setting wireguard vpn with er8411
I've a current setup of in my company.
- omada 300 controller.
- er8411 router.
- 1x TL-SG3452X.
- 1x TL-SG3428X.
- 3x TL-SG3428XMP.
- 1x EAP670.
I would like to create a wireguard vpn support for my on-the-go people.
I've seen this video: https://www.youtube.com/watch?v=mxmXvz4DMBM
And it Settings ~ VPN section there is an entry for Wireguard, where in my oc300 controller I can't see the option:
Any ideas?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Bonesoul
Thanks for posting in our business forum.
In the recent firmware upgrade, Wireguard was added. Check your firmware version. If it is not V1.1.0, then you should upgrade your ER8411.
Moreover, the Controller should be compatible with the firmware as well.
- Copy Link
- Report Inappropriate Content
Hi @Bonesoul
Thanks for posting in our business forum.
In the recent firmware upgrade, Wireguard was added. Check your firmware version. If it is not V1.1.0, then you should upgrade your ER8411.
Moreover, the Controller should be compatible with the firmware as well.
- Copy Link
- Report Inappropriate Content
I've purchased my equipments from Turkey and following the instructions I do only try to follow the firmware list from the Turkish tp-link site which lists the latest firmwares for ER8411 as:
The global site you linked says
Please upgrade firmware from the local TP-Link official website of the purchase location for your TP-Link device, otherwise it will be against the warranty. Please click here to change site if necessary.
So is it okay for me to use this firmware from global site?
If I should be waiting for the local TP-Link site (Turkish) any ideas when V1.1.0 will be pushed to it?
- Copy Link
- Report Inappropriate Content
I've upgraded my router to 1.1.0 and I can now see the wireguard option.
Though I couldn't find an up-to-date documentation for the feature.
What IP adreess should I be entering for the Local IP Address section? Wan interface's local address?
Yet again I've also instealled omada vpn client from here: https://www.tp-link.com/us/support/download/er8411/v1/#Firmwarehttps://www.tp-link.com/us/support/download/er8411/v1/#Firmware
IP: Should be WAN IP?
Public key: from the wireguard configuration section.
IP Address: An vlan ip from my configuration?
Private key: from peer configuration?
Public key: from peer configuration?
And yet again can I create a vlan for my vpn clients and assign an IP address from the dhcp pool or should I specifiy the IP manually from the vlan's range?
- Copy Link
- Report Inappropriate Content
Hi @Bonesoul
Thanks for posting in our business forum.
First, you can download firmware from the global site but this only applies to devices without wireless capability.
You can refer to the document: How to configure WireGuard VPN on Omada Router in Standalone mode?
Pay attention to your IP on the router, which is a private IP address. You should port forward on your modem router.
- Copy Link
- Report Inappropriate Content
Okay I'll be fixing the port forwarding but I still have the question:
Which IP should I be entering the in the Local IP Address field?
My routers LAN IP? In this case the actual LAN IP or the LAN IP of the WAN port?
- Copy Link
- Report Inappropriate Content
Okay got it. Used an free LAN IP from default vlan (1).
- Copy Link
- Report Inappropriate Content
One last thing now.
I can connect the wireguard VPN using the official wireguard client and it's all good.
Though I also tested Omada VPN client and configured similary even though it's shows connected, actually there is no connection on my local PC to VPN.
any ideas?
- Copy Link
- Report Inappropriate Content
okay my issue was related to this: https://community.tp-link.com/en/business/forum/topic/607558?replyId=1241338
---
But the problem is that from the client side (my windows machine) I can only access nodes within the default VLAN (1).
But I need to be able to access nodes with in my vlans. Any ideas?
- Copy Link
- Report Inappropriate Content
Okay also fixed the issue, just added vlans i want to access to wireguard client in [Peer] AllowedIPs = section.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1893
Replies: 9
Voters 0
No one has voted for it yet.