ER605v2 VPN issue
So I followed the guide here: https://www.reddit.com/r/TPLink_Omada/comments/16tj25p/wireguard_vpn_on_er605_v2_with_omada_a/
I successfully set up a wireguard vpn that my laptop (kubuntu) can connect to. I can ping all the devices on my home network and I can ssh to them as well. DNS works fine for the local devices.
My problem is this: Even though I can ping and ssh to a device, I cannot get a web interface up. As one example, I have a local machine which runs piHole. I can ssh to it, I can ping it, and it serves DNS. I cannot access the web interface. This is the same for various other local servers I have running, some on the standard port 80, others on unique ports (such as homeassistant). All of these work fine on my local network.
Internet sites work just fine.
I've disabled all ACLs.
I've also tried OpenVPN and get the same results.
I'm using version 5.13.30.20 of the controller on an OC200 with firmware 1.29.4 Build 20240304 Rel.54362
Any thoughts or suggestions would be hugely appreciated.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I finally solved my VPN issue. I don't entirely understand it, I am not a networking guy.
The default MTU of 1420 was apparently too big. I don't know if this is something with my ISP or something with Linux. I found a post somewhere about needing to adjust that number below 1400. I used 1300 as the author of that post did and everything started working just fine.
So I'll consider this the final solution. I am posting this for future reference if anyone else sees this issue.
- Copy Link
- Report Inappropriate Content
Without my changing anything, ssh has stopped working... it partially loads the welcome message from the server, but never actually gives me a shell prompt... and it just sits there waiting.
I checked insights on the gateway and I see right around 40% memory usage and 2-4% cpu usage. Don't think I'm being constrained here.
External websites are still working. Ping still works (so DNS is still working).
- Copy Link
- Report Inappropriate Content
Hi @brianc1969
brianc1969 wrote
Without my changing anything, ssh has stopped working... it partially loads the welcome message from the server, but never actually gives me a shell prompt... and it just sits there waiting.
I checked insights on the gateway and I see right around 40% memory usage and 2-4% cpu usage. Don't think I'm being constrained here.
External websites are still working. Ping still works (so DNS is still working).
Based on what you described, there seems to be nothing wrong.
VPN should be working.
For the web interface, you probably want to double-check the pi-hole interface. As it is not a domain name like <ip>:port. It requires the following lines:
With the /admin/, can you access it. Simply putting the IP in the URL does not get you connected to the web interface.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Clive_A
Thanks for the reply.
I was trying to describe that I cannot get anything to completely load. With piHole as the example, it works from a name from within my network. But via the VPN, I cannot get the control page to load, either with a name or with just the IP. And yes, I am using the /admin. I can ping via name, which tells me the VPN is resolving DNS, so names should work.
Another example is my homeassistant webpage. It is on a different port, on a different IP. Again, it works via name or IP locally, but never loads either way via VPN.
And a third example, I run a local webserver, which again is available via name or IP on standard port 80 on yet another machine. Again, I cannot get that to load via VPN.
Additionally, as I stated in my second post, at this time, SSH only loads part of the welcome message and never allows me to connect to any machine on my network, even though this worked initially.
The fact that I get part of the welcome message tells me the VPN made the connection. But for some reason I cannot complete it.
- Copy Link
- Report Inappropriate Content
Hi @brianc1969
Thanks for posting in our business forum.
brianc1969 wrote
@Clive_A
Thanks for the reply.
I was trying to describe that I cannot get anything to completely load. With piHole as the example, it works from a name from within my network. But via the VPN, I cannot get the control page to load, either with a name or with just the IP. And yes, I am using the /admin. I can ping via name, which tells me the VPN is resolving DNS, so names should work.
Another example is my homeassistant webpage. It is on a different port, on a different IP. Again, it works via name or IP locally, but never loads either way via VPN.
And a third example, I run a local webserver, which again is available via name or IP on standard port 80 on yet another machine. Again, I cannot get that to load via VPN.
Additionally, as I stated in my second post, at this time, SSH only loads part of the welcome message and never allows me to connect to any machine on my network, even though this worked initially.
The fact that I get part of the welcome message tells me the VPN made the connection. But for some reason I cannot complete it.
If it worked before, it should do the same now.
Did you change any parameters in the Wireguard peer?
If you can do a self-examination, that would be great. We have guides on how-to Wireguard setup.
You can delete the existing Wireguard and create it again and test it out one more time. If this persists, please paste your parameters and a simple network diagram.
Please mosaic your sensitive information. Here is a list of information considered sensitive:
1. Public IP address on your WAN if your WAN is.
2. Real MAC address of your device.
3. Your personal information including address, domain name, and credentials.
For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.
- Copy Link
- Report Inappropriate Content
I finally solved my VPN issue. I don't entirely understand it, I am not a networking guy.
The default MTU of 1420 was apparently too big. I don't know if this is something with my ISP or something with Linux. I found a post somewhere about needing to adjust that number below 1400. I used 1300 as the author of that post did and everything started working just fine.
So I'll consider this the final solution. I am posting this for future reference if anyone else sees this issue.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 736
Replies: 6
Voters 0
No one has voted for it yet.