Business Community > Controllers > Omada Controller Client-to-Site VPN
< Controllers

Omada Controller Client-to-Site VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada Controller Client-to-Site VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada Controller Client-to-Site VPN
Omada Controller Client-to-Site VPN
2022-01-26 18:37:22
Model: OC300  
Hardware Version: V1
Firmware Version: 1.7.1 Build 20220112 Rel.64791

Dear Community!

 

I've setup environment with:

.) Router ER7206 HW: v1.0  FW: 1.1.1 Build 20210723 Rel.64359

.) OC300 HW: V1.0 FW: 1.7.1 Build 20220112 Rel.64791

.) and some supported switches and Wlan AP's behind

 

I need to configure a VPN connection (Client-to-Site):

.) from Windows10 Clients and Android Clients

.) connecting via internet directly to my Router

.) via Android + Windows builtin VPN Client capability

 

I had following results during my POC:

 

OpenVPN:

This is the only solution which works for both platforms (Android + Windows) out of the box

However here is the need to install OpenVPN-Client.

And there is no possibility to configure User + Password authentication => will this be available soon?

 

L2TP (PSK + IpSec encrypted):

.) Android timeout

.) Windows modem error "651"

(Windows 10 is already fully patched + includes KB5010793 with the L2TP fix.)

 

PPTP(MPPE encrypted):

.) Android: timeout

.) Windows works only, if "Challenge Handshake Authentication-Protocol(Chap)"

is additionally activated on client side, => that leads to unencrypted Data sent over the wire - not so nice...

 

I didnt find a way to further debug those scenarios with timeouts/errors with L2TP and PPTP

 

Any suggestions are welcome!

 

 

 

 

  0      
 
  0      
 
#1
Options
4 Reply
Re:Omada Controller Client-to-Site VPN
2022-01-27 07:20:06 - last edited 2022-01-27 07:28:59

@Gorki I would not use PPTP since it is not secure. Less secure than L2TP IPsec and OpenVPN. Rule this out.

<L2TP>

  • What I've tested is that L2TP, iPhone works perfectly with the built-in VPN. Don't own an Andriod. You should check out the information you filled in on your Andriod devices. 
  • Windows, indeed, fixed that with another patch. Luckily I did some research when this happened. Proved my thoughts, not an issue with the TP device. Do you still have errors on your Window PCs? 

About error 651, what I found for you, you can give it another try: https://superuser.com/questions/303389/connecting-to-vpn-i-get-error-651-the-modem-or-other-connecting-device-has

 

<OpenVPN>

For the OpenVPN username and password, I've searched this on Google. Seems that you can access the file and configure that? You can try that. Not sure if they'll add your suggestion in the roadmap. 

 

  0  
  0  
#2
Options
Re:Omada Controller Client-to-Site VPN
2022-01-27 17:43:57

@John1234 thx 4 quick feedback!

 

kindly find my update:

 

<L2TP> 

Android:    after deleting + reconfiguring L2TP Setup on Smartphone + Omada, it worked fine now!

Windows:  thx 4 the superuser-link ... i went through all steps, removed suspicious hidden devices etc., but get still the same error ...

                 i will take another windows box + retry with this tomorrow...

 

<OpenVPN>

The *.ovpn File created by Omada can for sure be edited.
a sample file can be checked at: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/client.conf

.) For example the "cipher" entry can be changed (for sure Omada Router needs to support it also ...)

    cipher AES-256-GCM

.) or the "remote" entry to make use of a fqdn instead of a ip-address.

    remote myhostname.aaa.bbb 65000

 

regarding OpenVPN username and password,

from my pov, it should be confiurable on Omada side,

otherwise Router has no information which user + password credentials are correct.

 

Without this feature, everyone who has access to the *.ovpn File

can Access the VPN, without further authentication...

 

Cheers Gorki

  0  
  0  
#3
Options
Re:Omada Controller Client-to-Site VPN
2022-01-28 06:00:32 - last edited 2022-01-28 06:02:51

@Gorki 

 

Could be something added in the future. Rumor says roadmap V5.2 will have many changes on OpenVPN. 

I searched OpenVPN password edit in the notepad. Seems to be editable even the controller does not support username and password. I don't know about that and am less worried about this. This could be a concern to someone else. 

  0  
  0  
#4
Options
Re:Omada Controller Client-to-Site VPN
2022-01-31 08:33:21

@Gorki 

<L2TP>

L2TP with PSK on a different windows box (fresh installed + patched) worked fine.

 

=> OpenVpn + L2TP are connectable now.

Ill proceed with further functionality testing this week

 

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 2660

Replies: 4

Related Articles
Client-to-Site WireGuard VPN on Omada Controller
231 0
ER7212PC - Can it be configured to use both a client to site VPN and a site to site VPN
168 0
 Site-to-site VPN
623 0
Omada Site to Site VPN with UDM Pro
279 0
Site-to-site VPN with one OC300 and Internet Gateway in DMZ
403 0
 How to Configure Site-to-Site WireGuard VPN on Omada Controller
8314 3
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.