Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-04-22 11:51:16 - last edited 2021-04-23 06:08:27
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.0.1 Build 20210113 Rel.35074

Hello to everyone

Can anyone try to connect through IPsec VPN Mikrotik Routerboard hEX router to TP-LINK TL-R605 omada router. I will give a try for this. If anyone has more info about it, could you please support us! Thanks

Here is my topology

Thanks in advance!

Network Engineer 1.0
  0      
  0      
#1
Options
8 Reply
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-04-23 08:16:43

Dear @xperiments,

 

xperiments wrote

Can anyone try to connect through IPsec VPN Mikrotik Routerboard hEX router to TP-LINK TL-R605 omada router.

 

The parameters name may differ between Mikrotik and TP-Link.

But the configuration process is similar to the setup for Site-to-Site IPSec VPN between two TP-Link routers.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-04-23 10:24:52 - last edited 2021-04-23 10:25:38

Here is my configuration of TL-LINK TL-R605

Here is my configuration of Mikrotik

 

And nothing happen!

Network Engineer 1.0
  0  
  0  
#3
Options
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-04-23 18:30:04

@xperiments 

And what about client-to-site VPN. Settings same as if you want to connect PC to VPN server (Mikrotik). I am using this setup and all computer behind r605 can access other network (VPN server network). I do not know if it is possible to access other way - from VPN server network. It is not a problem for my needs.

  0  
  0  
#4
Options
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-04-29 11:45:51

@xperiments 

I make some changes

TP-LINK Configuration

Mikrotik Configuration

 

I see in some video tutorials for mikrotik that phase 1 is configuration of profiles and phase 2 is proposals.
Also as you can see for tplink configuration i convert lifetime in seconds
08:00:00 is 28800 seconds
1d is 86400 seconds
And VPN dont WORK. Any advice??
Thanks a lot in advance

Network Engineer 1.0
  0  
  0  
#5
Options
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-05-05 12:19:41

@xperiments Any advice ????

Network Engineer 1.0
  0  
  0  
#6
Options
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-05-05 12:24:52 - last edited 2021-05-05 13:00:19

@xperiments Try to deactivate DPD, I have no good experienc with this, I have a lot off vpn to Cisco ASA and have to deactivate DPD.

 

And not use ALL on local networks, select only 1 network, LAN for exsample. 

  0  
  0  
#7
Options
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-07-01 20:16:29

@xperiments 

 

Have you figered this out? My situation is an microtik router and TL-R605.

I also can't make a working configuration.

 

With this settings(on microtik) it is working but i think it's no secure:

  • Ipsec Proposal
    • PFSgroup=none
    • encr algorithms = 3des
  • IPsec profile
    • encr algorithms = 3des

 

 

Best regards,

 

Michel

  0  
  0  
#8
Options
Re:Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
2021-08-04 16:07:41

I think you posted the same on Mikrotik's forums and I replied there as well. But for completeness sake, here's my config. It uses the most secure settings available between the two routers. The limiting factor here is the ER605 which doesn't expose a lot of cipher options.

 

Got it to work for my setup where the Omada device is on a static IP and the Mikrotik RB4011 is on a dynamic IP, initiating the IPSec tunnel from it's side.

 

TL-R605 Firmware: 1.1.0
RB4011 Firmware: 6.49beta46

 

Here are my settings:
Mikrotik side:


/ip ipsec profile
add dh-group=ecp521 enc-algorithm=aes-256 lifetime=8h name=omada
/ip ipsec peer
add address=<static WAN IP of Omada Device> exchange-mode=ike2 name=omada profile=omada
/ip ipsec proposal
add enc-algorithms=aes-256-cbc lifetime=8h name=omada pfs-group=modp1536
/ip ipsec identity
add my-id=fqdn:remote.example.com peer=omada secret=<your PSK>
/ip ipsec policy
add dst-address=192.168.0.0/24 peer=omada proposal=omada src-address=10.0.0.0/24 tunnel=yes

 

Omada Settings:

  0  
  0  
#9
Options