ER605 OpenVPN Reach LAN Devices

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 OpenVPN Reach LAN Devices

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 OpenVPN Reach LAN Devices
ER605 OpenVPN Reach LAN Devices
2023-12-14 18:34:07
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.2 Build 20231017 Rel.68869

Hello to all,

I just bought one ER605 and the main idea is to create  OpenVPN to my home LAN and if it works correctly, I will buy other Omada devices to complete the network.

The OpenVPN Configuration was easy but with the standard configuration i can reach the ER605 but no other devices on my network, such as a printer, NAS or Home assistant.

After some tries, I set the push IP address to the same range as the LAN and like this, I can reach all devices.

 

According to good practice this configuration is not okay. Is there a different way to make this configuration.

 

Please give me some help on this.

  0      
  0      
#1
Options
4 Reply
Re:ER605 OpenVPN Reach LAN Devices
2023-12-15 03:45:13 - last edited 2023-12-15 03:46:52

Hi @Castro05 

Thanks for posting in our business forum.

I cannot help you with this until you offer your config and topology. If you set them correctly, you should access them with no issues.

And what is the "push IP" you refer to?

 

Castro05 wrote

The OpenVPN Configuration was easy but with the standard configuration i can reach the ER605 but no other devices on my network, such as a printer, NAS or Home assistant.

 Fun fact, VPN IP usually gets blocked by the firewall. Have you ruled out the firewall?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER605 OpenVPN Reach LAN Devices
2023-12-15 11:08:58

 Hi @Clive_A, Thanks for your answer.

This is my Topology 

 

This is My Configuration  

 

 

 

Regarding "Push IP" I mean IP POOL.

 

If I change if to a different range outside the LAN range, I can't reach the NAS or home assistant or Printer.

 

Also on the OpenVPN Client side, I Notice that in all configuration cases I receive "route addition failed ", Please see below

 

 

2023-12-15 10:51:12 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2023-12-15 10:51:12 OpenVPN 2.5.9 [git:v2.5.9/ea4ce681d9008f27] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 15 2023
2023-12-15 10:51:12 Windows version 10.0 (Windows 10 or greater) 64bit
2023-12-15 10:51:12 library versions: OpenSSL 1.1.1t  7 Feb 2023, LZO 2.10
2023-12-15 10:51:23 TCP/UDP: Preserving recently used remote address: [AF_INET]82.155.122.230:1185
2023-12-15 10:51:23 UDP link local: (not bound)
2023-12-15 10:51:23 UDP link remote: [AF_INET]82.155.122.230:1185
2023-12-15 10:51:23 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-12-15 10:51:23 [server_server0] Peer Connection Initiated with [AF_INET]82.155.122.230:1185
2023-12-15 10:51:25 open_tun
2023-12-15 10:51:25 tap-windows6 device [OpenVPN_TAP_03] opened
2023-12-15 10:51:25 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.10.6/255.255.255.252 on interface {AB60D0AD-04D8-4B20-8D44-084753D9E3A5} [DHCP-serv: 192.168.10.5, lease-time: 31536000]
2023-12-15 10:51:25 Successful ARP Flush on interface [39] {AB60D0AD-04D8-4B20-8D44-084753D9E3A5}
2023-12-15 10:51:25 IPv4 MTU set to 1500 on interface 39 using service
2023-12-15 10:51:30 ROUTE: route addition failed using service: O objeto já existe.   [status=5010 if_index=39]
2023-12-15 10:51:30 ROUTE: route addition failed using service: O objeto já existe.   [status=5010 if_index=39]
2023-12-15 10:51:30 Initialization Sequence Completed

 

I would like to get it running as it should be, could you please HELP? 

If you need more data, please feel free to ask.

 

 

 

  0  
  0  
#3
Options
Re:ER605 OpenVPN Reach LAN Devices
2023-12-17 09:59:47
The ER-605 does not have any kind of openvpn logging. It's important, but not for the tp-link team. You need to set static routing on your client machine for the router's internal network or select full mode (so all internet traffic will go through the ER-605) and you will be able to see the router's internal network…
  0  
  0  
#4
Options
Re:ER605 OpenVPN Reach LAN Devices
2023-12-18 01:11:09 - last edited 2023-12-18 01:12:03

Hi @Castro05 

Thanks for posting in our business forum.

Castro05 wrote

 Hi @Clive_A, Thanks for your answer.

This is my Topology

 

This is My Configuration 

 

 

 

Regarding "Push IP" I mean IP POOL.

 

If I change if to a different range outside the LAN range, I can't reach the NAS or home assistant or Printer.

 

Also on the OpenVPN Client side, I Notice that in all configuration cases I receive "route addition failed ", Please see below

 

2023-12-15 10:51:12 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2023-12-15 10:51:12 OpenVPN 2.5.9 [git:v2.5.9/ea4ce681d9008f27] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 15 2023
2023-12-15 10:51:12 Windows version 10.0 (Windows 10 or greater) 64bit
2023-12-15 10:51:12 library versions: OpenSSL 1.1.1t  7 Feb 2023, LZO 2.10
2023-12-15 10:51:23 TCP/UDP: Preserving recently used remote address: [AF_INET]82.155.122.230:1185
2023-12-15 10:51:23 UDP link local: (not bound)
2023-12-15 10:51:23 UDP link remote: [AF_INET]
2023-12-15 10:51:23 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-12-15 10:51:23 [server_server0] Peer Connection Initiated with [AF_INET]
2023-12-15 10:51:25 open_tun
2023-12-15 10:51:25 tap-windows6 device [OpenVPN_TAP_03] opened
2023-12-15 10:51:25 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.10.6/255.255.255.252 on interface {AB60D0AD-04D8-4B20-8D44-084753D9E3A5} [DHCP-serv: 192.168.10.5, lease-time: 31536000]
2023-12-15 10:51:25 Successful ARP Flush on interface [39] {AB60D0AD-04D8-4B20-8D44-084753D9E3A5}
2023-12-15 10:51:25 IPv4 MTU set to 1500 on interface 39 using service
2023-12-15 10:51:30 ROUTE: route addition failed using service: O objeto já existe.   [status=5010 if_index=39]
2023-12-15 10:51:30 ROUTE: route addition failed using service: O objeto já existe.   [status=5010 if_index=39]
2023-12-15 10:51:30 Initialization Sequence Completed

 

I would like to get it running as it should be, could you please HELP? 

If you need more data, please feel free to ask.

 

 

 

Have you tried to ping the gateway IP 192.168.10.254 while you are connected to the OVPN? When the OVPN IP Pool is placed in a different subnet.

I don't recall it would be a problem if you set the IP to a different range.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options