ER605 OpenVPN - edit config file
Hi all
I'm attempting to configure my ER605 as an OpenVPN client that points towards an OpenWRT router that is the OpenVPN server at another location.
I've managed to compile the certificates and keys into a standalone OPVN file that the ER605 requires using guide that this forum won't let me post a link to, however the setup tutorial I am following requires editing the OpenVPN config file (not the OPVN file) on the router itself to enable the TAP interface on the client. I'm struggling to see how to do this on the ER605. Is this even possible? I'm tempted to buy another router that I can run another instance of OpenWRT on that will allow me to do this on the client side and just be done with it, but I was hoping to avoid purchasing another router that has this functionality and utilize my existing ER605.
Is this possible? I'm not aware of being able to SSH into the 605 and edit the OpenVPN config file.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @thisisliam
Thanks for posting in our business forum.
Can you post the link by adding space here?
For the ER605, yes, you can use CLI but I doubt what you are looking for is missing on the router.
OpenVPN, the protocol, does not support TAP interface. And I don't find any related information in CLI or our User Guide. I don't think you can do that.
- Copy Link
- Report Inappropriate Content
@thisisliam I'm running an OpenVPN server on pfSense and I had to manually create the .ovpn file to load the server settings on to the ER605. There is no template for it, I actually downloaded a config file from an Asus router and modified it.
Long story short, I would go and buy another router. I have been struggling with the ER605 for a year now, trying to get OpenVPN to work in various configurations. Key points:
- you can't use a domain name as the VPN server address (the little help icon says you can)
- you can only use one WAN port for the VPN connection (if a primary WAN fails for any reason, the VPN tunnel goes down)
- you can't use a USB modem for the OpenVPN client interface (even if it's your only WAN connection available)
I've bought five ER605 for a project where I had to have them all connect to an OpenVPN server and control some equipments from a central location using a USB WAN connection, despite knowing some of the issues the router has. OH WHAT A MISTAKE!! That's when I found out about the USB WAN not working as an interface for the OpenVPN client.
Spent more than half a day trying to sort it out, talking to TP-Link support (great support by the way, just hate the product), in the end I just went out and bought Asus RT-AX53U routers. It has failover, dual WAN, and you just load the OpenVPN config file and it works with any type of WAN connection (primary, backup or USB modem), and also supports domain name as OpenVPN server.
Besides the OpenVPN poor implementation I've noticed that WAN failover is a joke, DHCP address reservation kind of works (only after the latest firmware), if a primary WAN fails, the devices connected to the router loose internet connection and struggle to get back online on the backup WAN.
I hade so much hope for this router when I bought it, seeing that it says "VPN ROUTER" on the box, and saddly I will also have to replace it with a consumer grade router that actually does what this one is supposed to to and also has WiFi.
- Copy Link
- Report Inappropriate Content
@Clive_A - thanks for replying! OpenVPN does support TAP, as indicated by the guides I've been following for the other router. It seems it just isn't supported on the ER605. The board still will not allow me to post links, but if you're interested I've included details on what to Google below. I appreciate your help though!
- How to set up OpenVPN server on Ubuntu (compiling keys and certs into one OVPN file) - DigitalOcean website - see Step 4
- OpenWRT - How to set up OpenVPN TAP Bridge between two routers by Prime Tech Guides (YouTube)
- Copy Link
- Report Inappropriate Content
@Andreicd - thanks for the heads up. It seems you have been trying to do something similar to me. I'll take your advice and switch to open source routers so I have more flexibility with configuration. The ER605's I purchased have worked just fine for the test project I needed them for, but was hoping they would be a little more versitile with what I'm trying to do now. Here's hoping I can find another way to repurpose them, but in the long run I suppose it's been a waste of money since they were only in use for 6 months. Perhaps TP-Link will release another firmware down the road which will give them more options for configuration.
