ER605 VPN Log showing traffic with 169.254.0.0/16 subnet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 VPN Log showing traffic with 169.254.0.0/16 subnet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
2023-11-22 15:27:29 - last edited 2023-11-28 02:59:47
Tags: #VPN
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.2 Build 20231017 Rel.68869

Hello.  I am struggling with the slow VPN connection with my ER605's.  I have two locations and I set one location (A) to VPN to the other location (B) using L2TP/IPSec so I can manage devices in B from my home in A.  I'm so frustrated of the slowness of my access to devices in B that I looked at the log in the ER605 in B.  (BTW, both ER605 have the same HW and Firmware versions.  The log in B shows that there are traffic requests from subnet 169.254.0.0/16.  That is a subnet for devices which does not know which device that traffic came from!!!  I think this is what's causing the latency in the connection from A to B.

 

What could be causing this?  Shall I change a VPN Protocol?

 

In the latest firmware update, there is now a GRE VPN section but I don't know how to set it to connect location A to B.  Maybe that is a better option for me.

 

Thanks in advance.

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet-Solution
2023-11-27 01:24:40 - last edited 2023-11-28 02:59:47

Hi @firefox111 

Thanks for posting in our business forum.

firefox111 wrote

  @Clive_A 

 

The download I showed were my ISP's actual bandwidth.  I don't download between the two locations (well, sometimes..).  My concern here is when I try to connect to location B's ER605 management web interface from location A, it times out after I enter my login credentials.

It logs out after 6 minutes by default. If you want to change that, (only) in standalone mode, web idle timeout, change that.

 

firefox111 wrote

  @Clive_A 

 

Then looking at location B's ER605 log, I see a management attempt from a 169.254.11.** IP Address!  That is my concern.  Is that why my attempt to manage the ER605 in location B does not go through?

It is okay to see that IP because it is what the firmware writes. I have confirmed it with you in the previous reply.

 

firefox111 wrote

  @Clive_A 

 

Well, I think this discussion is nowhere if no one can explain the 169.254.0.0/16 subnet in the log......

Is there something wrong with the forum server? I did reply to your question regarding this subnet.

Go above and read what's been said on Thursday. It's been explained in that thread linked. That's why I remember it was answered and there is no point in me repeating this to you as there is an explanation.

 

ACL State was added to the previous firmware. Not 2.2.2. It does not make a problem.

 

 

firefox111 wrote

  @Clive_A 

 

There is a discussion of 2.2.2's issue with HTTPS in another thread! Maybe that is my issue!  I updated to 2.2.2 which I donloaded from the normal dowload center page and no warning on the forcing of HTTPS!  Why???? Was 2.2.2 been tested in the lab before a public release?????

When the dev releases this firmware, it never came across their mind that there are people literally turning off the HTTPS. Usually, we recommend you proceed with the HTTPS. Reason why HTTPS, you can Google it - HTTP VS HTTPS. 

 

2.2.2 is a version focusing on security fixes and it changes the security-related settings. So, if you have disabled HTTPS, then there is no way to access it. Refer to the related solution post.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#8
Options
7 Reply
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
2023-11-23 00:59:59 - last edited 2023-11-23 02:44:28

Hi @firefox111 

Thanks for posting in our business forum.

How slow? What is the speed you get? How do you verify and determine it is slow?

How about your ISP speed? Both sites, DL and UL speed.

 

Don't get frustrated before you start to learn about the differences between the models.

Don't get frustrated before you pick a good VPN protocol.

 

About this subnet, screenshot it. Is it in the log?? I don't think so. Did you find it in the Routing Tables?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
2023-11-23 04:11:45 - last edited 2023-11-23 04:21:18

Okay.  I have prepared snippets to show what is happening. Note that the VPN connection is up and established from Location A to Location B with 192.168.5.0/24 in A and 192.168.4.0/24 in B.  I hope these snippets will be accepted by the forum server.

 

I'll show the L2TP VPN configuration of the ER605 in Location A to connect to ER605 in Location B;

The Tunnel List in both A and B;

The speedtest.net statistics of my Internet connections in Location A and B. 

 

Then in Location A, I tried to log in to Location B's ER605 management interface at 2023-11-22 21:19:03.  BTW, I don't even get the management interface.... It just times out.

 

Then finally I remotely logged in to a server in Location B to open the ER605 management interface at 2023-11-22 21:20:44.  As you can see, the IP Address is 169.254.11.22.  Where is B's ER605 getting that?

