ER7206 Openvpn Client reports wrong Remote VPN tunnel IP Address .

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER7206 Openvpn Client reports wrong Remote VPN tunnel IP Address .

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER7206 Openvpn Client reports wrong Remote VPN tunnel IP Address .
ER7206 Openvpn Client reports wrong Remote VPN tunnel IP Address .
2024-03-26 12:53:35 - last edited 2024-03-27 01:58:28
Model: ER7206 (TL-ER7206)  
Hardware Version: V2
Firmware Version: 2.0.1 Build 20230705 Rel.75930

There might be a bug on the er7206 model (and not the er605) TP Link VPN Router on how implements Openvpn Client with remote Open VPN Access server.

I had the TPLINK er605 V2 model with  site to site vpn (routed site to site lan) and was working ok without any issues.

 

We have upgraded to er7206 V2 so we can have more speed for the openvpn network (130mpbs) cause er605 v2 was supporting only 21mbps.

 

The openvpn client reports Remote IP addess of the vpn tunnel as a subnet address. I have tested in many environments also with factory reset and so in every configuration ER7206 reports wrong Remote Tunnel IP address.

 

The remote Tunnel IP is on the same subnet as the local IP (172.27.100.1) , This IP was reported correctly on er605 model.

 

 

 

 

TPLINK ER605 model reported well the remote ip of the tunnel ,and we could ping Er605 router with its local ip 10.10.16.1 from the OPenvpn Access Server LAN or the server itself.

 

All routed interfaces working well , LAN on the openvpn access server can reach LAN IPs on the er7206 client side and the opposite . (10.10.16.0/24)

The problem is that i cant reach ER7206 Local Lan ip  10.10.16.1 from the Lan side of the openvpn access server or from the openvpn access server itself.

I can reach all the LAN 10.10.16.0/24 IPs of the remote lan on the er7206 acting as openvpn client.

 

ER7206 LAN IP: 10.10.16.1

 

There is no wrong routes or misconfiguration on the openvpn access server cause the same configuration with the same ovpn configuration files works ok on the ER605 Model. and we can ping and access the router IP from both sites (10.10.16.1)

 

So i dont think theres a network misconfigration.

 

 

After many tests with different Openvpn Access Servers i came to the conclusion that the reported Remote IP as subnet is the problem that i cant reach LAN IP of the router.(10.10.16.1) from the remote LAN (Openvpn Access Server LAN ) or local Openvpn Access Server  machine.

 

The exact same configuration was working correctly on TPLINK ER605 V2  (last firmware model).

 

Below is the routing table of openvpn access server showing  the networks..

 

 

Please i need an immediate  answer regarding the issue cause we choose to implement many company branches with the ER7206 VPN Router and is a problem for us that we cant implement correctly the solution..

 

 

Update: One last thing I have seen is that Openvpn Client on ER605 shows version 2.4.3 (linux) on the Openvpn Access server and

ER7206 shows verison 2.3.8 (linux) . maybe the client that implements the openvpn client on ER7206 is old ???

 

 

ER605 Router

 

 

ER7206 Router

 

  0      
  0      
#1
Options
4 Reply
Re:ER7206 Openvpn Client reports wrong Remote VPN tunnel IP Address .
2024-03-27 01:58:13

Hi @JohnGian 

Thanks for posting in our business forum.

You might wanna upgrade your router at least.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER7206 Openvpn Client reports wrong Remote VPN tunnel IP Address .
2024-03-28 12:07:07

  @Clive_A 

 

Hey man the firmware only corrects specific things like the wrong reported Ip address tunnel..although ive updated.

 

 

Openvpn client still reports 2.3.8 older than the er605.(2.4.5)

 

Access to router is blocked from all sites from the openvpn access side and from Openvpn access Server itself.


The same configuration as i told you before was working on er605 that we have changed for bandwidth reasons.

 

There something wrong with the model er7206 the way routes traffic to openvpn server and back. Routing from private subnets of access server works correctly and routes traffic to the lan of er7206.

 

I can access the router only with second vpn that ive made LT2P/IPSEC from my pc to access resources on the router side.

 

 

 

I am able to ping the whole network (routed) network from the Openvpn access side but not the router.

I plugged back in the er605 model with the same configuration and worked correctly.

Is there someone to assist me on this..?

 

 

  0  
  0  
#3
Options
Re:ER7206 Openvpn Client reports wrong Remote VPN tunnel IP Address .
2024-03-29 01:49:14

Hi @JohnGian

JohnGian wrote

  @Clive_A 

 

Hey man the firmware only corrects specific things like the wrong reported Ip address tunnel..although ive updated.

 

 

Openvpn client still reports 2.3.8 older than the er605.(2.4.5)

 

Access to router is blocked from all sites from the openvpn access side and from Openvpn access Server itself.


The same configuration as i told you before was working on er605 that we have changed for bandwidth reasons.

 

There something wrong with the model er7206 the way routes traffic to openvpn server and back. Routing from private subnets of access server works correctly and routes traffic to the lan of er7206.

 

I can access the router only with second vpn that ive made LT2P/IPSEC from my pc to access resources on the router side.

 

 

 

I am able to ping the whole network (routed) network from the Openvpn access side but not the router.

I plugged back in the er605 model with the same configuration and worked correctly.

Is there someone to assist me on this..?

 

 

Just verify some basic stuff as you showed me the first firmware release of V2. If you need instant help, call the tech support number.

ER605 2.2.4 is not the same gen as the ER7206 V2 2.1.1.. One version advanced than 7206. There is no public beta for 7206 V2 yet. 

And ER7206 V2 is just a new version out. Usually need some time to catch up. 

If you are telling me you are on V2 2.1.1, this behaves incorrectly, I gotta email the team and check this. You need some patience, please. Or just ring the number.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options
Re:ER7206 V2 Openvpn Client reports wrong Remote VPN tunnel IP Address .
2024-03-29 15:44:00 - last edited 2024-03-29 15:46:02

  @Clive_A 

 

  As  i told before er7206 is buggy device regarding routing.

 

You can not change route table or use ovpnclient0 interface for routing.

Openvpn Access server gives correct routing to devices but ER7206 do what it wants.

 

You cant change the routing table even from the device , with remote management with ssh 

because ip route add or show ip route  says command not implemented.

 

For a weird reason creates routes from the OPENVPN access server  to other interface (WAN2) or the interface of tunnel IP,  so only you can reach router from the local network and NOT the access server itself and any pc on 10.130.0.0 network on the Openvpn Access server side that access the 10.10.16.0/24 lan through the tunnel.

 

The weird thing that makes things mote complicated is that creates correct routes only for the dns servers (10.130.1.41  - 10.130.1.30) that pushed by Openvpn Access server to openvvpn client and only from that ips you can reach LANn ip 10.10.16.1 of er7206.

 

ER605 V2 worked like a charm and made correct routes even on that device still you could not change and use the virtual openvpnclient0 interfaces for static routes.

 

Totally disappointed by this business product. I guess it is a business product after all ?

 

 

 

 

 

If only i could add some static routes and use the interface ovpnclient0 i would solve my problem and i could reach the Router LAN IP 10.10.16.1 from the 10.130.0.0 or even the Tunnel IP of the Access Server 172.27.100.1 network that routes traffic from the tunnel network to LAN 10.10.16.0/24

 

Is there anyone from the technical department to help me and explain better the configuration?

 

 

  0  
  0  
#5
Options