IPSEC Client-to-LAN full tunnel, router not reachable

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPSEC Client-to-LAN full tunnel, router not reachable

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPSEC Client-to-LAN full tunnel, router not reachable
IPSEC Client-to-LAN full tunnel, router not reachable
2020-04-16 07:53:18 - last edited 2021-04-19 11:19:10
Model: TL-R600VPN  
Hardware Version: V4
Firmware Version: 4.0.3 Build 20190227 Rel.48206

When I have a IPSEC Client-to-LAN connection setup which routes 0.0.0.0/0 directly through the tunnel, I cannot access the IP of my TL-R600VPN anymore. It can't even provide DHCP leases anymore. The IPSEC server on the other side is StrongSwan on CentOS. I can access the TL-R600VPN from that server, but not from my LAN anymore.

 

Anybody know how I can fix this?

  0      
  0      
#1
Options
3 Reply
Re:IPSEC Client-to-LAN full tunnel, router not reachable
2020-04-17 02:33:04 - last edited 2021-04-19 11:19:10

@Christiaan1981 

 

A little confused. StrongSwan is your VPN server or R600VPN is your VPN server? 

And where did you set the routes 0.0.0.0/0? If you set the route on your PC, it may make your PC send the data to the wrong gateway and cannot access R600VPN. If you set the route on R600VPN, it should be not able to make all traffic go to IPsec VLAN tunnel because IPsec VPN is not based on route.

  0  
  0  
#2
Options
Re:IPSEC Client-to-LAN full tunnel, router not reachable
2020-04-17 21:03:44 - last edited 2021-04-19 11:19:11

@Andone Strongswan is my VPN server. The R600VPN connects to it as Client-to-LAN IPSEC. Then the remote is always 0.0.0.0/0.


I can't use LAN-to-LAN because I want to route all traffic over the VPN.

  0  
  0  
#3
Options
Re:IPSEC Client-to-LAN full tunnel, router not reachable
2020-04-20 10:52:54 - last edited 2021-04-19 11:19:11

@Christiaan1981 

 

As I know, R600VPN only support to be a VPN server if choose Client-to-LAN IPSEC. And its IPsec VPN doesn't support to route all traffic over the VPN. Maybe it cannot meet your requirements. If you want to route all traffic over the VPN, you can choose L2TP or PPTP VPN. The below FAQ is a reference. The Strongswan will be the VPN server and PC will be the VPN client.

 

https://www.tp-link.com/en/support/faq/2137/

  0  
  0  
#4
Options