I am sorry, I am still not getting the private IP part... can you tell me where on the Asuswrt-Merlin web UI would I input these figures you suggested?
I changed the LAN IP to 10.0.0.1 and the associated DHCP IP pool to 10.0.0.2 to 10.0.0.99... that worked for a day or so, and then all of a sudden it is as if everything is jammed. On the network map, it showed that 10.0.0.x addressed were assigned, but they cannot connect to the internet...
Sorry, I guess I am still a NOOB!
Hi @Chasmal, no problem It looks like you've done it correctly. The real meaning to the "Private Address Range" is that those addresses can't be used across the internet. Out of all of the IP addresses that can be addressed or used, they are defined or allocated for local use only behind a firewall. If you do enter any of those addresses into the address bar of a web browser, or attempt to ping any of them when they're not assigned to a device on your network, you should see no response. The router, modem or firewall itself should never allow you to use any of the addresses to access a site somewhere across the internet and they should look to your own local group of devices for the specified IP address. That should be built into internet facing devices so that the user has no choice. Further upstream, any ISP server or router should probably reject an address like that, even if it was spoofed.
From that group of private address ranges:
IP addresses: 10.0.0.0 -- 10.255.255.255.
IP addresses: 172.16.0.0 -- 172.31.255.255.
IP addresses: 192.168.0.0 – 192.168.255.255
You have selected 10.0.0.1 which is entered in the LAN .... LAN IP .... IP Address entry window.
The IP range is entered into the LAN .... DHCP Server .... IP Pool Starting Address for 10.0.0.2 and IP Pool Ending Address for 10.0.0.99
So, that looks correct.
Fwiw, I have my router running in router mode with the firewall enabled.
After you have assigned those addresses I would reboot both the modem, and router. You should be able to access the modem by using 192.168.100.1 The reboot is located in ADMIN .... DEVICE RESET .... Reboot. Or, you can simply pull the power off of the modem and plug it back in 10 to 15 seconds later. That modem and router reboot should ensure that both devices have the proper device IP addresses assigned and that the proper port to IP address assignments are correct in each device.
Are you running modem in Gateway mode with the modem in Router mode, and, is the router firewall enabled? (FIREWALL .... GENERAL .... Enable Firewall)
I wouldn't advise running IPV6 in this configuration as I don't know if it will be stable or not. I usually run IPV4 only in this configuration and enable IPV6 when the modem is in Bridge mode with the router in Router mode, or, flip the modem into Gateway Dual Stack mode and connect to the modem directly.
On the network map, click on the computer symbol directly above the bottom "Clients: xx" where xx is the number of clients in the list. That will bring up a panel on the right hand side which will show the online devices. If you click on any of those device icons in the right hand panel, that brings up another DHCP panel where you can disable internet access for that specific device.
To prove that you have access to the internet, try pinging an external address like www.google.com See if that confirms internet access or, that there is a problem. I think that if you reboot both devices, that should clear up any issues. With the router firewall up, both modem and router should be running their own networks, with NAT running between the modem and router to enable internet access for devices behind the router firewall. You should also ensure that you remove any port forwarding settings that you might have set up in the modem for the router IP Address itself and for any devices that are now behind the router firewall.
You might see a warning from the router that indicates that the router is not connected directly to the modem. Essentially its not happy about running in Router mode when the modem is running in Gateway mode. Its been a while since I've seen that warning so i don't remember exactly what it will say. In any event, ok, the router isn't happy, but, it should just keep on running and not cause any problems.
Please let me know how this is working for you and if you have any more problems with it.
Yes, exactly. That range, if I'm reading this correctly will provide an IP address for 16,777,214 devices. I doubt that anyone has that number of devices on hand. So, most users should be ok with an upper address stop around 10.0.0.20 to maybe 10.0.0.40
Running a quick calculation, here a few address ranges and the number of IP addresses in that range:
10.0.0.0 - 10.0.0.15 = 16 IP addresses
10.0.0.0 - 10.0.0.31 = 32 IP addresses
10.0.0.0 - 10.0.0.63 = 64 IP addresses
Thank you. I think I am getting a better hang of this... How about DNS? I use NordVPN and they have their own DNS servers and said they prevent DNS leaks? But I think Netflix doesn't like DNS'?
Fwiw, you can calculate the subnet mask to limit the number of IP addresses in the range. I've never bothered doing it, just limiting the max IP IP address instead. That subnet mask of 255.255.255.0 should yield a max IP address of 10.0.0.254 if my calculations are correct.
I don't think its an issue with DNS services with Netflix. I seem to remember reading something about Netflix disabling, or not allowing feeds to VPN providers, primarily I think to enforce country specific Intellectual Property regulations and Broadcast Rights to various programs which are held by companies other than Netflix when you're talking about other countries, Canada, UK, Australia, etc, etc. Netflix is able to broadcast a large library within the US, but, not holding those same broadcast rights outside the US, Netflix has to abide by the agreements between the content creator and the content distributor in other countries.
Running a VPN, you can look like you reside in the US, which is not correct, so, content providers in Canada, who shall go unnamed, aren't terribly happy with that situation as they've bought the distribution rights for Canada for various productions and only they have the legal right to distribute and broadcast those productions. So, to them, using a VPN to access those productions is considered as theft
Do you bother with manually setting the DNS for your VPN client service on your router?