VPN IPSec Site2Site without split tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

VPN IPSec Site2Site without split tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
17 Reply
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 14:14:21

  @th1950 Not taking away from the fact that they should consider this option to fix/add the feature, could you not achieve the same effect now while you wait via a work around something like:

 

 

<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#12
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 17:00:49
The remote subnet is 0.0.0.0/0 and I cant put that in :)
  0  
  0  
#13
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 17:25:37

  @th1950 The two subnet rules I gave you are essentially equivalent to the 0.0.0.0/0 route.

<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#14
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 18:05:18 - last edited 2023-03-09 18:34:45

  @d0ugmac1 Indeed this is a very nice approach!! This is real networking!

 

But now I have this problem:

 

 

But then I have to calculate like hell for my local subnet. So it seems like another fix TPLINK should adress. My connected /24 local subnet should always take precedence over a /1 /2 whatever netmask. Just to inform you, I could do this for one single ER605 Router, but I need more than 120 routers to configure. :) But thank you, it just shows its possible and it should be possible for TPLINK to address this issue. I can think of why TPLINK has made this decision, maybe because of the CLoud management connection. They could except somehow traffic destined for their tplink cloud to go over the WAN connection and everybody would be just happy. Im confident TPLINK is serving their customers the best way and hope for a solution.

  0  
  0  
#15
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 18:17:02
Close but no banana! I agree, the smaller subnet should take precedence..but I guess not in the Omada GUI/backend today. Hope a solution materializes soon for you.
<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#16
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-09 18:26:05 - last edited 2023-03-09 19:07:42

Haha ye! Everybody would be just happy. I openend a ticket at TPLINK support. Ill keep this thread updated. Hoping for R&D Team to recognize this and implementation in a near future firmware release. Thank you all very much for your ideas and help.

  0  
  0  
#17
Options
Re:VPN IPSec Site2Site without split tunnel
2023-03-10 02:44:01 - last edited 2023-03-10 02:48:07

  @th1950 

by default settings, won't do that. and I don't think it is supposed to do that. if you achieve this, this is more than a thing about the tplink. you need to specify the gateway and create routing tables on the hq central site as well.

at least what I learned about vpn, I checked huawei business solutions for a similar setup or user guide for what you described. amazon vpn as well.

https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNRoutingTypes.html

what I see is static routing on amazon's or huawei's docs.

 

 

however, you need to take priority into consideration. as far as I know, tplink router will have priority in nat related settings. policy, port forward, static route or vpn route, they have a priority. 

instead of tweaking remote subnets, you need to focus on the route tables. 

even you set a static routing, does it affect the existed vpn routing. that's a question.

i don't think you set the remote subnet would fix it. 

and if you set 1.0.0.0/1, what's the point in the 3rd rule? 

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#18
Options