Two ER605 L2PT server and client configuration

Two ER605 L2PT server and client configuration

Two ER605 L2PT server and client configuration
Two ER605 L2PT server and client configuration
2022-07-18 09:20:09 - last edited 2022-07-18 09:25:28
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.1


i am trying to configure two ER605.

one as L2pT server on site with real static IPv4

one as L2PT client on site without real IPv4 (probably behind ISP NAT and etc; there is no upstream modem. WAN connection is PPPoE).


Both under same Omada Software Controller but in different controller Sites.


remote (client) ER605 and devices are using "inform controller ip" feature to connect to omada controller behind primary ER605.



options for auto/manual ipsec with site-to-site L2PT are not possible because of not real ip address on remote site.


I have working L2PT server on primary ER605 with user i am using to connect remotely.

I created second VPN user under same server to use as credentials in remote ER605 client-to-site l2pt policy.

I tried VPN user as Network extension and regular client.

i tried remote policy as NAT and routing . I think routing should be correct one in my case ?


While i see on both sites VPN connection from controller "Insights -> VPN status"

i cannot make it to route traffic.

on remote site i see L2PT policy as static route next hop interface but on primary site i cannot configure any routing policy because i do not see connected client.

probably i am missing something but i have no idea what to check or what to try.




My target is to have access to devices behind remote ER605 when i am connected to primary ER605.

When physically behind remote  #R605 it will be nice to be able to access devices behind primary ER605

basically two way LAN access while everything not local => WAN as usual.


on primary site i have network as my LAN and L2PT server pool

on remote site LAN network is

when L2PT is connected i can see on remote site routing line 192.168.2.X to interface "l2pt client"

when L2PT client is connected i see on master site routing line 192.168.2.x to interface ppp(1,2,3,n)


1 Reply
Re:Two ER605 L2PT server and client configuration
2022-07-18 13:47:29 - last edited 2022-07-18 13:53:11



You absolutely can do this, it's exactly what I am doing and my client site is PPPoE as well.  You don't need to manually do any routes, the controller will take care of all this, but you do need to identify the subnets that are 'routable', you cannot have overlapping IP ranges, and the IP's you pick for the tunnel can be anything as they are never directly used by you.  I recently posted some screen grabs from my setup for another user....I'll try to link that here.


EDIT:  check out my posts in this thread


EDIT2: if one of your connections is a Starlink, you need to disable encryption on the link as Elon doesn't pass ESP packets.