AXE5400 The client IP address conflicts with the DHCP IP address pool.
Additional annoying thing: I could not select my TP-Link Archer AXE5400 model when writing this new thread. The model field does not know this router so I put the model number into the subject field of the thread.
Actual issue:
I’m trying to set up a VPN Server on an Archer AXE5400 Tri-Band Wi-Fi 6E Router. The router is connected to a small LAN with a windows server 2016 machine and a few PC-s and printers.
DHCP server is running on the windows server 2016 machine and provides addresses to clients in the range 10.11.12.1 – 10.11.12.199.
I would like to connect to this LAN and access hard drives on the windows 2016 server machine and use some printers.
I switched off the DHCP server in the router, because IP addresses are provided by the Windows Server 2016 server. However I had to specify a fixed IP address as the router's LAN address. How to configure the router so, that it gets it's IP address, the same way as all other devices connected to this LAN, by using the dhcp service provided by the windows server machine.
When I enable the PPTP service on the router it requests a range of client IP addresses. Why is this necessary? The central DHCP server takes care of this. When I specify non conflicting addresses that are in the same subnet as the target LAN uses I get the following error message:
The client IP address conflicts with the DHCP IP address pool.
Questions:
- What DHCP IP pool is referenced here? The DHCP server in the router is switched off.
- The LAN uses addresses 10.11.11-10.11.12.199 why does the PPTP server service assume 10.11.12.200-10.11.12.205 would conflict?
- If I leave the default IP range untouched (10.0.0.11-10.0.0.20) then my windows 10 client can connect to the LAN but gets an address from this (10.0.0.11-10.0.0.20) range which is different from the range used by the target LAN. So my windows 10 client is not part of the target network.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, thank you very much for posting on TP-Link Community.
1. For the Archer AXE5400 model, we will add it into the community system soon, thanks a lot for the feedback.
2. To set static LAN IP address on the router to be the same LAN as windows server etc., please go to Advanced->Network->LAN of the router, then set LAN IP address as 10.11.12.x(make sure it is not used by any other device)
3. After disabling DHCP Server on the router, the router will not assign IP address to its LAN network, but it doesn't affect the VPN
4. PPTP VPN IP addresses cannot be within the same subnet as the router LAN, that is why it shows "The client IP address conflicts with the DHCP IP address pool."
5. When you connect a Windows 10 computer to the PPTP VPN server and obtain IP address 10.0.0.X from the VPN Server, even though the IP address seems different from the router LAN, it will still be able to access the router LAN.
- Copy Link
- Report Inappropriate Content
Hi Sunshine,
thank you for your quick response.
Regarding your response #2. My question was: „How to configure the router so, that it gets it's IP address, the same way as all other devices connected to this LAN, by using the dhcp service provided by the windows server machine.”
Regarding your response #4. If your response „....PPTP VPN IP addresses cannot be within the same subnet as the router LAN....” is correct, than this router seems to be useless. The goal of a VPN router is to provide access to the LAN to which the router is connected. Clients should get addresses belonging to the same subnet the router is connected to to be part of that network.
Regarding your response #5. When connecting the client machine – as you suggest – using the address 10.0.0.X, the client gets the following settings:
IP address: 10.0.0.11
Default Gateway: 0.0.0.0
DNS Servers: 10.0.0.10 which is non existent
The client is in a different subnet and can not access resources on the target LAN. Plus, the client does not know who to ask for DNS services.
To me it seems, that beta testing of this router software is left to the users. :(
My questions #1, #2, and #3 are still open.
- Copy Link
- Report Inappropriate Content
Are there any representatives from tp-link available here? Do they read these posts? Do they care? Can they respond?
- Copy Link
- Report Inappropriate Content
Hi, sorry for that I didn't read your reply in time, regarding the issue you mentioned, even though the VPN client obtains IP address from the router LAN, VPN client will still be able to access the router LAN resources, if it doesn't work now, it is recommended to follow this guide for troubleshooting:
Why can’t I access or discover certain devices over VPN?
If it doesn't help, please share with us more details about the issue, such as which device you are trying to access via the VPN, and are you able to ping it from the VPN client etc.
- Copy Link
- Report Inappropriate Content
Dear Sunshine,
thank you for your quick response. You write „even though the VPN client obtains IP address from the router LAN....”
No, unfortunately it does not obtain an IP address from the router LAN, but instead, it gets a different IP address provided by the VPN server.
Because the VPN client does not get an IP address from the router LAN it is not part of that network and can not access resources there. I think this is a bug in the router software.
- Copy Link
- Report Inappropriate Content
Could we get some support from tp-link engineering? This issue seems to me a bug in the software.
- Copy Link
- Report Inappropriate Content
@Axo_another
I'm having exactly the same issue with an AC1200 VPN server and TL_WR841N clients sold to me as a VPN package.
Can't set VPN Client Ip inside normal LAN subnet and therefore clients can't access LAN resources.
VPN connects between routers but I have no acces to LAN equipment, even if I do have the correct WAN IP from VPN clients.
Any solutions out yet?
Thanks
- Copy Link
- Report Inappropriate Content
Hi Wilki,
I exchanged quite a few emails with the TP-Link US Support about this topic.
It may seem unbelievable, but unfortunately, the level of engineers I was able to reach with my escalation request, do not even understand the problem.
Look at response number #2 in this chain from Sunshine. Look at his point 4. This is what TP-Link engineering is saying………. very sad….. :(
They don’t even understand, that the vpn client must get an address from the same subnet used by the target network, that is of course the same subnet as the router LAN interface is part of, otherwise the client is unable to use resources on the target network.
I bought the router in Germany. I also tried to escalate my problem to the German support. They promised to come back but never did. At the end, I sent back the router to amazon.de and received a refund.
Afterwards we also tried to set up a VPN connection using other TP-Link routers too. We own a TL-MR6400 router. In that router the the first three digits (!!!!!) of the PPTP client addresses are even hard coded to be 10.7.0.x You can only specify the calue of x.
With other TP-Link routers the user guide turns your attention to the fact that older firmware does not accept the VPN Client addresses to be in the same subnet as the target net, but other firmwares do require it.
I will never buy another TP-Link router.
- Copy Link
- Report Inappropriate Content
Hello @Axo_another
I thought I was the only one going crazy about this until I found the thread... Talked long and wide to Spanish tp-link support and as you said, they simply didn't seem to understand the problem, despite my best efforts.
I only got replies with documentation on how to create the connection, even If I sent them the screencap of the error message and all the rest proving there was no network visibility. Answers were always the same.
I have implemented VPN deployments with Tp-link loadbalancers without any sort of trouble, but routers don't seem to work at all, no matter the trick I've tried.
I have to say my general experience has been terrible with support.
- Copy Link
- Report Inappropriate Content
Hi Wilki,
So, the Spanish tp-link support seems to be as good as the German and the US support. Slowly it appeares to me as if ftp-link just sell the boxes but have no understanding of what is happening inside a box. It looks as if they bought the chips with the software somewhere in China but they do not understand how it works and are unable to contact the developers to ask them to fix the error.
Have you experimented with another vendor’s VPN router yet?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1355
Replies: 10
Voters 0
No one has voted for it yet.