IPsec - full tunneling
Hi guys! :)
I have a question to more experienced admins of TP-Link Omada solution. I'm trying to find the info on the web for few days but without luck.
Do you know if it is possible to set up Site To Site IPsec connection between two TP-Link routers with full tunneling mode? So whole traffic from Site B will be redirected to Site A and reach out to the internet using Site A as a gateway?
For now I've been able to set it by default that it can reach out to each other's LANs but every Site is reaching out to the internet using their own gateways.
Best Regards
RR
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
i'm pretty sure you can't do this with ipsec site to site.
but if you have tp-link Omada routers at both ends of the vpn, then you have two options, l2tp site to site or wireguard site to site.
I have a similar scenario where I need access to a remote network that is locked to a special IP, so I have to proxy via the network at work.
now I use wireguard but previously I used l2tp and policy routing.
I'm not sure if l2tp site to site will work but you can try.
l2tp without site to site work very well with policy route.
- Copy Link
- Report Inappropriate Content
Hi @RaRu
Thanks for posting in our business forum.
RaRu wrote
Hi,
Thank you for the response.
I'm using basic manual from TP-Link: https://www.tp-link.com/us/support/faq/3051/
My case is: I have some external services that I need to access from certain IP address - which is public IP address of my Site A office.
Therefore, I would like to redirect the traffic from Site B to also access the internet via Site A, so the IP address will match requirements of my external services.
At the same time i need to have possibility to cross access services between Site A and Site B such as File servers, Printers - so the simple: Site A OpenVPN server and Site B OpenVPN client with full tunneling config won't do.
Just asking if there is a possibility to do full tunneling in IPsec :) What I read on the net, is that IPsec S2S is mostly for LAN only :/
Best Regards
1. This guide is not a guide to set up the full tunnel. S2S is not a full tunneling. And it does not mention anything about the full tunnel.
2. You did not answer the question about the thing where you learned about the IPsec full tunneling based on the S2S tunnel. AFAIK, it should not be a thing.
Of course, S2S IPsec is created for LAN to LAN. Never saw a case for proxy. I think you barely can find anything on Google related to this topic.
S2S does not have any relation with the full tunneling. Think about the reason why you have S2S, what you config in the settings, and how it is supposed to do. From the basis, it should not exist even though routing is a concept that seems can do anything but it does not always apply in some situations.
If you need to use the proxy, just set up something else additionally INSTEAD OF messing around with the S2S IPsec.
- Copy Link
- Report Inappropriate Content
Hi @RaRu
Thanks for posting in our business forum.
I have a question for you, what is the meaning of S2S IPsec VPN in your eye and what should S2S be supposed to do in general?
Following that question, where do you learn that you can or you should set up full tunneling in S2S IPsec? Is there a specific guide you are reading and having this idea in your mind?
- Copy Link
- Report Inappropriate Content
Hi,
Thank you for the response.
I'm using basic manual from TP-Link: https://www.tp-link.com/us/support/faq/3051/
My case is: I have some external services that I need to access from certain IP address - which is public IP address of my Site A office.
Therefore, I would like to redirect the traffic from Site B to also access the internet via Site A, so the IP address will match requirements of my external services.
At the same time i need to have possibility to cross access services between Site A and Site B such as File servers, Printers - so the simple: Site A OpenVPN server and Site B OpenVPN client with full tunneling config won't do.
Just asking if there is a possibility to do full tunneling in IPsec :) What I read on the net, is that IPsec S2S is mostly for LAN only :/
Best Regards
- Copy Link
- Report Inappropriate Content
i'm pretty sure you can't do this with ipsec site to site.
but if you have tp-link Omada routers at both ends of the vpn, then you have two options, l2tp site to site or wireguard site to site.
I have a similar scenario where I need access to a remote network that is locked to a special IP, so I have to proxy via the network at work.
now I use wireguard but previously I used l2tp and policy routing.
I'm not sure if l2tp site to site will work but you can try.
l2tp without site to site work very well with policy route.
- Copy Link
- Report Inappropriate Content
Thank you for your time, I'll try other VPN methods then. See if some will work for me better than IPsec :)
- Copy Link
- Report Inappropriate Content
Hi @RaRu
Thanks for posting in our business forum.
RaRu wrote
Hi,
Thank you for the response.
I'm using basic manual from TP-Link: https://www.tp-link.com/us/support/faq/3051/
My case is: I have some external services that I need to access from certain IP address - which is public IP address of my Site A office.
Therefore, I would like to redirect the traffic from Site B to also access the internet via Site A, so the IP address will match requirements of my external services.
At the same time i need to have possibility to cross access services between Site A and Site B such as File servers, Printers - so the simple: Site A OpenVPN server and Site B OpenVPN client with full tunneling config won't do.
Just asking if there is a possibility to do full tunneling in IPsec :) What I read on the net, is that IPsec S2S is mostly for LAN only :/
Best Regards
1. This guide is not a guide to set up the full tunnel. S2S is not a full tunneling. And it does not mention anything about the full tunnel.
2. You did not answer the question about the thing where you learned about the IPsec full tunneling based on the S2S tunnel. AFAIK, it should not be a thing.
Of course, S2S IPsec is created for LAN to LAN. Never saw a case for proxy. I think you barely can find anything on Google related to this topic.
S2S does not have any relation with the full tunneling. Think about the reason why you have S2S, what you config in the settings, and how it is supposed to do. From the basis, it should not exist even though routing is a concept that seems can do anything but it does not always apply in some situations.
If you need to use the proxy, just set up something else additionally INSTEAD OF messing around with the S2S IPsec.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 576
Replies: 5
Voters 0
No one has voted for it yet.