Home

Forums

Stories

Knowledge Base

Business Community > Routers > ER605 - VPN + VLAN to access certain VLAN

< Routers

ER605 - VPN + VLAN to access certain VLAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 - VPN + VLAN to access certain VLAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

RyanFav

2023-02-08 23:40:46

Posts: 1

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-02-08

ER605 - VPN + VLAN to access certain VLAN

2023-02-08 23:40:46

Tags: #VPN #VLAN & Multi-Networks

Model: ER605 (TL-R605)

Hardware Version: V2

Firmware Version: 2.0.0

Hello, Trying to set up an ER605 (so far in stand alone mode) to both Segregate the network into 4 isolated groups that can only see the internet, and also to allow a VPN to access one of those groups

For the isolated networks, at present I have each LAN port on its own VLAN (only untagged for the port, because tagging I believe needs a L2 switch following it?), then have access control blocking all combinations of LAN-LAN between these VLANS

At present I have a PPTP VPN Server setup, it connects, It can see the router for any of these VLAN's DCHP ranges, but nothing inside them, I've tried static routing, setting up its own IP group and routing the IP groups, disabling the Access control limitations, all to so far no success?

What specifically would I need to setup to connect / route this VPN to one of the VLANs, and equally is my method of seperating the networks reasonable?
If there are other limiting factors, then is it more feasable to just a few select IP addresses?

I see there is much more recent firmwares available but the download page warned to not use ones for different regions (Australia in my case), if needed I am happy to update, but felt best to check here first

Thank you,
Ryan

3 Reply

Tedd404

LV4

2023-02-09 05:19:00

Posts: 584

Helpful: 144

Solutions: 35

Stories: 0

Registered: 2022-01-05

Re:ER605 - VPN + VLAN to access certain VLAN

2023-02-09 05:19:00

@RyanFav

For the isolated networks, at present I have each LAN port on its own VLAN (only untagged for the port, because tagging I believe needs a L2 switch following it?), then have access control blocking all combinations of LAN-LAN between these VLANS

right. switch that supports 802.1q vlan

lan-lan blocking has been supported by the controller as far as I know. if the controller supports that, standalone can do it as well

At present I have a PPTP VPN Server setup, it connects, It can see the router for any of these VLAN's DCHP ranges, but nothing inside them, I've tried static routing, setting up its own IP group and routing the IP groups, disabling the Access control limitations, all to so far no success?

not sure what you mean "it can see the router for any of these VLAN, nothing inside them".

don't try things unless you know what's it used for. static route only works for the subnets or IP that do not know where to route. then you create a route to this subnet/ip, telling it where it should go.

what I read is that your plan:

vpn client can only access a vlan? i.e. vpn client #1 only access vlan 10, not other vlans you have?

fact is, by default, vpn client should access the lan unless you have set an acl to block it. what's your result?

for any non-RF products, you are free to use the UN firmware from anywhere you can find.

only the rf products require you to download the matching firmware to the hardware. or your device will block the upgrade or upgrade and brick.

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.

Somnus

LV5

2023-02-09 06:32:24

Posts: 1212

Helpful: 219

Solutions: 72

Stories: 0

Registered: 2021-06-14

Re:ER605 - VPN + VLAN to access certain VLAN

2023-02-09 06:32:24

@RyanFav

A new firmware with a managed switch will solve your issue. I have ER605 with Omada Controller and I can modify which VLAN this VPN can access(in the picture "V10" is a VLAN I created, "LAN" is the default LAN of my router):