Creating a VPN between ER605 router and an OpenVPN Access Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Creating a VPN between ER605 router and an OpenVPN Access Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Creating a VPN between ER605 router and an OpenVPN Access Server
Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-15 23:46:14
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.0

Hi everyone, 

 

I need to connect a client site with an ER605 router (managed by an OC200 controller) to an OpenVPN Access Server hosted in Azure. 

 

There is nothing particularly complicated about the config and I can create the VPN on the ER605 successfully but it does not connect or appear to attempt to connect in the OpenVPN server logs despite the connection file appearing to be ok. 

 

Other data points

- I can take a connection profile and load it into OpenVPN Connect client and it works fine. 

- The same issue is happening on other ER605's that I try

 

It seems like the ER605 isn't trying to initiate the connection and I have no idea why. Any ideas, I would very much appreciate. 

 

File:
ER605 config.pngDownload
  0      
  0      
#1
Options
7 Reply
Re:Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-16 04:21:14

  @ChuckyP 

 

There are problems with tp-link routers if the server is not installed with OpenVPN 2.4 or older client compatibility, tp-link is unable to connect if the server is newer than verion 2.4. it took a long time and many installations before I realized that I had to install the server this way. I had a choice to install server with OpenVPN 2.4 and older client support and when I do that router connect up..

 

I'm no expert on OpenVPN so I use pivpn, (OpenVPN for dummies) easy installation

 

 

 

 

  2  
  2  
#2
Options
Re:Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-17 15:31:33 - last edited 2023-07-17 15:31:50

  @MR.S 

This might explain the issues I'm describing in this thread. Did you actually install 2.4 server version?

I tried the pivpn script you mentioned on my Debian Bullseye VPS. But it installed 2.6.x server.

Got some certificate issue trying to connect (tried from different client).

  0  
  0  
#3
Options
Re:Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-17 15:42:00

  @flips01 

 

when I installed I chose 2.4 or older compatibility, this was a choice I got during the installation. don't remember all the details in the screenshots

 

  0  
  0  
#4
Options
Re:Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-17 15:51:36 - last edited 2023-07-17 16:00:58

  @flips01 

 

I did a quick test on an ubuntu server I have, here are the changes that are not deafult

 

 

 

If you have ER8411 you have to install with TCP not UDP.

 

Create user with nopass. and import ovpn file in router.

  0  
  0  
#5
Options
Re:Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-17 17:49:48

  @ChuckyP 

Ah, thanks! It seems the trick (for my ER605v2) was to select TCP ... (Well, now I see some activity in the server log, not really seeing response yet, but hey ... progress, will dig a bit more soon.) :-)

  0  
  0  
#6
Options
Re:Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-17 22:07:36 - last edited 2023-07-17 22:51:57

  @ChuckyP well, it's not working, but something is registering when the Omada ER605v2 tries to connect:

 

2023-07-18T01:02:22.251874+02:00 myserver ovpn-server[598]: TCP connection established with [AF_INET](redacted IP):6662
2023-07-18T01:02:23.191249+02:00 myserver ovpn-server[598]: (redacted IP):6662 TLS: Initial packet from [AF_INET](redacted IP):6662, sid=5a79cb4a b43c1349
2023-07-18T01:02:23.494572+02:00 myserver ovpn-server[598]: (redacted IP):6662 Connection reset, restarting [-1]
2023-07-18T01:02:23.495252+02:00 myserver ovpn-server[598]: (redacted IP):6662 SIGUSR1[soft,connection-reset] received, client-instance restarting

 

So, not working, but getting closer. I tried fiddling with settings, but OpenVPN is not really something I know very well.

I wish the Omada GUI will get better logging/debugging for what's happening/not happening ... Or also Wireguard client-to-server setup.

 

Edit:

Seems it was multiple challenges: I fixed NTP on the server, reinstalled everything, then ended up with some no common data ciphers error.

So I added this to the server config file:

  data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
  data-ciphers-fallback AES-256-CBC
  tls-version-min 1.0

 

So now I have connection. I do have to setup some routing or something, but connection is made.laugh

And it actually shows up under Insight --> VPN clients for OpenVPN

  1  
  1  
#7
Options
Re:Creating a VPN between ER605 router and an OpenVPN Access Server
2023-07-18 10:31:23

Hi everyone, thanks for all the tips. I do wish TP-Link would weigh in on this and fix connectivity to modern versions of OpenVPN 2.4+... 

 

I will try Pivpn as suggested. 

  0  
  0  
#8
Options