help with creating a simple VPN with TLR600VPn
Good night, I would like the help of someone more experienced. I'm trying to set up a simple VPN to interconnect two stores at different addresses, I'm trying to do it according to the manuals available on the model's website, but I couldn't understand how to proceed with links with gcnat and static ip, because I use it for Net internet by the way a crap, I asked for the opening of doors (80, 8080,1701,1723, 500,4500 ... among others for the creation of vpn and other applications, but I was unable to confirm if in fact they were opened, a tremendous bureaucracy) .
I'm asking for a fixed IP to see if it helps, but while I'm trying to get it now. my biggest doubt is in relation to the ips, in the part where the ipsec ipsec lan ips are configured for lan until i understood correctly, but not the direction of the ports there that the bug catches, because, as the ip of the net modem is 192.168.0.1 and the vpn router is 192.168.1.1, I cannot redirect the ip of the vpn router inside the net modem, as they are different, I even tried to leave the modem as a bridge, but that also doesn't work. I made all possible combinations, but when I check if the tunneling is not going, the topology looks something like this:
Store A net modem ip: 192.168.0.1 = dynamic ip TLR600VPn router 192.168.1.1
Shop B hi modem ip: 192.168.2.1 = fixed ip 202.192.0.1 TLR600VPn router 192.168.3.1
So, I would like to know how to distribute the ips so that there is no conflict or overlap and how to properly redirect the ports using the correct ips and what is the simplest correct configuration within the TLR600VPn router thank you very much help
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @sandrodiasalves,
I even tried to leave the modem as a bridge, but that also doesn't work. I made all possible combinations, but when I check if the tunneling is not going, the topology looks something like this:
Store A net modem ip: 192.168.0.1 = dynamic ip TLR600VPn router 192.168.1.1
Shop B hi modem ip: 192.168.2.1 = fixed ip 202.192.0.1 TLR600VPn router 192.168.3.1
It seems that the TL-R600VPN routers are behind NAT (the modem/router) as the WAN IP addresses on the TL-R600VPN are private IP 192.168.0.X and 192.168.2.X. To set up the VPN successfully, you may need to open ports on the front NAT devices, make sure the ports (UDP 500 & UDP 4500) are open for the two R600VPN routers.
Note: if the WAN IP address on the TL-R600VPN router is still a private address when you set the modem as bridge mode, you may need to contact your ISP to open the ports so that you can set up the VPN connection.
Here is a detailed configuration guide for your reference (refer to the optional step - 2.2.3 Implement configuration for NAT devices)
IPsec LAN-to-LAN VPN Configuration- 2.2.3 Implementing configuration for NAT Devices
In addition, please also check the firmware update for the router, it's suggested to use the router with the latest firmware.
https://www.tp-link.com/support/download/tl-r600vpn/v4/#Firmware
- Copy Link
- Report Inappropriate Content
The TL-R600VPN routers are receiving public IP from the modems, but my problem is precisely how to define and configure the IPs, for example which will be the Remote Gateway within the router's IPSEC VPN configuration, it must be the operator's public IP or the modem IP?
Regarding the direction of ports, I contacted the operator, and they informed me that my IP does not teach in GCNAT and that there are no port restrictions, but to test if there would be no problem, I tested a port (7070) calling my computer directly to the operator's modem in bridge mode and it worked perfectly, but when testing with the TL-R600VPN router creating the Virtual server for my computer's ip, it didn't work the port is blocked, I believe that this is not due to router or computer firewall
Another question regarding port forwarding, in the case of IPSEC configuration, which IP would you use to do the port forwarding (Internal Server IP), would be the IP that comes from the modem? Or the IP of the TL-R600VPN router itself?
Another question is how to proceed with the dynamic IPs of the operator, I try to keep in mind that they are renewed with each restart of the modem, would it be necessary to use DDNS and how would that not be practiced?
