address of the WAN be similar it seems to the lan. It reverted my lan addresses to 192.168.1.xxx
So the simple question after all that is:
How should I setup the nighthawk assuming I have two static internet IPs on the SMC. One seems to be used by the SMC and the other is free. How should I setup the nighthawk to ensure it will allow VPN and remote management?
Set the SMC to Bridge Mode (modem only). Either you can do it, or yo may need your ISP to change it to Bridge Mode.
Let the R7000 run in router mode. (DHCP running etc). CAT5e, or better Ethernet connection from the R700's WAN port, to a SMC LAN port.
When you have have the SMC set to bridge mode, reset the R7000 to factory default and reconfigure from scratch. Once you have set the R7000 up correctly, you should have absolutely no problem with your Cisco VPN client connecting to work. If you do, it will most likely be on the work side - possibly with your work VPN Server.
I use three VPN clients, on two R7000's. One is Cisco VPN client for work, and I have absolutely no issues connecting to work, or, whatever I do on any of my VPN clients.
You don't need to use openvpn on the router to connect to work, and probably wouldn't work anyway.
Set the SMC to Bridge Mode (modem only). Either you can do it, or yo may need your ISP to change it to Bridge Mode.
Let the R7000 run in router mode. (DHCP running etc). CAT5e, or better Ethernet connection from the R700's WAN port, to a SMC LAN port.
When you have have the SMC set to bridge mode, reset the R7000 to factory default and reconfigure from scratch. Once you have set the R7000 up correctly, you should have absolutely no problem with your Cisco VPN client connecting to work. If you do, it will most likely be on the work side - possibly with your work VPN Server.
I use three VPN clients, on two R7000's. One is Cisco VPN client for work, and I have absolutely no issues connecting to work, or, whatever I do on any of my VPN clients.
You don't need to use openvpn on the router to connect to work, and probably wouldn't work anyway.
I think this will be the answer. I cannot figure out how to set the SMC to bridge mode. I read a few things about setting "true static ip..." but I'll need to call Comcast. Unfortunately I was hoping to get it working before I travel today. But that didn't happen.
I think I will have a similar setup to yours:
My Cisco VPN is all software and I just need to make sure (unlike the sonicwall) that nothing is killing that as I typically need to connect in the morning and remain connected virtually all day.
My reason for wanting the NH VPN was to remotely gain access to devices on my LAN. I have a IP SDR radio I'd like to connect to, I have a relay controller to control a few things and other stuff. When traveling I'd like to be able VPN in, and some of the software I need to use while connected needs to be able to find stuff as if I were sitting on the LAN locally.
Specifically the IP SDR radio sends out a UDP packet about very 15 seconds that software receives to determine what the radio is. While I know and can find the IP of the radio the software I want to run follows the process of waiting for UDP packet then extracting the radio info from the packet so you can connect to the radio.
I seem to remember reading that I may need to take an extra step to allow the UDP packets to traverse the VPN. Any guidence on that would be appreciated.
Thanks again for your reply. When I am back I will see about bridge mode and figure out a way to test the VPN connection. I think I will ask one of my neighbors for temporary use of their guest wifi.
