1

I’m trying to set up an openVPN server on my ASUS RT-AX55 router at my parents home.

The ISP requires VLAN tagging (requires me to enter a particular vlan id for things to work) + PPPoE logging.

The modem/router provided by them faces the internet. My Asus router WAN port connects to the ISP modem/router LAN Port 1.

When I try to register hostname under asus ddns server, I get the following:

Private WAN IP error

I understand that if I'm using two routers, I need to put the ISP modem in bridged mode for my asus router to get public IP.

I tried doing that, and the WAN IP on my asus router homepage changed from 192.168.x.x to 100.109.x.x This is still not my public IP.

When the ISP modem is in bridged mode, I had to enable VLAN and specify VLAN ID.

When that was disabled, things were not working out.

What do I do here?

How can I set up DDNS successfully, so I can always know the public IP at my parents home?

Improve this question

1 Answer 1

Reset to default
2

I understand that if I'm using two routers, I need to put the ISP modem in bridged mode for my asus router to get public IP. I tried doing that, and the The WAN IP on my asus router homepage changed from 192.168.x.x to 100.109.x.x This is still not my public IP.

This would be true if you had a public IP address dedicated to your home connection. Unfortunately, it seems that you actually do not have one, due to your ISP using CGNAT.

Switching the ISP modem to bridged mode did remove one layer of NAT, but now there's still one more layer that's done on the ISP's side – either they're set up to share a public IP address between several customers at the same time, or they're expecting that they will soon need to do so.

(100.64.0.0/10 is a private IP address range that has been reserved specifically for CGNAT usage.)

In most cases this also means that you won't be able to receive inbound OpenVPN connections to the ASUS router, whether it has DDNS or not.

Instead, you will probably need to set up an outbound VPN connection to a server which does have a fixed public IP address – as long as the outbound tunnel is kept alive, it can be used to reach back from the VPN server (or from any other client connected to it) into your parents' home network. (Make sure to enable OpenVPN's "periodic ping" feature, as CGNATs may be aggressive about forgetting "idle" connections in just minutes.)

Improve this answer
2
  • I have the same issue as author, but when I change router #1 to bridge mode router #2 address ip address changes from 192.168.x.x to 10.xx.xx.xx. Do I have the same situation as you've described?
    – vozman
    Commented Mar 8, 2023 at 14:42
  • 1
    Probably. Some ISPs do use 10.x.x.x for their CGNAT implementation (especially those who started doing CGNAT before 100.64.x was even allocated).
    – grawity_u1686
    Commented Mar 8, 2023 at 14:46

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .