VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
2021-06-30 11:34:28
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.0.1

Hello,

 

I just got some new products from TP-link, that I would love to use together with the Omada Software Controller.

 

My setup is:

 

ER605 (Gateway) -> TL-SG3428MP (switch) -> EAP620 (APs)

 

My needs are pretty simple, I have to create 2 wireless networks for my office:

SSID: Office

SSID: Office_VPN

 

The Office_VPN traffic should go through our OpenVPN server (hosted somewhere in this world), but there's a catch, the Open VPN server is configured to allow traffic just through ports 80 and 443.

 

All the switch ports settings are default, trunk.

 

The Wireless Networks configuration looks like:

 

 

And those are the interfaces,

 

 

And for sure the Client-to-Site, ovpn configuration,

 

 

Both wireless networks send the traffic out to the world on ports 80/443 just fine, but the problem is that I could not send any traffic through the rest of the ports (e.g. 22), no matter what Wireless Network I'm using. Any advice?

 

I've expected that only the Office_VPN network that forwards traffic through the OpenVPN to have the ports locked.

 

Thank you,

Tudor

  0      
  0      
#1
Options
6 Reply
Re:VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
2021-07-01 06:02:12

@TudorRO 

It's not gonna work, the Router is VPN Client now, so all traffic from that WAN(you set on the VPN policy) will be transferred to the server.

 

How many WAN do you have? If you have two WANs, you could make the default SSID traffic through the other WAN via Routing Policy rules.

 

For example, all data on XXXX_VPN traffic through WAN, so set a rule to make IP Group 192.168.10.0/24 traffic through WAN.

And another rules, make IP group 192.168.20.0/24 traffic through WAN2.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
2021-07-01 09:06:37 - last edited 2021-07-01 09:07:06

Thank you Virgo, I do have 2 WAN connections and did try to use the policy routing in order to mitigate this issue. The result is that, once I enable the routing policies for the VPN IP group, the VPN connection is interrupted. Also, I tried to associate a WAN port to a specific VLAN, no luck so far. (see the attached image)

 

  0  
  0  
#3
Options
Re:VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
2021-11-18 19:23:17

@TudorRO - Good afteroon TudorRO -

 

Do you actually have the OpenVPN client *working* on an Omada gateway/router?  Could you share a copy of your .opvn file (obfuscated)? 

 

All I want is to verify that the client works AT ALL - which seems downright impossible.  With my openvpn server, I'm not seeing any connection attempts or ... well... anything - after uploading the .ovpn file enabling the client. 

 

Thanks much,

John

  0  
  0  
#4
Options
Re:VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
2021-12-17 02:02:14

@BLite Has anyone gotten OpenVPN to work at all?  I have a ER605.  I started a server on it, uploaded the ovpn file to a client, and have been able to connect.  The main problem is that I don't think any traffic is being routed over the VPN connection.  the IP of the client hasn't changed (according to ipleak.net).  With my previous router, I could easily see the vpn connections and ipleak.net could easily verify that traffic and DNS was being routed over the VPN connection.

 

I've exported the ovpn file from the ER605 and tried manually added DNS and other commands, but nothing has worked yet.

 

@Fae from TP-Link.  Any insight into OpenVPN?  Seems like all the posts here about don't have any solutions.

  1  
  1  
#5
Options
Re:VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
2021-12-17 06:52:37

Hi @Akaman, you can use the provided logs in order to debug your VPN connectivity/setup. The way you get to the logs might be different based on the configuration you're using.

  0  
  0  
#6
Options
Re:VPN - Client-to-Site using OpenVPN protocol - Omada Software Controller
2021-12-17 07:00:24 - last edited 2021-12-17 07:00:55

Hi @BLite , sorry for the late response,

 

Unfortunately, I can't share my .ovpn configuration file, but there are some free VPN services that offer OpenVPN files with auto-login. You can have a look over https://vanwa.tech/vpn.

  0  
  0  
#7
Options