Implemented Openvpn & Ikev2 missing in standalone mode of ER605(aka TL-R605)
Hello all,
I currently use TL-R605 router at my home, and I find it quite efficient. I use it in standalone mode because I appreciate the user interface and the functionalities it offers, but I'm a little bit disappointed by the impossibility to use either Openvpn or IKeV2 vpn protocols for my 'client to router' vpn connexion. And it's a little bit frustrating to see that it seems possible using Omada, but I don't want to use Omada (because I don't easily find some options I use in standalone mode, and I want to access the router parameters page in a simple manner with my browser).
The question : do you think IKev2 (or Openvpn) could be made available in standalone mode through a next firmware ?
I'd like to move from IKev1 to IKev2 for 2 reasons : first because it is considered more secure in a number of sites, and also it includes NAT traversal, which would be useful in my case. I don't really understand the rationale to propose these protocols in Omada mode and not in standalone mode, neither not proposing them in the standalone mode, in such a recent router. Please TP-Link, implement, if it is possible, this kind of possibility in a next firmware update !
Thanks for reading,
Benjamin
Edit April 15th :
@Fae do you think these improvement could be included in a next firmware update ?
@all : if you would also be interested by Openvpn & IKev2 in standalone mode, don't hesitate to reply or send a Kudos, to promote this evolution - thanks in advance ;-)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @Ben-91,
Ben-91 wrote
Can you confirm that Ikev2 is indeed available in standalone mode on the v2 ? and if yes, any chance to have the same possibility on the v1 ?
Yes, Ikev2 is supported in both Standalone and Controller mode on the ER605 V2.
The ER605 V1 will support the Ikev2 in Standalone mode on the subsequent firmware update.
- Copy Link
- Report Inappropriate Content
@Fae thanks a lot for this quick answer !
any idea of when the firmware update will be distributed ? I think we're a number of customers waiting for this since August. Thanks in advance, Ben
- Copy Link
- Report Inappropriate Content
Dear @Ben-91,
Ben-91 wrote
any idea of when the firmware update will be distributed ? I think we're a number of customers waiting for this since August. Thanks in advance, Ben
Sorry that I haven't been informed of the release date for the new firmware.
I'll keep an eye on it and update this post once there is new firmware available.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Fae Hi Fae, I noticed that the updated firmware for v1 hardware was released recently, and could see that indeed Openvpn was now available. However, it seems that Ikev2 is still missing, do you confirm ? was it what you meant in the subsequent firmware release : after the one including Openvpn ?
Thanks in advance,
Benjamin
- Copy Link
- Report Inappropriate Content
Dear @Ben-91,
Ben-91 wrote
@Fae Hi Fae, I noticed that the updated firmware for v1 hardware was released recently, and could see that indeed Openvpn was now available. However, it seems that Ikev2 is still missing, do you confirm ? was it what you meant in the subsequent firmware release : after the one including Openvpn ?
Have you already upgraded to the new 1.2.0 firmware?
I checked my ER605 v1, the Ikev2 has been supported with the 1.2.0 firmware upgrade.
- Copy Link
- Report Inappropriate Content
@Fae Thanks Fae, you're right, it's present !
Unfortunately I can't manage to establish a client to LAN VPN connection with IKev2 (and neither with IKev1), but I think it's probably due to my limited network skills.
I Don't have any issue to setup L2TP or Openvpn client to LAN connections, but I don't find a way to define correct Ipsec settings and make it work to connect with IKev2. And I did not find clear enough (for me :-)) tutorials to do it.
So I will stay with Openvpn which is a priori a good solution also (except if I finally manage one day to setup Ipsec correctly ;-)), though I would have preferred not to have to install dedicated software on remote clients.
Benjamin
Complement on Feb 20th :
@Fae : while I was struggling to make an Ipsec policy work (which I did not manage unfortunately), I asked myself 2 questions :
- Can the L2TP/IPsec VPN mode work with the IKev2 protocol, and not IKev1 ? it would solve my problem I think.
- When trying to setup an Ipsec policy with Ikev2 protocol, for the VPN IP Pool definition it seems that it's not possible to use the same segment than the router LAN port, which would be an issue for me, and a pity because now with L2TP/Ipsec and Openvpn methods, it is possible. Do you confirm ?
Thanks in advance,
Benjamin
- Copy Link
- Report Inappropriate Content
@Fae Hi Fae, sorry to come back to this topic, but I still don't manage to make Ikev2 work with my router used in standalone :-(
Just 2 questions :
1 - does L2TP/Ipsec vpn mode use the Ikev1, or Ikev2 standard ? (now that Ikev2 is available in standalone mode). If Ikev2 is used, I think it answers my need. And if not, do you think it could be implemented in a next firmware ? (Ikev2 is more secure than IKev1, it includes NAT traversal functionality, and it does not require a dedicated client software as OpenVPN, so I think it would be very useful).
2 - I have difficulties to make my Ipsec policy work, as you can see in https://community.tp-link.com/en/business/forum/topic/534444. My last attemps seem to show that the phase 1 / phase 2 strategies pre-defined by the router do not match with the ones expected by Windows 10 (and possibly by my iPhone). Would you have any advice on what to select, to make it work both for my PC operating Windows 10, and my iPhone operating iOS 15.3.1 ?
Many thanks in advance !
Benjamin
- Copy Link
- Report Inappropriate Content
I've upgraded the firmware on my ER605 which is in standalone mode, could you give an example of what the configuration should look like for the OpenVPN server tab?
I'm a bit confused as to what goes in the local network and IP pool fields as the field after the / has only 2 characters.
Thanks!
- Copy Link
- Report Inappropriate Content
@Davey_boy hi, for local subnet, it could look like either 192.168.0.0/24 or 192.168.1.0/24, depending on how you defined your lan.
24 means you can have 2^(32-24) = 2^8=256 IP's, corresponding to the last byte value (more precisely 255 from 1 to 255, 0 having a specific use).
For the IP pool, you can set it as follows :
192.168.x.y/z, with :
x = 0 or 1 in my examples - to be set according to your lan definition
y is the starting value of the range
z is set to define the number of IP's of the pool, which is 2^(32-z). If z=32, then only 1 IP possible (y, in this case). If z=31, then 2 IP's. If z=30, then 4 IP's, etc. If you set x to match with your lan subnet (can be useful to ease access to the equipment on your lan), then you will have to set y and z so that this pool does not interfere with already used ranges (e.g. DHCP, static IP's you use,...).
I hope it is clear enough.
In my case, following values work perfectly:
local subnet: 192.168.0.0/24
ip pool : 192.168.0.100/29 (meaning a pool of 8 IP's starting from 192.168.0.100).
Benjamin
- Copy Link
- Report Inappropriate Content
Information
Helpful: 13
Views: 7570
Replies: 22