Omada SDN gateway as OpenVPN Client

Omada SDN gateway as OpenVPN Client
Omada SDN gateway as OpenVPN Client
2020-12-24 12:19:58 - last edited 2021-11-20 11:22:27
Hardware Version: V1
Firmware Version: 1.0.0 Build 20200930 Rel.36519

Trying to set up a client-to-site VPN to an OpenVPN server which is elsewhere, so that the OpenVPN client is my TL-R605 gateway here. I've set up the configuration using "Client-to-Site", "VPN Client" and "OpenVPN" options, as below, and the configuration completes, apparently successfully. Although I've imported the ".ovpn" file, there's nowhere to enter a username or password. How do I actually connect, and how do I subsequently put in a transmission route through the VPN connection? By the way, I can successfully connect to this remote VPN server from a windows PC here using standard OpenVPN client, or even from a Synology NAS here using an OpenVPN profile, so there's no technical problem other than configuration of the TP-Link router/Omada SDN. Can anyone help?

1
1
#1
Options
1 Accepted Solution
Re:Omada SDN gateway as OpenVPN Client-Solution
2020-12-27 16:22:32 - last edited 2021-11-20 11:22:27

@penguintree I have found the solution. I used the autologin profile (.ovpn file) containing both the key and certificate, downloaded from the OpenVPN server I'm connecting to. I imported this into the VPN client configuration for the omada VPN policy and set the remote server ip address and the udp port number (not the tcp port number I was anticipating was required) - it didn't say which to use anywhere, but it's the udp one; 1194 in this case. There's no notification that the VPN has connected successfully available anywhere from the omada controller, which makes diagnostics really difficult - the only way I can be certain is to look at the admin console for the remote OpenVPN server, or to direct all LAN traffic through the VPN and do a tracert or "whatsmyip".

Recommended Solution
3
3
#4
Options
25 Reply
Re:Omada SDN gateway as OpenVPN Client
2020-12-25 11:03:04

Dear @penguintree,

 

Although I've imported the ".ovpn" file, there's nowhere to enter a username or password. How do I actually connect, and how do I subsequently put in a transmission route through the VPN connection? 

 

I'm afraid that it only supports to import the ".ovpn" file when the TP-Link router works as OpenVPN Client.

If you need to enter a Username and Password to get connected, sorry that TP-Link router cannot do this job.

New to the TP-Link Community? Getting Started from this thread: https://community.tp-link.com/en/business/forum/topic/551684
1
1
#2
Options
Re:Omada SDN gateway as OpenVPN Client
2020-12-25 16:37:35

@Fae Thanks for the reply. I *am* trying to use the TP-Link router as OpenVPN Client and that's why I'm trying to import the ".ovpn" file. I also have control over the OpenVPN Server (at the other, remote end). I now realise that I can set the remote server to allow auto-login or server-locked profiles (therefore not requiring username and password), which I've done so I've also generated and exported those profiles and tried importing them into the TP-Link router. I am sure that the router is supposed to do be able to work as an OpenVPN client, it's just that I clearly don't understand how to configure it to connect. Can anyone at TP-Link help? I won't be the only person who needs to know this. Thanks in advance.

Fae wrote

Dear @penguintree,

 

Although I've imported the ".ovpn" file, there's nowhere to enter a username or password. How do I actually connect, and how do I subsequently put in a transmission route through the VPN connection? 

 

I'm afraid that it only supports to import the ".ovpn" file when the TP-Link router works as OpenVPN Client.

If you need to enter a Username and Password to get connected, sorry that TP-Link router cannot do this job.

 

0
0
#3
Options
Re:Omada SDN gateway as OpenVPN Client-Solution
2020-12-27 16:22:32 - last edited 2021-11-20 11:22:27

@penguintree I have found the solution. I used the autologin profile (.ovpn file) containing both the key and certificate, downloaded from the OpenVPN server I'm connecting to. I imported this into the VPN client configuration for the omada VPN policy and set the remote server ip address and the udp port number (not the tcp port number I was anticipating was required) - it didn't say which to use anywhere, but it's the udp one; 1194 in this case. There's no notification that the VPN has connected successfully available anywhere from the omada controller, which makes diagnostics really difficult - the only way I can be certain is to look at the admin console for the remote OpenVPN server, or to direct all LAN traffic through the VPN and do a tracert or "whatsmyip".