- Copy Link
- Report Inappropriate Content
@thisisliam I first spoke with TP-Link support in December last year, after using the router for about 5 months and after talking notes of all the issues I found. They told me that a firmware that would fix some of the issues I described should come somewhere in June 2023, they were familiar with some of the issues, some of them were new to them. The latest firmware that came out in February did fix a small number of the and added some new features, but nothing to be excited about, since they still work so so...
So after more than half a year there's no improvement, and don't even know if it's worth keeping the router in hopes of a magic firmware that fixes everything and maybe gets the router to start singing with joy 😂
- Copy Link
- Report Inappropriate Content
Hi @Andreicd
Andreicd wrote
@thisisliam I'm running an OpenVPN server on pfSense and I had to manually create the .ovpn file to load the server settings on to the ER605. There is no template for it, I actually downloaded a config file from an Asus router and modified it.
Long story short, I would go and buy another router. I have been struggling with the ER605 for a year now, trying to get OpenVPN to work in various configurations. Key points:
- you can't use a domain name as the VPN server address (the little help icon says you can)
- you can only use one WAN port for the VPN connection (if a primary WAN fails for any reason, the VPN tunnel goes down)
- you can't use a USB modem for the OpenVPN client interface (even if it's your only WAN connection available)
First, the current firmware of the controller(V5.12) and firmware of the router does not show that the domain name is supported in OpenVPN client.
If you have this in a screenshot, that would be better. Also, please specify the version.
Second, I don't see this in the roadmap as well.
Third, USB WAN is dedicated to the link backup. We don't have a plan to add this to be a VPN client interface.
But thanks for bringing this up again, and I will report it again.
Andreicd wrote
Besides the OpenVPN poor implementation I've noticed that WAN failover is a joke, DHCP address reservation kind of works (only after the latest firmware), if a primary WAN fails, the devices connected to the router loose internet connection and struggle to get back online on the backup WAN.
I hade so much hope for this router when I bought it, seeing that it says "VPN ROUTER" on the box, and saddly I will also have to replace it with a consumer grade router that actually does what this one is supposed to to and also has WiFi.
About the link backup and failover mechanism, please refer to the other post in the forum. I won't explain it again here.
ER605 is not switching clients to the other WAN when the one connected goes offline
OpenVPN, GRE, Wireguard and SSL VPN are all new types added by firmware updates. We still keep adding more and more features to them. In the meantime, we still have a lot of other features to be implemented. Not just VPN. So, some VPN features may be delayed while we are working on other stuff.
- Copy Link
- Report Inappropriate Content
@Clive_A Thanks for replying. The router version is 2.0. In the OpenVPN client configuration, if you click the question mark at the top right screen, under "remote server" it says: "Enter the IP address or domain name of the OpenVPN server".
I know the USB wan is used just as a backup link so why not use a router that you just load an ovpn file and it just works? Regardless of the wan connection, it switches over from one wan interface to another, it supports domain name in the config, price is the same and also has wireless 😅
- Copy Link
- Report Inappropriate Content
Hi @Andreicd
Thanks for posting in our business forum.
So I gotta say there are different people getting this stuff for different use. I am not sure what kind of device you are talking about and I am well aware of the open-source firmware on GitHub that is the most advanced and fully updated one.
I have built my owner server with a bunch of PCIE slots used for Ethernet, fiber and stream cards. I also have commercial routers/AP from cheap prices to high-end gaming routers and wired ones.
The product is for certain groups of people who are not that tech savvy. They require VLAN (interface) or other features. They prefer pre-built stuff from manufacturers. For the same price, you probably can get decent home stuff that meets your need. But other people still buy this thing for other purposes.
Yup, you can buy online for server parts and build up your server and set up your own server with a lot of PCIE stuff to extend your server. Install Docker, NAS and open source firmware to replace a commercial product.
To be honest, this year, Omada series have added too many more features than years before. This is not the only product line we gotta maintain. One step at a time.
There will also have big changes in the product line. I cannot leak any other information but you can expect this Omada product line to become better and more competitive.
What's the firmware of your router? The domain name for the openVPN server is in the roadmap. Not sure when it will come, but it will.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1455
Replies: 8
Voters 0
No one has voted for it yet.