Full Tunnel site to site VPN for one local LAN only

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Full Tunnel site to site VPN for one local LAN only

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Full Tunnel site to site VPN for one local LAN only
Full Tunnel site to site VPN for one local LAN only
2023-06-23 08:39:45
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version:

Hi, 

 

I have ER605v2 connected to Omada controller and my network has multiple LAN subnets.  

I want to create a site 2 site VPN where only one of the LAN subnets 192.168.20.0/24 will route all traffic via a site to site VPN.

All other LAN subnets example 192.168.0.0/24 will just breakout on the local WAN.

 

The remote end for site to site VPN is a Pfsense, so it shouldn't be an issue setup the remote end, but I can't find a way to route all traffic for only on local subnet on the ER605.

 

Any way this can be accomplished? 

 

Thanks

 

 

  0      
  0      
#1
Options
4 Reply
Re:Full Tunnel site to site VPN for one local LAN only
2023-06-23 10:08:08

  @ArtVandelay 

 

choose which network you want in the VPN tunnel here

 

  0  
  0  
#2
Options
Re:Full Tunnel site to site VPN for one local LAN only
2023-06-23 10:30:48

  @MR.S The problem is not selecting the local network, it's the Full tunnel part.

Tplink doesn't allow 0.0.0.0/0 on site to site VPNs. 

 

  1  
  1  
#3
Options
Re:Full Tunnel site to site VPN for one local LAN only
2023-06-23 10:49:46

  @ArtVandelay 

ok so you want to route all traffic out on a remote gateway?
I don't think it works with site 2 site on tp-link.

 

it will work if you use L2TP and policy route, unfortunately we cannot use policy route on site 2 site

 

 

  0  
  0  
#4
Options
Re:Full Tunnel site to site VPN for one local LAN only
2023-06-24 11:32:34

  @ArtVandelay 

 

As stated above, I currently use a client-site L2TP/IPsec to default route a single VLAN (wired and SSID) via tunnel to a remote site. Other VLANs stay local.  You can even pass DNS leaktests this way if you set custom DNS servers from the far end for the local VLAN.

 

<< Paying it forward, one juicy problem at a time... >>
  2  
  2  
#5
Options