I'm trying to get two networks to talk to each other.



The VPN router is running DD-WRT and using Private Internet Access VPN. The first Router is using Netgear firmware. Router 1 LAN connected to VPN Router WAN.

Router 1 IP is 192.168.0.1. VPN router IP is 192.168.1.1. It assigned 192.168.0.19 to VPN Router.

In DD-WRT commands:
iptables -I FORWARD -s 192.168.0.0/24 -j ACCEPT

Router 1 static routes:
Destination IP Address 192.168.0.0
Subnet 255.255.255.0
Gateway IP Address 192.168.0.19

Anything I'm missing? PC4 cannot connect to PC1.

I'm not an networking expert by any means, but this is what I've learned/experienced.

1) For Router VPN B, try setting its mode to "Bridged" instead of "NAT".

2) This will make that router behave like a generic network switch,
so PC1 is a network peer to PC4 & not within another network sub-branch IP.

Not exactly sure what you are trying to acomplish with this configuration, In general stacking devices that do network address translation is a horrible idea since it breaks lots of protocols. Also many VPN protocols are ones that won't survive NAT. You don't talk much about the other end of the VPN and if your intent is to restrict access to nodes across the VPN tunnel to a subset of local machines.
As slacker mentioned when people use a "router" when they should be using an access point you can get away with it in "bridged" mode or not using the internet port on the downstream router and turning off services like DHCP on it.
The single iptables line is not going to make your network magically work like its a single network.
You say pc 1 & 4 cant connect, what type of connections are you trying to establish?
Let us know your needs and we can propose a working configuration but this is typically not one that works well if at all.

quote:

---

The single iptables line is not going to make your network magically work like its a single network.
You say pc 1 & 4 cant connect, what type of connections are you trying to establish?
Let us know your needs and we can propose a working configuration but this is typically not one that works well if at all.

---

This. next we will need to ip config of host 1 & 4 also. and include gateway and dns, if dns is used for the connection.

Make sure router gateway knows the route back to the VPN router and its connected networks.

quote:

---

Let us know your needs and we can propose a working configuration but this is typically not one that works well if at all.

---

I have PIA and ideally would like my entire network behind the VPN without having to connect each device. Since the Netgear firmware does not allow this, I would at least like some devices to do this (using a cheap DD-WRT router I had) but with the ability to transfer data with non-connected devices.

If there were a way to place the cheap DD-WRT router between the modem and Netgear router, that's an option too.

What technology is the VPN? IPSEC,SSL, or god forbid PPTP? Is the desire to have some subset of the machines have access to nodes via the VPN tunnel and the rest of the traffic going directly to the internet? You should be able to acomplish this type of configuration with DD-WRT or PFSense. The stock router firmware from all vendors is quite impared, and to call these boxes routers you have to take the term in the most liberal sense.

"OpenVPN, PPTP and IPSEC/L2TP VPN Tunnels"

So my guess is that you are not really using a VPN for a private network between your machines but as a strategy to hide your network by moving it exit point elsewhere. I understand there are reasons to do this but you need to understand moving the exit point for all your traffic will significantly lower your throughput. You probably should also understand this is just a minor blip in the line for TLA's to inspect your traffic and could actually draw more attention to your traffic.

Depending on what version of DD-WRT you are using you can setup OpenVPN in the router GUI. You can also decide what traffic destinations will use this route and default the "normal" traffic to use your local internet gateway. Think the openvpn stuff was baked into the DDwrt image in rel24. Before that you had to use the console to configure this functionality. If you do this you can drop back to a single router. If you were using PPTP before one of the issues is that its use of GRE makes it near impossible for multiple machines behind NAT to connect to the same target host.

I have OpenVPN running on the DD-WRT router and everything is working. Lower throughput is not that big of an issue as I currently have 6 mbps download speeds. I only care about speed within the network which is why I'd rather use the Netgear router instead of the cheap DD-WRT for internal traffic.

Upgrade your netgear to run DD-WRT, or run openvpn client on the PC's you need to hide. The speed will not likely be the issue its the extra hops to the VPN server and then on to the destination.
The issue with windows at least is lots of things like shares, printing and other NBT users typically discover each other via broadcasts in the absence of domain controllers or properly configured wins servers. But the broadcasts are not going to traverse that second router so you will have to add infrstructure to make normal windows services work. This is why its just better to fold it back to a single network. No matter what router you are running its going to be far slower than a flat switched network because of the port to port latency.