VPN/Asus Router with Orange Livebox 5

Change of ISP leaves me unable to connect my Asus wifi router to the new Orange Livebox 5 router. I can physically connect them but can’t get the Asus to see the Livebox.
Disabled DHCP on the Livebox, rebooted it and plugged in Asus, but Asus gets no internet connection, so can’t provide VPN for the smart TV.

Has anyone got Orange Livebox 5 to work with Asus or any other wifi router? I don’t care whether the Orange TV box works for French tv, nor the VOIP phone, but we were happily using the VPN to watch UK TV, download catchup to Sky box, etc. I need to know what settings to change on the Livebox, and what my Asus router needs to know about it.

Hi @DianaP . Which model of Asus router do you have. What VPN service do you use. Most ISP supplied routers are very similar, so you should be able to make this work. I connect my (SFR) router via ethernet to the WAN port on my Asus VPN router. The WAN port on the Asus router gets an IP address from the SFR router via DHCP and has it’s own private IP address range. The Asus router then implements the VPN using openvpn. Yours may be a similar setup.

I was set up fine on Numericable (now SFR) router for Nord VPN. Have now moved to Orange with Orange Livebox 5 router and despite resetting my Asus router to factory settings, and disabling DHCP in the Livebox, I still have no internet to the Asus router.

If you’re with NordVPN, as I am, have you been through the process described on the NordVPN website for Asus routers ?.

Also, questions … which Asus router model, and do you use the Asus software that came with the router, or did you put something else on it ?

What IP address is the Asus router using? I suspect both it and the Livebox are using 192.168.1.1 (as these are the defaults for both).

If you use the WAN input, as NordVPN recommends, then the VPN router gets a 192.168.1.x (for my ISP router, others may be different) address from your ISP router. The VPN router should then use a different IP range (192.168.2.x in my case) to serve clients behind the VPN via DHCP. In this way, the two networks are isolated.

I’m sorry but this is gibberish.

Not gibberish at all. If the OP had a separate router, programmed as a VPN, and they did this themselves, then they probably understand it quite well. As they haven’t responded recently I can only assume that my suggestions worked.

Sorry not to have replied before, but haven’t been at home.
Update: I have two Asus RT-AC68U wifi routers, one acting as a proper DHCP router which has Open VPN using Nord protocols, the other just acting as a node to provide a mesh throughout the house. There are cat5 sockets in most rooms, wired into a Cisco Catalyst switch bar which is in turn connected to the Asus router, so my home network is a mixture of wired and wifi connections. The garage and a store room have walls of thick stone and reinforced concrete, so I have a WAP wired in to each, allowing me to access my internet from a phone in the car (and thus see whether the road is clear when I pull out from the garage). All this has worked well hitherto, most recently with a Cat5 cable between my Asus router and a Numericable router from my fibre ISP (SFR) running in modem mode disabling DHCP. Cat5 cables connect my Asus router to my smart TV, and my Sky box connects to my Asus router using wifi.

Orange was installed last week, using a Livebox 5 router which is a lot more clever than the Numericable one. I explored the GUI of the Livebox and found no indication of how to set it to modem mode. There is a tick box to enable DHCP, but it seems to have no effect, whether ticked or not any device connecting to the Livebox gets an IP address in the range 192.168.1.2 onwards. I reset my Asus router to factory settings, then set up my logins and SSIDs on the Asus GUI, and reset the Livebox. I set the Asus router to use 192.168.2.1 onwards. I spent a day or so on this, resetting each router several times, while tearing my hair and consuming too much coffee. Whatever I did, the Asus router was not connecting to the internet.

On the Livebox I reserved 192.168.1.10 for the Asus router’s MAC address, but still wasn’t quite there. At this point I should emphasise that I’m not, and don’t pretend to be, a Networks guru: when I was leading an IT helpdesk before I retired, I was Desktop side, and left network technical work to the specialist team, so by this stage I was a bit out of my depth. Anyway, I then tried setting the Livebox’s IP range to 192.168.1.11 onwards, so the Asus router wouldn’t be affected. I rebooted each router whenever any setting was changed. I was getting nearer now, and set the Livebox to the lowest firewall setting. I began to relax a bit by then, and set the DMZ on the Livebox to let the Asus router’s IP address through.

