OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-28 18:24:04
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0

I am using VPN client routing on my ER605. This works fine with L2TP clients (the router connectings are clients for L2TP). The tunnels being created fine and routing is working.

Recently I switched from L2TP to OpenVPN (since this router should support OpenVPN clients), but for some reason tunnels are not being created. It seemed like router just ignores requests to get to the target network, when VPN client connection is OpenVPN.

What am I missing?

  0      
  0      
#1
Options
10 Reply
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-29 09:01:02

Dear @TamirK

 

TamirK wrote

I am using VPN client routing on my ER605. This works fine with L2TP clients (the router connectings are clients for L2TP). The tunnels being created fine and routing is working.

Recently I switched from L2TP to OpenVPN (since this router should support OpenVPN clients), but for some reason tunnels are not being created. It seemed like router just ignores requests to get to the target network, when VPN client connection is OpenVPN.

 

1. Does your OpenVPN Server require the Client to enter the account password?
2. If not, please provide a screenshot of your configuration file, it will help us to locate the issue.
3. Can you try using the OpenVPN GUI directly to see if it can connect successfully?

 

Best Regards!

 

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-29 09:39:44

Hank21 wrote

1. Does your OpenVPN Server require the Client to enter the account password?
2. If not, please provide a screenshot of your configuration file, it will help us to locate the issue.
3. Can you try using the OpenVPN GUI directly to see if it can connect successfully?

 

Best Regards!

 

 

  @Hank21 

1. No, only client certificate. Username/password is not required

2.

3. The same configuration file works fine with OpenVPN client (from mobile and from desktop)

  0  
  0  
#3
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-29 09:46:43

  @TamirK 

 

I had the same problem with OpenVPN client on router, to make it work I had to install server with backward compatibility to old clients.
it was a separate choice when I installed the OpenVPN server.

  0  
  0  
#4
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-29 10:27:11
What were exact options you've used in the config to make it works. I've tried to change from cipher AES-256-CBC to option cipher 'AES-256-CBC' and on server to data-ciphers-fallback - the issue remains the same. It seemed like TP-Link not even tries to connect. At least I cannot see any failed attempts in the server log.
  0  
  0  
#5
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-29 10:38:02

  @TamirK 

 

this is server config, as you can see I have disabled some things, I use push route on client config so I do not have to route all traffic in the OpenVPN tunnel

 

dev tun
proto udp
port 1195
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/OpenVPN_b2656eb2-75bb-4594-a0e4-e8ee88e3ddf5.crt
key /etc/openvpn/easy-rsa/pki/private/OpenVPN_b2656eb2-75bb-4594-a0e4-e8ee88e3ddf5.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.74.10.0 255.255.255.0
# Set your primary domain name server address for clients
##push "dhcp-option DNS 1.1.1.1"
##push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
##push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
##push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
 

 

 

  0  
  0  
#6
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-29 10:39:25

@Hank21 I am not sure about one particual setting in the configuration dialog, so I'd like to double confirm

"Local Network" for tunnels set to DHCP LAN range (192.168.0.0/15), since this is what appears in the documentation "Select the network on the local side of the VPN tunnel. The VPN policy will be only applied to the selected local network.". Assuming my local network is 192.168.0.0/15, I want all clients to be able to use this tunnel.

This is different from the similar setting in other VPN types, where there is "Remote Subnet" setting should be defined.

How client on LAN side (OpenVPN client for site-to-site config) knows how when route to the remote network via VPN?

  0  
  0  
#7
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-30 17:37:01
So, were you be able to figure out what is wrong? Or at least lead me to the possible things to check?
  0  
  0  
#8
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-30 18:08:39 - last edited 2022-03-30 18:12:31

  @TamirK 

 

Do you ask me? as I wrote earlier, there is not much you can do with the router configuration, I had to install OpenVPN server with compatibility to old clients.
I run OpenVPN on an Ubuntu box, now I can connect both ER7206 and ER605 without any problems to this server,

 

As with you, there was also nothing in the log that indicated any traffic before I did this

 

The router configuration is quite simple and impossible to make mistakes

  0  
  0  
#9
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-31 06:53:11
This is exactly what I do, but it does not work. I am not sure what "OpenVPN server with compatibility to old clients" means. What are specific settings that made it works for you on server?
  0  
  0  
#10
Options
Re:OpenVPN client on ER605 v1.0 (1.2.0) tunneling issue
2022-03-31 07:24:59

  @TamirK 

 

do not remember the whole installation process, but I had to uninstall OpenVPN server and reinstall the whole server. there was a choice during installation that I could use old client mode, ver 2.2 as I remember.

You almost have to try by yourself, I had the same problem as you for a long time but it worked when I reinstalled the OpenVPN on server.

 

Ubuntu is quick to install so it's quick to set up a new device in LAB to test a bit with OpenVPN.

I do not have many more tips other than that you have to try a little LAB to make it work.

  0  
  0  
#11
Options