OpenVPN and Site to Site Connection

OpenVPN and Site to Site Connection

OpenVPN and Site to Site Connection
OpenVPN and Site to Site Connection
2024-01-17 06:45:20 - last edited 2024-01-23 08:50:53
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version:

Hi,

 

I encounter issue to allow openvpn client to access branch.

 

The idea is to allow user accessing branch via OpenVPN that connected to HQ

 

My current config

 

Site to Site VPN (IPSec)

From HQ to Branch

 

OpenVPN.

From outside/client to HQ.

 

 

HQ: 175.139.x.x

Local IP: 192.168.1.0/24

 

Branch OCI: 168.138.x.x

Local IP: 10.2.0.0/16, 10.3.0.0/16, 10.4.0.0/19

 

OpenVPN

192.168.10.0

 

But from user whos using openvpn, client unable to ping/remote.

 

Not sure what left need to configure.

  0      
  0      
#1
Options
2 Accepted Solutions
Re:OpenVPN and Site to Site Connection-Solution
2024-01-22 09:18:58 - last edited 2024-01-23 08:50:55

Hi @AmirulRahman 

Thanks for posting in our business forum.

AmirulRahman wrote

  @MR.S 

 

Did all the suggested but I still unable to ping from Client to branch.

 

Thanks btw.

 

Seem must be something to do in client.ovpn setting.

I added both local ip: 192.168.1.0 and 192.168.10.0

The question is in your OVPN setup, Local Networks, do you have these subnets selected? That's why my setup guide recommends you use WireGuard. In OVPN server, you might not have the available networks. If these subnets are excluded in the Local Networks, you don't have the proper routings so you cannot access the branch subnets.

 

You might create the VLAN interfaces yourself to make it available to pick in the Local Networks but this is something I cannot recall effective or not. I remember I suggested this before but not sure about this anymore. Anyway, I'd prefer/recommend WG in this situation.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
Recommended Solution
  0  
  0  
#4
Options
Re:OpenVPN and Site to Site Connection-Solution
2024-01-23 08:39:12 - last edited 2024-01-23 08:50:53

 Hi @Clive_A

 

Actually, your guide is correct. After a few days of rest, slowly look back at all the configurations included on the branch site.

 

I realize a few things about the branch site router.

1. I haven't allowed my OpenVPN ports 1199 and 1194

2. I haven't allowed local VPN IP (192.168.10.0/24).

 

On client vpn, wrongly put the IP address. Supposing you add the branch subnet

1. route 10.2.0.0 255.255.0.0

2. route 10.3.0.0 255.255.0.0

3. route 10.4.0.0 255.255.0.0

 

After that, everything worked like charms.

 

Thanks again.

 

Recommended Solution
  1  
  1  
#5
Options
4 Reply
Re:OpenVPN and Site to Site Connection
2024-01-17 10:15:25

  @AmirulRahman 

 

@Clive_A have this guide. this is for wireguard but should also work with OpenVPN I guess. jump down to step 3

 

https://community.tp-link.com/en/business/forum/topic/647042

  0  
  0  
#2
Options
Re:OpenVPN and Site to Site Connection
2024-01-18 08:24:19

  @MR.S 

 

Did all the suggested but I still unable to ping from Client to branch.

 

Thanks btw.

 

Seem must be something to do in client.ovpn setting.

I added both local ip: 192.168.1.0 and 192.168.10.0

  0  
  0  
#3
Options
Re:OpenVPN and Site to Site Connection-Solution
2024-01-22 09:18:58 - last edited 2024-01-23 08:50:55

Hi @AmirulRahman 

Thanks for posting in our business forum.

AmirulRahman wrote

  @MR.S 

 

Did all the suggested but I still unable to ping from Client to branch.

 

Thanks btw.

 

Seem must be something to do in client.ovpn setting.

I added both local ip: 192.168.1.0 and 192.168.10.0

The question is in your OVPN setup, Local Networks, do you have these subnets selected? That's why my setup guide recommends you use WireGuard. In OVPN server, you might not have the available networks. If these subnets are excluded in the Local Networks, you don't have the proper routings so you cannot access the branch subnets.

 

You might create the VLAN interfaces yourself to make it available to pick in the Local Networks but this is something I cannot recall effective or not. I remember I suggested this before but not sure about this anymore. Anyway, I'd prefer/recommend WG in this situation.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
Recommended Solution
  0  
  0  
#4
Options
Re:OpenVPN and Site to Site Connection-Solution
2024-01-23 08:39:12 - last edited 2024-01-23 08:50:53

 Hi @Clive_A

 

Actually, your guide is correct. After a few days of rest, slowly look back at all the configurations included on the branch site.

 

I realize a few things about the branch site router.

1. I haven't allowed my OpenVPN ports 1199 and 1194

2. I haven't allowed local VPN IP (192.168.10.0/24).

 

On client vpn, wrongly put the IP address. Supposing you add the branch subnet

1. route 10.2.0.0 255.255.0.0

2. route 10.3.0.0 255.255.0.0

3. route 10.4.0.0 255.255.0.0

 

After that, everything worked like charms.

 

Thanks again.

 

Recommended Solution
  1  
  1  
#5
Options