OpenVPN Client-to-Site routing all traffic through VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

OpenVPN Client-to-Site routing all traffic through VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
17 Reply
Re:OpenVPN Client-to-Site routing all traffic through VPN
2022-10-18 17:09:22

  @SingletrackMind 

 

"Unfortunately, now the ER7206 doesn't support this function.

Upon checking with the related department, the Controller V5.8 will add this feature. And the supported firmware of the ER7206 is planned to be released on the official website at the end of the year."

 

This is what I got from Support when asking the same thing.  

I can not teach anyone anything - I can only make them think - Socrates
  0  
  0  
#14
Options
Re:OpenVPN Client-to-Site routing all traffic through VPN
2022-11-01 19:54:38

  @Mvdput 

Requesting to add this feature as early as possible. I bought tp link particularly cause of the VPN options. To my surprise, you cannot route all traffic through the tunnel. This almost half the usefulness of openvpn and the reason why i chose tp link

  1  
  1  
#15
Options
Re:OpenVPN Client-to-Site routing all traffic through VPN
2023-01-18 16:25:49

  @Ashish_AJ 

Has this been resolved?

 

Im also desperate here. 

  0  
  0  
#16
Options
Re:OpenVPN Client-to-Site routing all traffic through VPN
2023-01-18 16:33:11 - last edited 2023-01-18 16:34:38

  @Berney 

 

Pretty sure I saw full tunnel support in the notes for the Windows Controller v5.8.4, unfortunately no good for me as I'm running OC200 and a Synology docker image in my world and I'm not in the mood to stand up some Windows box for a few weeks or months.

 

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#17
Options
Re:OpenVPN Client-to-Site routing all traffic through VPN
2023-01-18 16:42:47

  @Berney 

A reference was made to it in the Windows 5.8.4 controller release notes:

 

10. Added support for the following features to Omada Gateway, which requires firmware updates to be released later. Some Omada Gateway models may not support all features, details will be listed in the release notes of new firmware.

  • Full mode for OpenVPN

 

However the release notes for the new ER605 V2 firmware 2.1.0 doesn't call it out:

 

This firmware is fully adapted to Omada SDN Controller 5.8.

New Feature/Enhancement:

  1. Add support GRE function in Standalone mode.

  2. Add stateful ACL.

  3. Add mDNS Repeater .

  4. Add support for setting port speed and duplex mode in Controller mode.

  5. Add support for setting port mirroring in Controller mode.

  6. Optimized the logic of judging Me in ACL. If you need to use ACL to restrict the connection to VPN client, please select Me in Destination. Please note that if Me is included before the upgrade, the client may not be able to access the Web UI after the upgrade.

  7. Add support for displaying the Source IP address of large Ping attack packets.

  8. Add Non-Address mode for IPv6.

  9. Optimized the DNS settings on the WAN side, the WAN side cannot set the DNS Server of the same network segment as the LAN.

  10. Add IP-MAC binding in Controller mode.

  11. Add One-to-One NAT in Controller mode.

  12. DHCP Server's DNS support for adding network addresses.

  13. Add "Certificate + Account" mode for OpenVPN.

  14. Add support to customize DNS server for VPN servers in Controller mode.

  15. Add "Custom IP" type for Local Networks in Controller mode.

  16. Add "IP Address Range" type to VPN IP Pool in Controller mode.

  17. Add support for custom Local IP Address for L2TP/PPTP VPN Users in Controller mode.

  18. Add RIP and OSPF dynamic routing function in Standalone mode.

Notes:

  1. For ER605 v2.0 and v2.6 only.

  2. Your devices configuration wont be lost after upgrading.

 

That said, while I've already upgraded the router firmware, I'm still awaiting the 5.8 controller for Linux to be released so I can't confirm or deny if it's an undocumented addition.  For me though, I've pretty much abandoned OpenVPN anyway because the performance so awful.  It's a little better running from my Synology 220+ but still not the best.  Wireguard is hands down the way to go (which by the way was also called out in the controller release notes but not documented in the router firmware update).  I've run Wireguard on a Pi and now running it on my Synology.  And Wireguard can do full or split tunneling.  On both, clients connect almost instantly and throughput is WAY faster than OpenVPN by a long shot.  The highest I've been able to confirm with Wireguard so far is around 300mb.  OpenVPN isn't anywhere close.  In short, if you have a Pi, a capable NAS, or some random Linux system you can run it on, give Wireguard a try.  There are plenty of articles on getting it running on Pi (using PiVPN) as well as Synology.

  0  
  0  
#18
Options
Re:OpenVPN Client-to-Site routing all traffic through VPN
2023-01-18 17:33:25

  @d0ugmac1 

 

Thanks for the answers. I'm still running standalone mode so I wonder if I just add the redirect-gateway to my client policy will that work. 
 

BTW I'm on ER7206 v1.0 and v1.2.3 FW

  0  
  0  
#19
Options
Re:OpenVPN Client-to-Site routing all traffic through VPN
2023-01-19 15:46:01

ok, this doesn't work I also don't see any mentioning of that in the latest v1.2.3 FW. 

  0  
  0  
#20
Options