Omada SDN gateway as OpenVPN Client

Re:Omada SDN gateway as OpenVPN Client
2021-12-01 16:06:34

@Peter20 

I would also like a copy of your config file for setting up a OpenVPN client on the ER605. I have the OpenVPN access server set up and it works on a limited basis. I can connect a client application from a laptop to the server and see the tunnel connection in the Insight tab/VPN tunnel/server status but the tunnel stops there at the ER605/OpenVPN server. I don't have access to any domain services such as the web server and file shares. I researched OpenVPN server set up on their web site and they state that an additional configuration must be installed to allow the server to encompass additional IP address within the domain to access additional resources. TP-Link doesn't have that option available for their OpenVPN access server that I know of. Maybe if I can set up the client configuration to allow the tunnel to pass through the ER605 to an actual OpenVPN access server I can mount on a Linux virtual platform, I can get a working enterprise VPN tunnel for my domain resources.

0
0
#26
Options
Re:Omada SDN gateway as OpenVPN Client
2021-12-18 10:52:12

Hi @todonal 

Not sure if I understood your request.

 

How I gave up with ER605:

ER605 is just my gateway, it is not runiing OpenVPN server, and it is also not connecting to my VPN server as VPN client.

 

I moved all responsibility to my previous "gateway" - Raspberry PI.

 

On ER605 I'm only Natting 1:1 all ports to my Raspberry which acts like router from my entire LAN.

This Pi is running OpenVPN server, so if Im outside somewhere, I can connect to my home and browse internet through my home.

This PI is also VPN client it is connecting to my OpenVPN server in the internet to hide my real IP address (from my ISP).

 

For oVPN server I used this script https://github.com/Angristan/OpenVPN-install. It wors like a charm, easy to manage/add/remove users, very satisfied.

0
0
#27
Options
Re:Omada SDN gateway as OpenVPN Client
2022-01-05 12:43:34 - last edited 2022-01-05 12:49:38

I finally succeeded in setting the ER605 as OpenVPN client (on two WANs by the way), and redirecting all network traffic through it. I just followed TP-Link official tutorial (using OpenVPN server's UDP port as mentioned by @penguintree), BUT the main trick is that you have to reboot the ER605 once the config is finished.

1
1
#28
Options
Re:Omada SDN gateway as OpenVPN Client
2022-03-30 22:06:05

I used the ER605 updated to Frimware version: 1.2.0 Build 20220114 Rel.76871 It has the option for an OpenVPN client without needing the Omada controller (I did use the controller to update the firmware on the ER605, so maybe that's why the openvpn section showed up?)

 

Setup: ER605 behind CG-NAT (Starlink) connecting to OpenVPN Access Server hosted in AWS.

 

The tunnel wasn't showing up so I started jacking with the .ovpn. I noticed some iroute and push routes down in the "Extra user defined configuration" section. Got rid of those and the tunnel came up (took about 5-10 seconds to show up after the page loaded). Traceroute verifies all traffic is going through the VPN.

0
0
#29
Options
Re:Omada SDN gateway as OpenVPN Client
2022-03-31 20:40:43 - last edited 2022-04-04 05:17:16

  @phlip I'm trying to configure the connection to surfshark (SS) but without success.
I tried with the controller, but after a while i noticed your last post and I upgdaded the SO CALLED VPN ROUTER. 

Assume I want to forward all my LAN to the VPN tunnel, is this config correct (Local network especially)? The OVPN file is the one provided by SSand is reported below. No athentication is inserted even though SS tells me to insert it manually for the connection... Thank you

 

 

OVPN FILE:

 

client
dev tun
proto udp
remote <IP port>
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0

remote-cert-tls server

auth-user-pass

#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC

auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
<omissis>
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

<omissis>
-----END OpenVPN Static key V1-----
</tls-auth>

 

1
1
#30
Options
Re:Omada SDN gateway as OpenVPN Client-Solution
Monday - last edited Tuesday

Hello all, I had same issue before and able to get it working (if anyone is still alive in this thread):


I have a video of how to configure the OpenVPN Server, as well as what to put in the Omada. I used the OpenVPN Access Server you can download at openvpn dot net

 

If you dont like to watch the video, these are the keypoints that worked for me:

* Must use tls-auth (Omada does not support (yet) tls-crypt or tls-crypt v2)

* Must have auto-login allowed for the account

* Must download the .ovpn generated by the server

* Follow the User Guide on how to create Omada OpenVPN client

 

Video

 

Recommended Solution
2
2
#31
Options
Re:Omada SDN gateway as OpenVPN Client
Yesterday

  @Death_Metal 

 

Nice video .  Thanks

0
0
#32
Options