IPSEC VPN Lan-Lan and Client-Lan on the same time

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPSEC VPN Lan-Lan and Client-Lan on the same time

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPSEC VPN Lan-Lan and Client-Lan on the same time
IPSEC VPN Lan-Lan and Client-Lan on the same time
2019-09-17 20:05:40 - last edited 2021-04-19 11:53:02
Model: TL-ER6020  
Hardware Version: V2
Firmware Version: 2.0.2 Build 20180702 Rel.59031

Hi,

VPN is quite new subject for me, so I have simple problems wink

 

I have two LANs:

1) 192.168.100.0/24 via TL-ER6020 (HQ)

2) 192.168.200.0/24 via TL-ER6020 (Remote Office)

They are succesfully connected with Lan-Lan VPN tunnel.

 

Is it possible to create second Client-Lan tunnel to HQ from single remote client?

When I try to add second IPSEC policy I have "The local subnet cannot overlap with those of existing IPSec policies." error.

It's sad but I don't know what to do about it.

 

And next problem is that I can't ping any computers from 192.168.100.0 to 192.168.200.0 and vice versa. I't is mistery for me, but I CAN ping printers, NAS, but not computers...

Why?

 

Simple lan scheme below.

 

Best regards

Tom

 

 

 

 

  0      
  0      
#1
Options
5 Reply
Re:IPSEC VPN Lan-Lan and Client-Lan on the same time
2019-09-18 10:40:15 - last edited 2021-04-19 11:53:02

@TeeCee 

 

Of cource you can set up LAN to LAN VPN and Client to LAN VPN at the same time. But your current firmware version seemly have the conflict issue. Suggest to connect TP-Link Support for help.

 

For the issue that cannot ping PC, maybe caused by firewall of the PC. You can try to close the firewall for both PC then ping again.

  1  
  1  
#2
Options
Re:IPSEC VPN Lan-Lan and Client-Lan on the same time
2019-09-19 17:09:11 - last edited 2021-04-19 11:53:02

@Andone

 

Thaks for your response.

I've reported problem to TP-Link Support and they have solved it. I have beta firmware to test 

 

 

Update: it works! :-D

 

Firewall - it's very likely... Norton Security works in background. I'll try to shut Norton down.

 

Update: Norton is the cause

 

 

So.. thanks!

 

  0  
  0  
#3
Options
Re:IPSEC VPN Lan-Lan and Client-Lan on the same time
2019-09-25 20:24:45 - last edited 2021-04-19 11:53:02

Fairytale gone bad...

 

I try to add second IPSec policy for another Client-Lan user.

The same error. I do not understand it. Why can't I have more than one client having the same acces to the same local subnet???

 

It is annoying... :-/

  0  
  0  
#4
Options
Re:IPSEC VPN Lan-Lan and Client-Lan on the same time
2019-09-26 01:47:39 - last edited 2021-04-19 11:53:02
IPsec VPN will transfer the data based on the remote IP and local IP. For two VPN tunnels, remote IP cannot overlap and local IP cannot overlap. Did you setup the client to LAN and use 0.0.0.0 as remote gateway? If yes, you can only setup one client to LAN entry. Because 0.0.0.0 means all IP address, so other IP address will has overlap. Unless you use different local subnet or WAN interface. You also can use L2TP over IPsec, it can use IPsec encryption so it's also secure.
  0  
  0  
#5
Options
Re:IPSEC VPN Lan-Lan and Client-Lan on the same time
2019-09-26 06:35:09 - last edited 2021-04-19 11:53:02

Thanks for your reply.

My settings are below. I want to have access from different remote host (ID 2 and 3) to the same Local Subnet. I do not use 0.0.0.0 Remote Host.

 

I thought if I can have access to one local subnet from another lan and client (ID 1 and 2) in the same time, I can add another client with different Remote Host...

 

  0  
  0  
#6
Options