TL-R600VPN multiple IPSec Client-to-LAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

TL-R600VPN multiple IPSec Client-to-LAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-R600VPN multiple IPSec Client-to-LAN
TL-R600VPN multiple IPSec Client-to-LAN
2020-11-13 16:59:13 - last edited 2021-04-18 10:40:39
Model: TL-R600VPN  
Hardware Version: V4
Firmware Version: 4.0.4 Build 20200313 Rel.41831

I am trying to setup multiple Client-to-LAN connections so multiple users can connect to the local network remotely and securely.  

 

Of course the remote gateway I am setting as 0.0.0.0 since users might be using the vpn from a laptop so there is no fixed place, plus users do not have static IPs on their internet at home.

 

But, when I start setting up the second connection I get the follwing error:

 

For an IPsec policy with the same IP address at both ends, the pre-shared key should be kept the same.

 

I mean this doesn't make sense to me.

 

Can someone help maybe already met this issue please?

  0      
  0      
#1
Options
11 Reply
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-15 01:51:29 - last edited 2021-04-18 10:40:39

@ChrisCassar Hi, I was just actually doing what you're doing.

 

The IPSec, in the advanced, set it to Responder, then what I do is add Name for Local and Remote (just below) and I only use 1 IPSec policy per user, then I can use a client like Shrew, build the profile, test it, then export it out as a file, send it to the user to import into a version on their end, and they can connect with ease.  If they leave the the place where the IPSec policy is, merely remote in with yours and disable theirs, reuse it for someone else later (just change the setup some).

 

That should do the trick.

  0  
  0  
#2
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-16 07:34:56 - last edited 2021-04-18 10:40:39

@BBI 

 

Thanks for the reply.

 

I have set it to responder and I am putting in a name as you did in local and remote id.

 

The problem I have tho is that when I try to set the second policy for another user it does not let me.  I set the remote host 0.0.0.0

 

what did you set that as?

  0  
  0  
#3
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-16 13:51:29 - last edited 2021-04-18 10:40:39

@ChrisCassar Set to 0.0.0.0 for the remote.

 

Have you checked your unit for the latest firmware, just a thought, as I know it only complained about that if I didn't have it set to Responder, as soon as I did, it saves.

  0  
  0  
#4
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-16 17:20:35 - last edited 2021-04-18 10:40:39

@ChrisCassar This is the one I did, it is the second one in the list.

 

  0  
  0  
#5
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-17 08:21:05 - last edited 2021-04-18 10:40:39

@BBI 

 

when I setup the second client-to-lan policy I still get the same error:

 

 

You are setting multiple policies right? so each user has a separate policy.  You are not using same policy for all uesrs right?

  0  
  0  
#6
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-17 12:22:55 - last edited 2021-04-18 10:40:39

Dear @ChrisCassar,

 

But, when I start setting up the second connection I get the follwing error:

For an IPsec policy with the same IP address at both ends, the pre-shared key should be kept the same.

 

If your purpose is to allow multiple users to connect to the local network remotely and securely, why not choosing L2TP Client-to-LAN VPN? With which, you don't need to specify the remote gateway, neither you need a 3rd party IPSec VPN Client, but simply connect with the built-in VPN client on the clients for the VPN connection. Here is the configuration example for your reference.

https://www.tp-link.com/support/faq/2158/

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#7
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-17 13:57:28 - last edited 2021-04-18 10:40:39

@Fae 

 

Thanks for your repoly but L2TP is not considered secure.

 

That is why I need a reliabel and secure IPSec Vpn solution.

  0  
  0  
#8
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-17 14:52:40 - last edited 2021-04-18 10:40:39

@ChrisCassar Try using the same Pre-shared Key and see if it works, as the ones I have are identical, if I change it, I get that error.

 

  0  
  0  
#9
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-18 17:42:04 - last edited 2021-04-18 10:40:39

@ChrisCassar 

 

Thanks for the replies but we re going in circles here.

 

All I need is to setup individual separate IPSec policies for multiple users to connect securely over VPN.

 

Altough this product has "VPN" in the model its actual features are very dubious to me!

 

I do not see why I need to put same pre-shared key on policies and why i should keep same settings on different policies, it s just a waste of time, thats how it feels.

 

Think I'll just trash this device and be done with it!

  1  
  1  
#10
Options
Re:TL-R600VPN multiple IPSec Client-to-LAN
2020-11-19 02:57:03 - last edited 2021-04-18 10:40:39

Dear @ChrisCassar,

 

I am trying to setup multiple Client-to-LAN connections so multiple users can connect to the local network remotely and securely.  

Of course the remote gateway I am setting as 0.0.0.0 since users might be using the vpn from a laptop so there is no fixed place, plus users do not have static IPs on their internet at home.

But, when I start setting up the second connection I get the follwing error:

For an IPsec policy with the same IP address at both ends, the pre-shared key should be kept the same.

 

It's a pity that the TL-R600VPN router only allows one pre-shared key for the IPSec policy that has the same IP address at both ends.

 

If you want to offer different pre-shared keys for the users, but the remote gateway has to be 0.0.0.0, I'm afraid that it cannot meet your requirement.

 

For your case, I've reported to the developer team for future evaluation. Thank you so much for posting the problem on the TP-link Community!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#11
Options

Information

Helpful: 0

Views: 3082

Replies: 11