Home

Forums

Stories

Knowledge Base

Business Community > Routers > IPsec tunneling question

< Routers

IPsec tunneling question

asda123

22 hours ago - last edited 21 hours ago

Posts: 8

Helpful: 1

Solutions: 1

Stories: 0

Registered: 2024-09-18

IPsec tunneling question

22 hours ago - last edited 21 hours ago

Tags: #VPN #Routing

Model: ER7412-M2

Hardware Version: V1

Firmware Version: 1.0.1

Hey all,

So I'm currently trying to setup our own VPN between branches in order to move away from the one provided by the ISP.

We managed to get 4 x ER7412-M2 and we were able to setup the IPsec tunnels between 3 out of the 4 (we didn't deploy the 4th one yet).

The thing that doesn't make sense to me is the following:

R1 : 192.168.252.1/24

R2: 192.168.151.1/24

R3: 192.168.152.1/24

R1 IPsec remote subnet: 192.168.151.1/24 and 192.168.152.1/24

R2 IPsec remote subnet: 192.168.252.1/24

R3 IPsec remote subnet: 192.168.151.1/24 and 192.168.252.1/24

So basically I have R1<>R2<>R3

Shouldn't I be able to access R1 subnet from R3 by using the R2 existing connection?

Also don't know if it's intended or not, on either device, in the routing table, I'm missing the entry for the remote subnet from the ipsec tunnel.

Thanks! If it helps I have a ticket opened with the TPlLink support team from my country and they said that they've escalated it to the appropriate team but radio silence since then.

1 Accepted Solution

MR.S

LV5

22 hours ago - last edited 21 hours ago

Posts: 2347

Helpful: 837

Solutions: 307

Stories: 0

Registered: 2018-08-17

Re:IPsec tunneling question-Solution

22 hours ago - last edited 21 hours ago

@asda123

You have to create the routes yourself in the VPN tunnels, see this post.

https://community.tp-link.com/en/business/stories/detail/502060

But why make it difficult when you can make it easy, create a VPN tunnel between all the routers, you only need 3 VPN tunnels for each router.

Recommended Solution

MR.S

LV5

22 hours ago - last edited 22 hours ago

Posts: 2347

Helpful: 837

Solutions: 307

Stories: 0

Registered: 2018-08-17

Re:IPsec tunneling question

22 hours ago - last edited 22 hours ago

@asda123

SD-WAN is coming very soon,

I don't know exactly when it will come, but it is in beta version on controller 5.15.20.7 for now and we are just waiting for the router firmware to test it.

but it will probably solve your problem in a more elegant way. We don't know yet how it will work.

asda123

LV1

21 hours ago - last edited 21 hours ago

Posts: 8

Helpful: 1

Solutions: 1

Stories: 0

Registered: 2024-09-18

Re:IPsec tunneling question

21 hours ago - last edited 21 hours ago

@MR.S

Hey thanks for the reply.

Indeed, I was under the impression that a simple route in the routing table would solve everything.

Following the article and pointing out the subnets did the job.

I can't really do that since this is just a test before an actual deployment (around 15 routers) and I was looking for the easiest way to prevent going into a full mesh scenario.

In the future R1 would act as the central router and I'll have 15 VPN tunnels towards the other branches and that would require making 120 tunnels per device, instead I'm doing 8 tunnels towards the branch and if the said branch has multiple offices they would just tunnel towards the local branch router.

Again thanks for the article, didn't manage to find it for some reason.

asda123

LV1

21 hours ago

Posts: 8

Helpful: 1

Solutions: 1

Stories: 0

Registered: 2024-09-18

Re:IPsec tunneling question

21 hours ago

@MR.S

Saw that in a couple of threads, the only thing is that I don't know if this will come in standalone mode as well since that's how I'm intending to run all the routers.

Thanks for the info!

IPsec tunneling question

IPsec tunneling question

Information

Voters 0

Tags