Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada
Hello to everyone
Can anyone try to connect through IPsec VPN Mikrotik Routerboard hEX router to TP-LINK TL-R605 omada router. I will give a try for this. If anyone has more info about it, could you please support us! Thanks
Here is my topology
Thanks in advance!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @xperiments,
xperiments wrote
Can anyone try to connect through IPsec VPN Mikrotik Routerboard hEX router to TP-LINK TL-R605 omada router.
The parameters name may differ between Mikrotik and TP-Link.
But the configuration process is similar to the setup for Site-to-Site IPSec VPN between two TP-Link routers.
- Copy Link
- Report Inappropriate Content
Here is my configuration of TL-LINK TL-R605
Here is my configuration of Mikrotik
And nothing happen!
- Copy Link
- Report Inappropriate Content
And what about client-to-site VPN. Settings same as if you want to connect PC to VPN server (Mikrotik). I am using this setup and all computer behind r605 can access other network (VPN server network). I do not know if it is possible to access other way - from VPN server network. It is not a problem for my needs.
- Copy Link
- Report Inappropriate Content
I make some changes
TP-LINK Configuration
Mikrotik Configuration
I see in some video tutorials for mikrotik that phase 1 is configuration of profiles and phase 2 is proposals.
Also as you can see for tplink configuration i convert lifetime in seconds
08:00:00 is 28800 seconds
1d is 86400 seconds
And VPN dont WORK. Any advice??
Thanks a lot in advance
- Copy Link
- Report Inappropriate Content
@xperiments Any advice ????
- Copy Link
- Report Inappropriate Content
@xperiments Try to deactivate DPD, I have no good experienc with this, I have a lot off vpn to Cisco ASA and have to deactivate DPD.
And not use ALL on local networks, select only 1 network, LAN for exsample.
- Copy Link
- Report Inappropriate Content
Have you figered this out? My situation is an microtik router and TL-R605.
I also can't make a working configuration.
With this settings(on microtik) it is working but i think it's no secure:
- Ipsec Proposal
- PFSgroup=none
- encr algorithms = 3des
- IPsec profile
- encr algorithms = 3des
Best regards,
Michel
- Copy Link
- Report Inappropriate Content
I think you posted the same on Mikrotik's forums and I replied there as well. But for completeness sake, here's my config. It uses the most secure settings available between the two routers. The limiting factor here is the ER605 which doesn't expose a lot of cipher options.
Got it to work for my setup where the Omada device is on a static IP and the Mikrotik RB4011 is on a dynamic IP, initiating the IPSec tunnel from it's side.
TL-R605 Firmware: 1.1.0
RB4011 Firmware: 6.49beta46
Here are my settings:
Mikrotik side:
/ip ipsec profile add dh-group=ecp521 enc-algorithm=aes-256 lifetime=8h name=omada /ip ipsec peer add address=<static WAN IP of Omada Device> exchange-mode=ike2 name=omada profile=omada /ip ipsec proposal add enc-algorithms=aes-256-cbc lifetime=8h name=omada pfs-group=modp1536 /ip ipsec identity add my-id=fqdn:remote.example.com peer=omada secret=<your PSK> /ip ipsec policy add dst-address=192.168.0.0/24 peer=omada proposal=omada src-address=10.0.0.0/24 tunnel=yes
Omada Settings:
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4519
Replies: 8
Voters 0
No one has voted for it yet.