Business Community > Routers > ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
< Routers

ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
2023-11-10 21:52:15 - last edited 2023-11-17 06:20:44
Tags: #VPN #VLAN & Multi-Networks
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.2 Build 20231017 Rel.68869

Hello,


I have an IPSEC connection setup between a ER7206 & ER605 in the following design.

 

ER7206 (Hub) <-> ER605 (Spoke)

 

Connections work fine to each other to the primary LAN over the IPSEC connection.  The issue I'm having is I want to define more than 1 remote network on the ER605 to route to the ER7206.  The goal is I want defined network traffic to pass through the tunnel through the ER7206 before going out to the internet.  So somewhat of a split horizon routing method.   Is this possible?  I only see the ability to add a single subnet as the remote side on the ER605.

 

I also have a OC200 controller on the ER7206 network, and I was trying to figure out how to connect to the ER605 via the WAN side to control it as well so I can controll it via the OC200, but I can't seem to figure out how to have it discover that device.

 

Thanks,

 

Lyle

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200-Solution
2023-11-14 01:38:55 - last edited 2023-11-17 06:20:44

Hi @ocbroadband 

Thanks for posting in our business forum.

Site-to-site IPsec is not forwarding all the traffic through the VPN tunnel.

If you wish to be "selective" to your network traffic, you should consider using the ER8411 which supports SSL VPN.

Any type of VPN now you have on ER605 cannot do the "selective". This is why SSL VPN was introduced.

How to establish an SSL VPN Server by Omada Router in Standalone mode?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options
4 Reply
Re:ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
2023-11-13 02:45:48

Hi @ocbroadband 

Thanks for posting in our business forum.

Are you setting up a site-to-site VPN? Or client-to-site?

What is your goal? To use the proxy Internet or create a local network with the help of the IPsec VPN?

If you want to set up the proxy server, consider another way, use the OVPN(full tunnel). Or the WireGuard, setting the Allowed-IP as 0.0.0.0.

 

Please carefully read two links about the setup.

How to Configure TP-Link Omada Gateway as OpenVPN Server on Controller Mode

Configuration Guide How to Configure Site-to-Site WireGuard VPN on Omada Controller

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
2023-11-13 14:47:43

  @Clive_A Thanks for the reply.  It is in fact a site to site, so I can manage devices at both sides internally so IPSec working fine.  The utlimate goal is that I want what I just mentioned, which is working fine, and I want to be able to have 'selective' traffic from the ER605 side depending on the network, be pushed through the tunnel so the egress is on the ER7206 IP address.  Not all traffic, just whatever domains/subnets/etc. I define to go through the tunnel.

 

Are you saying that if I use one of the other methods, I can acheive this?

 

Lyle

  0  
  0  
#3
Options
Re:ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200-Solution
2023-11-14 01:38:55 - last edited 2023-11-17 06:20:44

Hi @ocbroadband 

Thanks for posting in our business forum.

Site-to-site IPsec is not forwarding all the traffic through the VPN tunnel.

If you wish to be "selective" to your network traffic, you should consider using the ER8411 which supports SSL VPN.

Any type of VPN now you have on ER605 cannot do the "selective". This is why SSL VPN was introduced.

How to establish an SSL VPN Server by Omada Router in Standalone mode?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options
Re:ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
2023-11-20 17:16:40

@Clive_A Well, an IPSec configuration can do this since the 7206 has the ability to specify multiple subnets, but the ER605 can't because the option isn't there.  I would have thought that the implementation would be the same for IPSec regardless of the platform.   I guess I'll have to look into another solution unless this 'feature' can be added to the ER605 to allow multiple subnets to be defined like the ER7206.

 

So I have the ablity to configure it one direction, but not the other.

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 908

Replies: 4

Tags

VPN VLAN & Multi-Networks
Related Articles
WireGuard VPN to Remote IPSEC network.
1390 0
VPN IPSEC IKEv2 on er605 v2
2234 0
ER605 LT2P VPN is not routing through VPN
1411 0
ER605 Router unable to connect to IPSEC Site to Site VPN with Sophos xgs firewall
526 0
IPsec Policy with two remote subnets
1050 0
Unable to connect to IPsec VPN
1289 2
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.