Ipsec VPN / OpenVPN on ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Ipsec VPN / OpenVPN on ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Ipsec VPN / OpenVPN on ER605
Ipsec VPN / OpenVPN on ER605
2022-05-08 10:18:27 - last edited 2022-05-08 10:19:30
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version:

Hi there, 

I have a problem with my VPN network between two sites. I have created an IPSEC VPN between two Er605 Routers but only one router on one site is reachable but I don't get the point why. 

 

First Site:

- Fritzbox with fixed IP4 Adress

-> ER 605 (Exposed Host) 

Local Subnet: 192.168.5.x

Netmask: 255.255.255.0

 

Second Site:

- Arris Router with dynamic IP4 Adress

-> ER 605 (Exposed Host) 

Local Subnet: 192.168.6.x

Netmask: 255.255.255.0

 

I have created the IPSEC Connection on both sides and the Connection also seems to be created. On open IPSEC SA, there are a in and a out route. 

 

This works: From a PC on Second Site, I can ping my Router ER605 on First Site. 

 

This doesn't work: I can't ping my server or other Devices on First Site from the Second site. 

I can't ping my Router on Second site from first site. 

 

I hope, you can help me with that. Spent already hours of trying.... Do I have to create additional fixed routes, transmission rules? I am out of ideas... 

 

I dont work with Omada but with standalone config... 

Thank you so much for helping! 

 

  0      
  0      
#1
Options
3 Reply
Re:Ipsec VPN / OpenVPN on ER605
2022-05-10 04:27:05

  @Phil.S.K.

I don't think you need to enable Open VPN.

IPSec is good enough.

 

The issue seems like subnet problem, you may check the settings if you have 255.255.255.0 correctly.

 

The controller has "Auto-IPsec VPN". That could be more helpful since you don't need to put in any VPN parameters.

  0  
  0  
#2
Options
Re:Ipsec VPN / OpenVPN on ER605
2022-05-10 04:33:41

Also you may try move the main router away and link up tplink router to the modem directly. It seems that you have double-NAT on both sites. IPSec can only work for tplink router's LAN. It won't help you reach the Arris/Fritzbox Router LAN

  0  
  0  
#3
Options
Re:Ipsec VPN / OpenVPN on ER605
2022-05-10 21:55:00 - last edited 2022-05-10 21:59:05

  @Somnus 

Thank you so much for your reply! I tried OpenVPN as an alternative. But it seems like OpenVPN is only possible in a client-to-site configuration so that only one site can reach the other but not in the other way round.... I also tried to create OpenVPN connections on both sides but it doesn't work either.

 

SO, back to IPSEC (and again deactivated OpenVPN) :)

This is the config of the first site:

 

And this is the configuration of second site:

 

 

I think, the subnet and mask config is correct - what do you think?

I don't have a controller. I would like to try it manual first. In worst case, I can order the controller but I don't need it for other purposes so I would like to try without... the VPN IPSEC SA shows the following:

What else can I try? The Fritzbox and Arris Router are the modems...and I don't know whether I can use different one because of a provider limitation. :(

  0  
  0  
#4
Options