internnet connectivity is not possible for IPSEC remote connection laptops

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

internnet connectivity is not possible for IPSEC remote connection laptops

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
internnet connectivity is not possible for IPSEC remote connection laptops
internnet connectivity is not possible for IPSEC remote connection laptops
2024-02-09 15:23:08 - last edited 2024-02-14 09:00:52
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2

Hello,

 

I am able to establish remote VPN IPSEC Tunnel (client to LAN). Hence, ER605 assigning IP address 10.0.10.2 to remote workstation.

 

However,  internet connectivity  from 10.0.10.2 through ER605 is not possible.

 

Note that networks connected to LAN are able to connect to internet (WAN interface is up and running).

 

Appreciate the support.

 

Best Regards.

  0      
  0      
#1
Options
1 Accepted Solution
Re:internnet connectivity is not possible for IPSEC remote connection laptops-Solution
2024-02-14 09:00:34 - last edited 2024-02-14 09:00:52

  @Lb_Maverick 

Lb_Maverick wrote

  @Tedd404 

 

Thank you  for the feedback.

 

As ER605 does not support IPSEC, will need to go for an alternate solutions.

 

Thus, ER605 is not a recomended platform, price / feature ratio is HIGH.

 

Have a great day.

Tedd404 wrote

  @Lb_Maverick 

There is no proxy mode for IPsec. Use a  different one.

 

I think you might misunderstand what Tedd wrote. He means there is no such a function for IPsec. And this is what we have now.

And I am not aware of anything about IPsec VPN as a proxy server. It would usually be used for site-to-site connection. If in client-to-site, it would be access the local resources instead of proxy.

 

Or you might wanna express that you want to use L2TP over IPsec? That's a thing that exists in this world. Just use the L2TP and use encryption in the server setup. That's it.

 

If you think it does not fit your use case or scenario, please return it within the return window timely. Be sure to send everything that comes with the package back.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#6
Options
6 Reply
Re:internnet connectivity is not possible for IPSEC remote connection laptops
2024-02-10 03:44:29

Hi  @Lb_Maverick 

Are you trying to set up proxy? With IPsec??

Just say if you can ping the remote subnet, the LAN, the default gateway of the router. The result, screenshot, please.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:internnet connectivity is not possible for IPSEC remote connection laptops
2024-02-10 07:09:26 - last edited 2024-02-10 07:47:36

  @Clive_A 

 

Hello,

 

Yes, setup to have IPSEC server as proxy. That is:

 

  • Remote user establish an IPSEC VPN tunnel to ER605
  • Once tunnel is up, remote client to have access to local LAN (192.168.251.0 / 24) & internet access ( Internet traffic from and to remote client to go through IPSEC tunnel,  via ER605 WAN interface to internet).

 

With the current ER605 setup, once IPSEC  Tunnel is successfully established, remote client is assigned an IP from IP Pool 10.0.10.0/24:

 

  • Remote client is able to ping LAN 192.168.251.0/24
  • Remote client is not able to ping WAN interface (192.168.77.2)
  • Remote client is not able to ping 192.168.77.1 (Gateway)
  • Remote client has no access to internet (through IPSEC tunnel).

 

It is worth noting that Local LAN 192.168.251.0/24 LAN can access internet through the WAN port  

 

Below print screen of:

  • ER605, System Status, WAN, LAN & IPSEC setup
  • Ping, IPCONFIG & Print Route from remote client (With IPSEC tunnel established)

 

 

ER605 System Status

 

 

 

 

WAN Setup

 

 

 

 

 

LAN Setup:

 

 

 

VPS Setup

 

 

 

Ping from Remote Client (IPSEC established successfully)

 

IPCONFIG on Remote Client (IPSEC established successfully)

 

 

 

Route print at Remote Client (IPSEC established successfully)

 

 

 

 

  0  
  0  
#3
Options
Re:internnet connectivity is not possible for IPSEC remote connection laptops
2024-02-11 12:22:16

  @Lb_Maverick 

There is no proxy mode for IPsec. Use a  different one.

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#4
Options
Re:internnet connectivity is not possible for IPSEC remote connection laptops
2024-02-14 07:01:42

  @Tedd404 

 

Thank you  for the feedback.

 

As ER605 does not support IPSEC, will need to go for an alternate solutions.

 

Thus, ER605 is not a recomended platform, price / feature ratio is HIGH.

 

Have a great day.

Tedd404 wrote

  @Lb_Maverick 

There is no proxy mode for IPsec. Use a  different one.

 

  0  
  0  
#5
Options
Re:internnet connectivity is not possible for IPSEC remote connection laptops-Solution
2024-02-14 09:00:34 - last edited 2024-02-14 09:00:52

  @Lb_Maverick 

Lb_Maverick wrote

  @Tedd404 

 

Thank you  for the feedback.

 

As ER605 does not support IPSEC, will need to go for an alternate solutions.

 

Thus, ER605 is not a recomended platform, price / feature ratio is HIGH.

 

Have a great day.

Tedd404 wrote

  @Lb_Maverick 

There is no proxy mode for IPsec. Use a  different one.

 

I think you might misunderstand what Tedd wrote. He means there is no such a function for IPsec. And this is what we have now.

And I am not aware of anything about IPsec VPN as a proxy server. It would usually be used for site-to-site connection. If in client-to-site, it would be access the local resources instead of proxy.

 

Or you might wanna express that you want to use L2TP over IPsec? That's a thing that exists in this world. Just use the L2TP and use encryption in the server setup. That's it.

 

If you think it does not fit your use case or scenario, please return it within the return window timely. Be sure to send everything that comes with the package back.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#6
Options
Re:internnet connectivity is not possible for IPSEC remote connection laptops
2024-02-15 12:08:58

  @Clive_A 

 

Hello,

 

Thank you for your feedback.

 

Note that we currently have Sophos installed on an Intel NUC where remote clients are able to connect using IPSEC VPN with access to local networks as well as Internet through the WAN interface.

 

Note that on Sohpos, we used "masquerade" feature under NAT.

 

The objective as to replace current setup with ER605.

 

Have a great day.

 

 Best Regards,

 

  0  
  0  
#7
Options