Creating a VPN between ER605 router and an OpenVPN Access Server
Hi everyone,
I need to connect a client site with an ER605 router (managed by an OC200 controller) to an OpenVPN Access Server hosted in Azure.
There is nothing particularly complicated about the config and I can create the VPN on the ER605 successfully but it does not connect or appear to attempt to connect in the OpenVPN server logs despite the connection file appearing to be ok.
Other data points
- I can take a connection profile and load it into OpenVPN Connect client and it works fine.
- The same issue is happening on other ER605's that I try
It seems like the ER605 isn't trying to initiate the connection and I have no idea why. Any ideas, I would very much appreciate.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
There are problems with tp-link routers if the server is not installed with OpenVPN 2.4 or older client compatibility, tp-link is unable to connect if the server is newer than verion 2.4. it took a long time and many installations before I realized that I had to install the server this way. I had a choice to install server with OpenVPN 2.4 and older client support and when I do that router connect up..
I'm no expert on OpenVPN so I use pivpn, (OpenVPN for dummies) easy installation
- Copy Link
- Report Inappropriate Content
This might explain the issues I'm describing in this thread. Did you actually install 2.4 server version?
I tried the pivpn script you mentioned on my Debian Bullseye VPS. But it installed 2.6.x server.
Got some certificate issue trying to connect (tried from different client).
- Copy Link
- Report Inappropriate Content
when I installed I chose 2.4 or older compatibility, this was a choice I got during the installation. don't remember all the details in the screenshots
- Copy Link
- Report Inappropriate Content
I did a quick test on an ubuntu server I have, here are the changes that are not deafult
If you have ER8411 you have to install with TCP not UDP.
Create user with nopass. and import ovpn file in router.
- Copy Link
- Report Inappropriate Content
Ah, thanks! It seems the trick (for my ER605v2) was to select TCP ... (Well, now I see some activity in the server log, not really seeing response yet, but hey ... progress, will dig a bit more soon.) :-)
- Copy Link
- Report Inappropriate Content
@ChuckyP well, it's not working, but something is registering when the Omada ER605v2 tries to connect:
2023-07-18T01:02:22.251874+02:00 myserver ovpn-server[598]: TCP connection established with [AF_INET](redacted IP):6662
2023-07-18T01:02:23.191249+02:00 myserver ovpn-server[598]: (redacted IP):6662 TLS: Initial packet from [AF_INET](redacted IP):6662, sid=5a79cb4a b43c1349
2023-07-18T01:02:23.494572+02:00 myserver ovpn-server[598]: (redacted IP):6662 Connection reset, restarting [-1]
2023-07-18T01:02:23.495252+02:00 myserver ovpn-server[598]: (redacted IP):6662 SIGUSR1[soft,connection-reset] received, client-instance restarting
So, not working, but getting closer. I tried fiddling with settings, but OpenVPN is not really something I know very well.
I wish the Omada GUI will get better logging/debugging for what's happening/not happening ... Or also Wireguard client-to-server setup.
Edit:
Seems it was multiple challenges: I fixed NTP on the server, reinstalled everything, then ended up with some no common data ciphers error.
So I added this to the server config file:
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
tls-version-min 1.0
So now I have connection. I do have to setup some routing or something, but connection is made.
And it actually shows up under Insight --> VPN clients for OpenVPN
- Copy Link
- Report Inappropriate Content
Hi everyone, thanks for all the tips. I do wish TP-Link would weigh in on this and fix connectivity to modern versions of OpenVPN 2.4+...
I will try Pivpn as suggested.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1163
Replies: 7
Voters 0
No one has voted for it yet.