After the next reboots, the Asus router at last had internet connectivity, and I set up Open VPN and installed the Nord protocols. I had, as one does, kept a list of all the steps I had taken, so edited this to remove all the steps which hadn’t had any effect, so that if I ever have to set up a successor to my Asus router I will have a less frustrating time!

At least I now have the ability to download programmes via Sky Catchup on the Sky box and Sky GO on a laptop, and can use individual catchup facilities for UK channels on the smart TV. There are sometimes error messages as if there are intermittent losses of internet but a second attempt usually works. Now I have to set up my port forwarding so I can view the CCTV and IP cameras from the UK , and reinstall both the video doorbells. I have performed a couple of IP scans to identify which devices still aren’t on line yet and will work through them during the coming week.

If any expert out there has any advice as to anything else I should be doing to provide a stable network, I’m all ears. Thanks for your support, all those who have already replied. I did research the Orange customer support web pages, but I seem to be the first amateur Orange customer to try this configuration.

I find it intriguing that with all your IT skills of setting up your networks, and with a place in the UK, you still pay for a VPN provider when you could very simply run your own or create an free instance in the cloud.
Ref your original question. Have you ever tried travel routers? They are cheap and extremely simple to setup, ideal for VPNs and have settings for working as repeaters, tethering etc. I have a GL.iNet M300N Mango router connected to my Livebox with no issues, and it is also powered directly off the USB port. The signal from the travel router around the house is stronger the that of the Livebox even though it is only 5cm x 5cm. The travel router has my VPN wifi signal and the Livebox the “French” wifi.

Hi @DianaP it seems as though you are getting somewhere at last . From what you say, it seems as though you have the Livebox and your Asus VPN router sharing parts of the same IP address range 192.168.1.x, with each box being set up to use just it’s part of that address range. A much easier way to get this all working is to connect the cable between the Livebox to the Asus VPN router to the WAN port on the Asus router (the separate blue socket on your router) and enable DHCP on the Livebox. Then set the IP range on your Asus VPN router to 192.168.2.x. Of course if you get it working properly the way you have then that works for you. The one downside to this is that you won’t be able to access anything connected to your VPN from outside the Asus box … although I think that’s a positive. This setup should also make it more difficult for UK based entities to detect that you’re outside the UK. With your setup, try opening the following website in a browser connected through your VPN

You’re IP address detected and any DHCP servers detected should all be UK based. If there are any that are not, then you may have issues.

Edited just to say that I’m no networking expert by any stretch of the imagination. I’ve just learned though trawling the internet and figuring out how to do this.

Physical connections are as you describe and Asus router is indeed using 192.168.2.x. As I said, it makes little difference whether you enable DHCP on the Livebox, it does it anyway. At present I have left the Livebox WiFi on for ease of access if needed, but am setting up most devices to use the Asus SSIDs. I check Whatismyip to make sure I am appearing to be in the UK before connecting for any TV purposes, which is the main reason for such a complex system, and this will tell me if Nord VPN servers cease to work necessitating installation of new protocols. I’m sure I’ll be busy firefighting when it all falls apart, but for now, it works.

I have a Mango as well - not too fast, but remarkably strong signal from part of the garage. I have a Three Mifi too, for travelling, and that can give a strong signal, too.