 

Even coming from an iPad with 5G Cellular connection via L2TP connection to ER605 in B, when I try to open  B's management interface, I just get a round and round cursor and finally times out.  And again, I see the 169.254.*.* IP in the log!

 

Here are the snippets:

 

  0  
  0  
#3
Options
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
2023-11-23 04:14:18 - last edited 2023-11-23 05:34:36

  Here's the Log list in B's ER605.

 

======= How come the forum server is removing the snippet for the log????

Do I have to reduce the size of the snippet?

====================================================

 

Well, I give up!  I cannot attach the snippet for the Log list.

 

  0  
  0  
#4
Options
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
2023-11-23 06:58:59 - last edited 2023-11-23 06:59:32

Hi @firefox111 

Thanks for posting in our business forum.

In regard to 169.254/16, I remember this is answered. So, indeed, there is a link: https://community.tp-link.com/en/business/forum/topic/274578

 

So, if you download files based on the speed test you gave at A, and DL file from B, you get a 10Mbps max. At B, download from A, you get 50.

 

How slow is your VPN speed?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
2023-11-24 16:26:15

  @Clive_A 

 

The download I showed were my ISP's actual bandwidth.  I don't download between the two locations (well, sometimes..).  My concern here is when I try to connect to location B's ER605 management web interface from location A, it times out after I enter my login credentials.  Then looking at location B's ER605 log, I see a management attempt from a 169.254.11.** IP Address!  That is my concern.  Is that why my attempt to manage the ER605 in location B does not go through?

 

I noticed after I updated the firmware of both ER605 to 2.2.2 Build 20231017 Rel.68869, my connections to devices (cameras, home assistant, access point, server, etc..) have slowed down!

 

The latest update brought more features and functions: USB can now be a Storage for automated backup, there is a GRE VPN option, in the Firewall "Access Control" there is now option for "Stat: New, Established, Invalid, or Related", etc.. This new "Access Control" option left all my rules to have nothing in the "State" option.  Is that going to be a problem???

 

Well, I think this discussion is nowhere if no one can explain the 169.254.0.0/16 subnet in the log......

  0  
  0  
#6
Options
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
2023-11-24 17:46:08

  @Clive_A 

 

There is a discussion of 2.2.2's issue with HTTPS in another thread! Maybe that is my issue!  I updated to 2.2.2 which I donloaded from the normal dowload center page and no warning on the forcing of HTTPS!  Why???? Was 2.2.2 been tested in the lab before a public release?????

  0  
  0  
#7
Options
Re:ER605 VPN Log showing traffic with 169.254.0.0/16 subnet-Solution
2023-11-27 01:24:40 - last edited 2023-11-28 02:59:47

Hi @firefox111 

Thanks for posting in our business forum.

firefox111 wrote

  @Clive_A 

 

The download I showed were my ISP's actual bandwidth.  I don't download between the two locations (well, sometimes..).  My concern here is when I try to connect to location B's ER605 management web interface from location A, it times out after I enter my login credentials.

It logs out after 6 minutes by default. If you want to change that, (only) in standalone mode, web idle timeout, change that.

 

firefox111 wrote

  @Clive_A 

 

Then looking at location B's ER605 log, I see a management attempt from a 169.254.11.** IP Address!  That is my concern.  Is that why my attempt to manage the ER605 in location B does not go through?

It is okay to see that IP because it is what the firmware writes. I have confirmed it with you in the previous reply.

 

firefox111 wrote

  @Clive_A 

 

Well, I think this discussion is nowhere if no one can explain the 169.254.0.0/16 subnet in the log......

Is there something wrong with the forum server? I did reply to your question regarding this subnet.

Go above and read what's been said on Thursday. It's been explained in that thread linked. That's why I remember it was answered and there is no point in me repeating this to you as there is an explanation.

 

ACL State was added to the previous firmware. Not 2.2.2. It does not make a problem.

 

 

firefox111 wrote

  @Clive_A 

 

There is a discussion of 2.2.2's issue with HTTPS in another thread! Maybe that is my issue!  I updated to 2.2.2 which I donloaded from the normal dowload center page and no warning on the forcing of HTTPS!  Why???? Was 2.2.2 been tested in the lab before a public release?????

When the dev releases this firmware, it never came across their mind that there are people literally turning off the HTTPS. Usually, we recommend you proceed with the HTTPS. Reason why HTTPS, you can Google it - HTTP VS HTTPS. 

 

2.2.2 is a version focusing on security fixes and it changes the security-related settings. So, if you have disabled HTTPS, then there is no way to access it. Refer to the related solution post.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#8
Options