Site2Site VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Site2Site VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Site2Site VPN
Site2Site VPN
2022-04-07 08:53:37 - last edited 2022-04-07 14:35:13
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0

Hi everybody,

 

I am trying to create a Site2Site VPN using two ER605 routers connected to an Omada controller.
This is a description of my network

 

Site A: Controller + ER605 with Public IP

<Internet>

Site B: ER605 with Private IP
 

Is there a way to create a Site2Site VPN? Or do I need both sites to have a public IP?

 

Thank you for your help

  0      
  0      
#1
Options
1 Accepted Solution
Re:Site2Site VPN-Solution
2022-04-07 13:05:15 - last edited 2022-04-07 14:35:13

  @Birillo 

 

Remote gateway is your public wan ip on remote site.

if i guess you have a home router that you want to connect to work router. 

 

so in your home network you probably have a router fom network provider, this wan ip should you use. (you find your public ip with whatip,net in your browser)

 

if you have dynamic ip on WAN you also need to use No-Ip or other supported ddns services.

 

I use for the most iniator on both site. in your case you can use home network as iniator.

 

if you don't have ddns aviable is the easiest to use L2TP site to site. (as I described earlier) then you only need public ip on one site.

 

 

Recommended Solution
  0  
  0  
#4
Options
3 Reply
Re:Site2Site VPN
2022-04-07 09:04:26 - last edited 2022-04-07 09:24:34

  @Birillo 

 

No problem, but you have to use Local ID Type and Remote ID Type in IPsec configuration.

 

e.g. Local ID Type=Site-A and Remote ID Type=Site-B and opposit in the other site.

 

You can also use L2TP site to site (RoutingMode) then you have to create a VPN user with Network Extension Mode

L2TP server is on site with public ip, L2TP client on site with privat ip.

 

More information on Page 127 in VPN Section

Omada SDN UserGuide

 

Or Page 112 on Router User Guide

Router User Guide

 

 

 

 

  0  
  0  
#2
Options
Re:Site2Site VPN
2022-04-07 11:16:38

Hi @shberge ,
Thanks a lot for your help.

 

I have been able to configure the VPN using L2TP.

But I am curious to understand what I am doing wrong with IPSec site2site.
I am sorry but I am not so familiar with this type of VPN.

 

Can you please clarify what should I put as Remote Gateway on both sides?
I assume one side will have the public IP of the other network?
What about the gateway of the network with the private IP?

Should only one side be the initiator?

 

Thank you

  0  
  0  
#3
Options
Re:Site2Site VPN-Solution
2022-04-07 13:05:15 - last edited 2022-04-07 14:35:13

  @Birillo 

 

Remote gateway is your public wan ip on remote site.

if i guess you have a home router that you want to connect to work router. 

 

so in your home network you probably have a router fom network provider, this wan ip should you use. (you find your public ip with whatip,net in your browser)

 

if you have dynamic ip on WAN you also need to use No-Ip or other supported ddns services.

 

I use for the most iniator on both site. in your case you can use home network as iniator.

 

if you don't have ddns aviable is the easiest to use L2TP site to site. (as I described earlier) then you only need public ip on one site.

 

 

Recommended Solution
  0  
  0  
#4
Options