Hello TP-Link Support and Community,

I have two separate TP-Link Deco networks set up in different geographical locations, both managed under the same TP-Link ID. My goal is to connect these networks into a unified system using a VPN, enabling devices on both networks to communicate as if they were on the same local network, ideally functioning as peers. Additionally, I would like to explore the possibility of having a single, unified Wi-Fi network across both locations and gain secure access to this virtual network from outside the defined locations.
 

Network Setup:

Location 1:

• Device: Deco BE-65 5G (Hardware version: 1.0, Firmware: 1.05 Build 20240904 Rel. 22287)
• ISP: Telia Finland (4G/5G mobile network)
• Public IP: Dynamic, but seems stable while the connection is active. However, a public IP is not guaranteed.
   

Location 2:

• Device: Deco X50 (Hardware version: 1.0, Firmware: 1.6.1 Build 20241010 Rel. 65389)
• ISP: DNA Finland (Fiber connection)
• Public IP: Dynamic, but seems stable while the connection is active. However, a public IP is not guaranteed.
   

Both locations are visible and manageable through the Deco app. Neither location has a static public IP address. I am not sure of the hardware version of the BE65 but I have bought this device in summer 2024 from a local retailer and I beleive there is only Hardware version: 1.0.
 

Objectives:

I want to establish a VPN connection between these two networks to create a seamless, unified network environment. Ideally, I'd prefer a peer-to-peer setup where devices can communicate directly without unnecessary routing. Due to its performance and security advantages, I'd prefer to use the WireGuard protocol if possible.
 

Questions:

1. WireGuard Support: Do the Deco BE-65 5G and/or Deco X50 support WireGuard VPN connections? If yes, which specific firmware versions are required for this functionality?
2. Server Configuration: If WireGuard is supported, which Deco device (BE-65 5G or X50) should ideally act as the VPN server? Or should both be configured as servers for a true peer-to-peer setup?
3. Detailed Configuration: Could you provide detailed, step-by-step configuration instructions for both Deco devices to establish the WireGuard VPN connection between the two networks, assuming a peer-to-peer setup is the goal?
4. DDNS Recommendation: Since I don't have static public IP addresses, a DDNS service might be necessary. Is using a dynamic IP with DDNS a better option than relying on a potentially changing public IP? Is there a recommended DDNS service that is known to be compatible with Deco devices, particularly for this use case?
5. Alternative VPN Protocols: If WireGuard is not supported, what alternative VPN protocols (OpenVPN, L2TP/IPSec, PPTP) are available on these Deco models? Could you provide guidance on which would be best suited for a peer-to-peer network connection and any relevant configuration steps?
6. Limitations and Performance: Are there any specific limitations or performance considerations I should be aware of when connecting two Deco networks in this manner? What kind of throughput and latency can I realistically expect?
7. Tailscale/Zerotier Integration: Would it be possible to leverage Tailscale or Zerotier within this Deco setup to simplify the connection process and potentially improve performance? If so, how would I go about integrating them?
    

Product Development Idea:

Finally, I'd like to propose an idea for future Deco product development. It would be incredibly beneficial if TP-Link could offer a built-in, cloud-based service within the Deco app that simplifies this entire process. Imagine a feature where users could simply select two or more Deco networks under their account and choose to "merge" them into a single virtual network. The service could automatically handle all the VPN configuration, DDNS setup, and routing behind the scenes, presenting the user with a seamless, unified network experience. It could even manage a single Wi-Fi network across all locations using a consistent SSID and password and provide secure access to this virtual network from outside the defined locations. This would abstract away all the complexities of VPN protocols, IP addresses, and port forwarding, making it accessible to a much wider audience. Such a feature, managed seamlessly within the Deco app, would be a game-changer for users with multiple locations and would significantly enhance the value proposition of the Deco ecosystem. While this is obviously a large and complex product development idea, I believe it's worth considering.
 

Thank you in advance for your assistance. I look forward to your insights and recommendations on how to best connect my two Deco networks.
 

Best regards,

Risto