I take your point about running my own VPN and the cloud. I have had Sky and then Virgin in the UK, while I was using Numericable in France, and after being in one country for a week or so most of the devices running in the other just disappear. Running a “smart home” in each country is good, if the ISPs perform well, but that is not always the case. Sadly neither Numericable nor Virgin have provided a continuous service for longer than a month at a time, and I can’t keep asking neighbours to reboot routers. Virgin spent a day disconnecting, reconnecting and rewiring, which has improved connectivity considerably, but devices still fall off the LAN. Monitoring temperatures in France and turning on sockets remotely to get heaters running is wonderful when it works, but last time we went to the UK in cold weather even the Hive central heating control was inaccessible online and its hub had to be rebooted manually. CCTV is usually the first device to drop off, though the Ring doorbell seems tenacious enough. I’m keeping fingers etc crossed that Orange’s serivce will be better.

Have you considered Tailscale (https://tailscale.com) to have one secure network with all your computers/connected devices on, whether in France or UK. Then having a raspberry pi or a dell WYSE (or similar low power consumption pc) acting as an exit node in the UK gives you a VPN whilst in France. Advantage of Tailscale is it means you don’t have to muck about with port forwarding etc. It just works. VPN speeds on Tailscale are very good since it is based on Wireguard which is about 2x the speed of an Openvpn server.

Ref the Cloud VPN. I have setup a wireguard VPN on a free instance of the Oracle Cloud. Very easy and free, however for catchup TV, they all work except for Channel 4 which must have blocked the IPs from the Oracle datacenter. Running your own on a WYSE (which is now cheaper and more available than a pi) is the easiest solution which works for catchup TV. Advantage of the cloud is you have a static external IP address, but you can use duckdns for a home base VPN.

Could a smart plug on the router cable not enable you to reboot the router when you are not there? The Tuya enabled smart plugs have on/off control from an app or Home Assistant.

Ah, so you do have two different IP ranges for the two routers. That’s exactly the way mine is set up. The only difference for me is that I have DHCP enabled on my SFR modem/router and it serves a 192.168.1.x address to the Asus VPN router for the VPN tunnel. There do seem to be issues with DHCP on the Livebox 5 if you look on the internet, with reports of LAN connected devices not being served addresses via DHCP, so you may be having the same issue.
Anyway, if it’s working OK now, then don’t touch it

Edit: There are reports from earlier this year of the issue of DHCP not working on LAN ports that suggest the issue is caused by Wifi repeaters connected to the Livebox 5. Lots of people report that if they temporarily disconnect the repeaters then DHCP starts working, and then once an address is served, you can reconnect the repeaters and the served address will always be used from that point on. That’s a bizarre fault.

The Livebox does not have the possibility to set it in Bridge mode, which is maybe what you were using with Numericable/SFR. The workaround is indeed to set your second router (Asus) in the DMZ zone, which kind of bypasses the Livebox. This way the Asus router is directly exposed to the internet, so care is needed to setup firewall etc.

I have a similar setup with a Livebox 4 (fiber connection) and Asus mesh routers for the inhouse wifi. But since I do not need VPN or similar, the Asus is connected as a simple Access Point (no DHCP) and the Livebox is the DHCP server. However, I have been thinking of “promoting” Asus to be the house router and move it to the DMZ. I do need the Livebox to provide VOIP, however.

I have a VOIP phone from the Livebox, working fine. Initially I found the Livebox was always at the top of the list of WiFi connections, resulting in some devices connecting through the Livebox and some through my home network. If devices automatically switch to a stronger signal without telling me, file-sharing within the house is difficult. I solved this in two ways, first by giving fixed IP to laptops which share files and the Sky box and TV, also by limiting the number of IP addresses which the Livebox can control.

You have given the two wifi networks, Livebox and Asus, different SSIDs. Connect devices only to the network desired. If a device does not know the password to the “wrong” network, it won’t connect. Or, in some systems, you can define “Do not connect automatically” in network settings.

Yep, I’ve limited the number of IP addresses provided by the Livebox, and only set up its address on devices which really need it. For example, I’ve found that my new Pure internet radio won’t play BBC radio channels through the VPN (although channels from other countries play fine), so it connects via Livebox. I think I have finally got the network that I want, working fine. It’s taken a while but I got there in the end, learned a few tricks and made copious notes in case I ever have to do a factory reset and repeat the process!