3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec
3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec
2024-04-25 09:04:48
Model: ER707-M2  
Hardware Version: V1
Firmware Version: ER707-M2(UN)_V1.6_1.2.2 Build 20240324

Hi everyone, I'm new to Omada and a part of a small company looking to provide a doctor and his 3 surgeries with a site-to-site VPN, so i have quite a few questions.

 

Just to give some background, the current network is already connected site to site but with unifi equipment via towers. All three branches are under a 192 and 172 IP range with the 192 being the primary connection and 172 the failover. Our main concern when setting up the new VPN is their stock system which is on the 172 range, we need those devices to be able to communicate branch to branch.

 

So the original plan was to get 3 ER707-M2's and 3 PCs to act as controllers for each (although I found out only one is acually needed) and then connect all 3 sites via S2S VPN. I have heard all 3 sites need to have unique IP ranges which makes sense and that Auto IPsec can only be used if all 3 VPN routers are managed by 1 controller, so if we need to do Manual IPsec it's not an issue

 

My questions basically are:

1. Is the S2S VPN possible with the same IP ranges for all 3 branches?

2. Is it necessary for 3 Controllers for each router and if there are 3 controllers under the same tp-link account, would that affect the VPN in any way?

3. Lastly, if unique IP ranges are required for each site, should it just be a case of changing the stock system devices IPs to match and then they'll be able to communicate via the VPN?

 

Note: We'll have more than 1 ISP on each branch to provide failovers and we won't be using any public IPs (but are willing to get public IPs if it is required) 

  0      
  0      
#1
Options
4 Reply
Re:3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec
2024-04-25 11:08:52

Also would like to know if it is a must to have public IPs on each router or would the WAN address suffice in creating the VPN

  0  
  0  
#2
Options
Re:3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec
2024-04-26 02:02:04

Hi @Fergus_Tecnova 

Thanks for posting in our business forum.

1. No. Conflict.

2. 3 controller is not necessary. 1 can take control but you have to make sure the connection is stable.

3. Don't understand. Subnet is supposed to be different. Refer to 1.

4. Of course, the public IP is needed for any VPN connection. Site-to-site requires both sites to have a public IP. 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#3
Options
Re:3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec
2024-04-26 06:57:26

  @Clive_A Thanks for the response, i really appreciate the help

Can you elaborate on the third point about the controllers? From what i have read up, the only way 3 vpn routers on different sites can be managed by 1 controller, is if the controller is cloud-based... Is this correct or have i been going down the wrong rabbit holes lol

 

Also would like to confirm an issue with failovers, we're going to have more than 1 ISP, so am i correct in assuing that when the VPN is established through 1 ISP, to have failovers across the 3 sites, we'd have to setup additional IPsec failover tunnels?

  0  
  0  
#4
Options
Re:3 Sites on Site-to-Site VPN Auto IPsec vs Manual IPsec
2024-04-28 01:10:23

Hi @Fergus_Tecnova 

Thanks for posting in our business forum.

Fergus_Tecnova wrote

  @Clive_A Thanks for the response, i really appreciate the help

Can you elaborate on the third point about the controllers? From what i have read up, the only way 3 vpn routers on different sites can be managed by 1 controller, is if the controller is cloud-based... Is this correct or have i been going down the wrong rabbit holes lol

 

Also would like to confirm an issue with failovers, we're going to have more than 1 ISP, so am i correct in assuing that when the VPN is established through 1 ISP, to have failovers across the 3 sites, we'd have to setup additional IPsec failover tunnels?

WAN does not matter and you are free to choose whatever the WAN you have on one end.

 

 

That's not 3rd point. It's the second one.

You can manage the devices over the Internet. Either by an established VPN connection or by port forwarding and connecting them via the inform URL.

 

Cloud-based controllers can be considered if you are okay to pay for that annual fee. So you don't have to host a controller at all but using our cloud controller.

Or host your own controller and port forward it can also work. It's up to you.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#5
Options