I don't know if I can post a backup file of the router to see how my configuration is and modify it correctly, but if I could it would be an excellent alternative
I appreciate everyone's help
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Dear @sandrodiasalves,
The TL-R600VPN routers are receiving public IP from the modems, but my problem is precisely how to define and configure the IPs, for example which will be the Remote Gateway within the router's IPSEC VPN configuration, it must be the operator's public IP or the modem IP?
The Remote Gateway should be the public IP address of the remote router's side.
Another question regarding port forwarding, in the case of IPSEC configuration, which IP would you use to do the port forwarding (Internal Server IP), would be the IP that comes from the modem? Or the IP of the TL-R600VPN router itself?
The port forwarding is not done on the TL-R600VPN router but to be done on the front NAT device (modem/router), the IP address is the WAN IP address of the TL-R600VPN router.
Another question is how to proceed with the dynamic IPs of the operator, I try to keep in mind that they are renewed with each restart of the modem, would it be necessary to use DDNS and how would that not be practiced?
If the public IP address is dynamic which would be changed after a restart of the modem, it would be necessary to configure DDNS to fix the public IP address to a domain name so that you don't need to reconfigure the IPSec VPN with the new public IP address to get the connection back. There is a configuration example for DDNS on the TL-R600VPN router you may refer to (Page 193-194).
https://static.tp-link.com/2018/201810/20181031/1910012490_TL-R600VPN_UG.pdf
- Copy Link
- Report Inappropriate Content
Bom dia Gostaria de agradecer ajuda, mas ainda infelizmente não consegui estabelecer a conexão, creio que seja uma questão de porta,
No modem B fiz o redirecionamento para o roteador que esta Ligado nele
Ja no modem A que estã em modo bridge como seria o redirecionamento? seria para o ip publico do modem ? ou nao seria necessario ?
E possivel compartilhar o arquivo de backup de um roteador devidamente configurado proximo essa topologia que estou usando, assim poderia comparar se tem algo que não estou vendo ?
obrigado
- Copy Link
- Report Inappropriate Content
Dear @sandrodiasalves,
Sorry I can only help in English.
From the following picture, I notice that you have UDP port 500 & 4500 mapped for the internal host 192.168.200.13.
Does the TL-R600VPN behind modem B have WAN IP address 192.168.200.13?
There is no need to configure the virtual server on the TL-R600VPN router. If you still cannot get the VPN established successfully, please upload a document that includes the two Routers' Status and IPSec VPN configuration page (including Advanced Settings), as well as Log info for checking.
- Copy Link
- Report Inappropriate Content
Segue as telas de todas a configurações dos Roteadores
Segue primeiro a telas do roteador TL-R600VPN designado como 01
O roteador A segundo a operadora de internet não nehum bloqueio de portas e não passa por nenhum outro nat
Redirecionamento feito no modem
Redirecionamento de portas feito dentro do TL-R600VPN talvez seja redundande, mas fiz
Configuração do IPSEC do TL-R600VPN - 01
Configuração DDNS
Segue as detas do segundo roteador
Telas do redirecionamento feito no modem B
Tela do redirecionamento feito no roteador B
Configuração IPSEC feita no roteador B
Uma duvida, e desculpem a falta de conhecimento, mas como posso fazer um teste das portas 500, 4500 ? pois mesmo indo em qual quer site que testa portas, coloco o ip publico que recebo da operadora diz como fechado, mesmo tendo feito o devido redirecionamento no modem
Alem dessas configurações de ipsec, ddns, servidores virtuais, há alguma outra configuração no TLR600VPn como balanceamento de carga ou firewall que possa está afetando ?
- Copy Link
- Report Inappropriate Content
Dear @sandrodiasalves,
Thank you for your reply with detailed information. Sorry that there is still no progress after multiple replies.
To better assist you, I'd like to escalate your case to our senior engineer who could help you more efficiently.
They will reach you later via your registered email address, please pay attention to your email box and reply back for further assistance.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1999
Replies: 8
Voters 0
No one has voted for it yet.