VPN connection between two routers ER8411 and ER7206 via omada
We tried to establish a Site-to-Site IPSec vpn connection between these two routers. The connection is established but there is no traffic passing.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Ok, I believe the issue is that IPSEC site-site only works when both endpoints have a public static IP, and yours don't:
Those 192.68.73.0/24 addresses are not publicly routable.
Not the end of the world, you just need to move a Client-Server setup instead, and make the client end the one with the (private or NAT'd) WAN IP of 192.168.73.2
I recently posted my config for this kind of setup here:
https://community.tp-link.com/en/business/forum/topic/606882?replyId=1201196
Alternatively, change the modem to remove the NAT function and just pass the public static IP through to the TPlink router.
- Copy Link
- Report Inappropriate Content
@d0ugmac1 the 2 public addresses are static. There is a NAT but we don't want it disabled. The VPN configuration between two ER7206 routers works perfectly. it is only between the 8411 and 7206 that it does not work.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
just a small comment, have you configured OpenVPN or SSL VPN on the ER8411? if you have it, IPsec traffic will not pass through, there is one or more bugs on the ER8411 that cause problems with the VPN
- Copy Link
- Report Inappropriate Content
@shberge Yes, I have an SSL VPN. I will no longer be able to connect to the router externally if I disable it.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Can't we have a client vpn and a site-to-site vpn on the ER8411 ?
- Copy Link
- Report Inappropriate Content
No, you can do it with OpenVPN but you have to use TCP not UDP, I have reported this several times to TP-Link but they don't seem to care
- Copy Link
- Report Inappropriate Content
It is also not enough to delete SSL VPN, the router must also be restarted after you have deleted SSL VPN
- Copy Link
- Report Inappropriate Content
okay
I create a new OPEN VPN in TCP and another site-to-site IPSEC. I will let you know if it works.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3376
Replies: 36
Voters 0
No one has voted for it yet.