MAX BR1 WAN to Linksys internet - routing/setup

I have a Linksys wrt1900acs v2 router running dd-wrt that will need to pass VPN to the cloud as well as internet traffic to/from the Linksys wifi and wired nets locally. I have a MAX BR1 that I am attempting to run in “bridged mode” (ip passthru) out the WAN port connecting to the Linksys “internet” port. I have yet to be able to get these two to talk to each other via the this connected setup, and it should work by all the info I have been able to dig up. Obviously I am doing something wrong.

So far I have disabled wifi and dhcp on the BR1 and set it to IP PASSTHRU mode with NAT turned off and IP forwarding turned on. The Linksys has DHCP turned on and I have its WAN connection set to DHCP(auto) - there is no Linksys wan IP and no traffic being passed to/from the BR1 and the internet. If I connect the two via ethernet ports there is routing to the internet but VPN does not work.

I need to get this figured out as it seems a simple thing to get to work but so far not having much luck. I need some definitive settings assistance on this one.

The problem is that you have IP forwarding turned on. Turn that off and reboot both devices and your linksys should get the cellular IP address.

Still no joy… Enabled IP passthrough on cellular connection status panel. Also on WAN status panel… The WAN which is priority 2 just sits there trying to connect to something but never does. No ip forwarding enabled.

Ok dumb question here - where in the BR1 interface does one enable the IP Passthrough? In the cellular network panel or the WAN network panel? Right now I have IP passthrough enabled on the WAN connection instance and the Cellular connection instance Does the WAN connection instance need to be enabled or disabled?

You would do it on the cellular network panel and not the Ethernet WAN panel. Unless of course you are trying to pass through an IP from a cable/DSL modem.

You cannot have IP pass through on two interfaces at the same time.

I will correct that asap.

I do notice that when I physically disconnect the cable going from the BR1 to the Linksys that both devices acknowledge the link failure, but still do not connect with each other with the cable attached.

Another bit of information I read which may be erroneous is the device ip setups - to have each device on a different subnet of 192.168.x.x… Currently the BR1 is running its native device ip and the Linksys is running its native device IP of

Dumb question #2 - do the device IP’s need be in the same subnet? And if yes which device gets changed? MY guess would be to maybe change the BR1 to a possibly?? How is this normally done?

In IP pass through mode the BR1 will not have an IP scheme. It will still have its default address of for management purposes but you will need to give your PC a static address in that subnet in order to log in to it.

You can use the default subnet on the linksys.

Is there a direct number where you can be reached? Really need to get this working.

I reread your OP and it seems that you think you need to do IP pass through on the BR1 so that your client VPN will work and also allow the linksis to route traffic. This is not true. In fact the only time you would really use IP pass through on the cellular is if you were subscribed to a static IP, otherwise not much use for it.

You should confirm the BR1 connects to the cellular network and you can browse the internet. Keep the default IP scheme. Plug a cable from the BR1’s LAN port to the WAN or internet port on the linksis. It should get a 192.168.50.x address. Keep the default IP scheme of 192.168.1.x on the linksis and then go ahead and connect all of your devices to the linksis and test the VPN and internet.

Let us know what step above doesn’t work and we can quickly isolate it.

Ok, this whole time I have been attempting to connect the front panel port on the BR1 called “WAN” via ethernet cat5E to the back panel Linksys port called “internet”. Dick move #1 on my part. I have since switched to one of the ether ports on the BR1 (number 1 I believe) and the two devices have connected. The VPN was not working, and I ended up finding a bunch of cut/paste errors that occurred when applying the cert keys to the client configuration. Dick move #2 on my part… VPN seems to be working now as well.

As for the IP pass through - that was just something I came across time and time again when trying to read what others had done with this sort of thing. So I just figured it was needed here as well. I do not have a static internet IP so I will turn OFF the BR1 IP Passthru as well and test. One other question concerning IP passthru - by having that enabled in a non-static environment, could that induce a internet speed loss of any sort?

thx for your help thus far!

Good deal, I’m glad you got it going! The IP pass through should not have any effect on the speed.

I tested this setup with the BR1s’ IP Pass-through, both ON and OFF. It appears for this to work at all IP pass-through MUST be turned ON at the BR1. Otherwise the Linksys DD-WRT router just sits there waiting for a WAN IP forever and no traffic passes anywhere.

With the BR1’s IP pass-through engaged, the routers be routing and the VPN be VPN’ing, but I cannot seem to hit the BR1 admin page through the network anymore. I can get to the BR1 admin page if I set my notebooks’ network port to a static IP on the BR1s’ native subnet like 192.168.50.xx. I can then connect a cat5e cable from the notebook to the other open ether-port on the BR1 front panel and presto! BR1 admin page! But, I cannot route to it via the network. When ticking ON the IP pass-through check box on the BR1 there is a popup that happens alluding to the fact that the admin page may need to “be accessed in a different way”. It says see online documentation (no url to docs on this)…

Static route need to be implemented somewhere ?
Any thoughts ?

As I mentioned earlier in this thread that is the only way you can access the web admin of the BR1 when it is in IP pass through mode.

So there is no way to place a static route somewhere in the system to allow traffic bound for to be routed correctly? From my internal side that is…

ok… no response would mean a no on that I guess…


please advise

No, not possible but you can use the Remote Web Admin on InControl2 to easily get into it.