Recommended Solution
3
3
#4
Options
Re:Omada SDN gateway as OpenVPN Client
2021-03-02 02:23:57 - last edited 2021-03-02 03:00:32

@penguintree 

 

Where in the .ovpn file did you enter your login credentials? I'm attempting to duplicate your solution, but all the tutorials I find instruct the insertion of a command into the .ovpn file that points to a separate file with username and password. The TL-R605/Omada interface appears to allow only one file upload in the VPN config section.

 

Also, are you in control of the VPN server-side, or are you a VPN service client? I am a NordVPN client, so I may be following an impossible path here.

0
0
#5
Options
Re:Omada SDN gateway as OpenVPN Client
2021-10-19 20:50:44 - last edited 2021-10-19 20:53:25

Hi @deerskin I have the same issue with authentication. It does not required a username and password. Just opvn certificate file. 

I have the the Omada Software Controler with TP LInk TL-ER7206 v1.0 gateway. It is suppose to be a professional router. 

Have you found a solution ?

0
0
#7
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-11 15:10:07 - last edited 2021-11-11 15:11:55

Dear @penguintree ,

I have same scenario, but I cant see on my OpenVPN server thet ER605 as OpenVPN Client is even connecting.

 

You mentioned also routing.

 

Can you post example screenshot which routing you mentioned ?

When is the creation of VPN connection to the OpenVPN server triggered ?

I have only default routing table without choosing VPN interface (only WAN)

Static

or Policy routing

0
0
#8
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-18 03:40:47

@Peter20 Were you able to figure this out? Spent the last 3 days trying to figure this out :)

0
0
#9
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-18 14:29:26 - last edited 2021-11-18 14:30:04

@FreeWoRLD 

Not :/ I dropped the current way, and I'm using my raspberry as my OVPN client and Gateway for my entire network. ER605 is just a ...device after that to keep dialed PPOE connection to my ISP.

 

I found one topic, where the OpenVPN is even not available in Standalone mode of er605 (whic I also tried), and there is simply, No option to choose OpenVPN client.

https://community.tp-link.com/en/home/forum/topic/260684

 

 

 

It is a pitty now, hopefully Omada will keep the progress, there is so much to do.

1
1
#10
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-18 19:10:17

@penguintree Okay - this is absurd.

 

There are at least two of these threads where someone has claimed to make an Omada SDN gateway work as an OpenVPN CLIENT.  They claim it works, then vanish from the forums. Granted, it's not like I hang out here unless I have a problem either.

 

I don't mean to doubt them, but it's time to see screenshots of every single configuration required to make it happen, and a working (just mask the IPs and change 2 letters in the friggin keys to invalidate them) .ovpn file. 

 

I'm interpreting the phrase "it connects, but there's nowhere to verify it" as "it doesn't connect and I am just diagnosing the state incorrectly."   I see nothing on my OpenVPN server, no connections, no attempted connections, nada. 

 

I've even paired down my .ovpn config to better match what the router creates when it operates as an OpenVPN server... no luck. 

 

Hey, maybe it's on demand and something needs to be routed to the VPN for it to work?  Great, show just ONE EXAMPLE of how you'd set up an IP to be routed over the mythical VPN connection.  Just ONE example.

 

In short, I suspect there are these threads are created by people who put in OpenVPN connection information and assume its working and have gone on their merry way.  I'm happy to eat my words if someone can prove that ANY OpenVPN client configuration in Omada does ANYTHING.

1
1
#11
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-18 19:55:21

@penguintree 

 

What's working

Client to site Open VPN connection is working. 

Just make sure :

1. If you have the Omada Gateway behind another gateway to forword the  OpenVPn Port

2. On OpenVPn Client, after you create the connection you must put the Public IP on Server Override field.

 

What's not working :

1. VPN Status Form(from Insight menu)  is not listing clients

2. OpenVPN Connection is based only on certificate. Is not requesting a client username and password / expiration time.

3. You can not match MAC address with IP's , so if you want to make ACL rules for example is imposible to tell witch Ip to configure because DHCP is alocating them randomly. 

 

 

0
0
#13
Options