Business Community > Routers > PPTP VPN client fails to access remote resources through Site-to-Site tunnel
< Routers

PPTP VPN client fails to access remote resources through Site-to-Site tunnel

PPTP VPN client fails to access remote resources through Site-to-Site tunnel

PPTP VPN client fails to access remote resources through Site-to-Site tunnel
PPTP VPN client fails to access remote resources through Site-to-Site tunnel
3 weeks ago
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4 Build 20240119 Rel.44368

Hi,

 

I have two ER605 routers which connect two remote offices together and they are worked fine so far. I did a fw upgrade from 2.1.2 to the latest 2.2.4 in 3 steps: 2.1.2 -> 2.2.2 -> 2.2.3 -> 2.2.4 (whithout factor reset and config restore).

After upgrade the clients (PPTP VPN) are not able to access the remote siteB through S2S VPN tunnel. They see only the network where they are connected.

The topology is the same as this (of course with different private IPs): https://www.tp-link.com/hu/support/faq/3363/

I can reproduce the error on both router.

I tried PPTP first then Wireguard and Andoroid IPSEC clients but they are also failed.

Before the FW upgrade it worked well. Any suggestion would be nice!
 

  0      
 
  0      
 
#1
Options
6 Reply
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2 weeks ago - last edited 2 weeks ago

Hi @mzperx 

Thanks for posting in our business forum.

Reboot one of the devices to establish the IPsec. Unless you can confirm the IPsec is up.

Delete the VPN profile and create it again. Or create a new one to test. It looks like the update may affect the C2S VPN parameters.

 

BTW, you can still access the local LAN of one of the sites? I mean the C2S connection is okay? Screenshot of the test results. If you have the diagram, that would be wonderful.

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  1  
  1  
#2
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2 weeks ago - last edited 2 weeks ago

 Hi @Clive_A,

 

than you for your reply!

"BTW, you can still access the local LAN of one of the sites? I mean the C2S connection is okay? "

Yes, it is okay on both sides!
 

"Delete the VPN profile and create it again. Or create a new one to test. It looks like the update may affect the C2S VPN parameters."

It fixed the problem on routerA, but not on routerB, it is strange. I just deleted the PPTP server and added again without any user or ip_pool modification.

 

Topology:   Router1 (LAN1: 192.168.10.0/24) -----S2SVPN----- Router2(LAN2: 192.168.1.0/24)

 

If a PPTP client connects to Rotuer1 it sees the LAN2 resources now, but if client connects to Router2 it doesn't see LAN1 resources.

 

S2S settings on Router2:

 

 

PPTP srv settings on Router2 (I tried both pools, but pool #2 would be preferred):

 

 

 

  0  
  0  
#3
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2 weeks ago

S2S settings on router2:
 

Mode: LAN-to-LAN

Remote Gateway: WAN IP of router2

WAN: WAN

Local Network type: Network

Local Network: LAN

Remote subnet: 192.168.10.0/24

 

  0  
  0  
#7
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2 weeks ago - last edited 2 weeks ago

What is strange that only PPTP client can access to LAN2 (if it connects to Router1). If I try wireguard (connect to Router1) it doesn't see LAN2. But I'm new in Wireguard may I missed something, I used this to try it: https://www.tp-link.com/us/support/faq/3559/

  0  
  0  
#8
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2 weeks ago

RouterA is ok, I reconfigured the PPTP server and this solved the problem.
But on RouterB it didn't work neither the factory reset and manual setting. The difference is that RotuerB have more S2S IPSEC connections. RouterA only have 1 to connect to RouterB.

The solution was the FW downgrade to the working one.

  0  
  0  
#9
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2 weeks ago

Hi @mzperx 

Thanks for posting in our business forum.

mzperx wrote

RouterA is ok, I reconfigured the PPTP server and this solved the problem.
But on RouterB it didn't work neither the factory reset and manual setting. The difference is that RotuerB have more S2S IPSEC connections. RouterA only have 1 to connect to RouterB.

The solution was the FW downgrade to the working one.

Can you draw the diagram for me if this needs to be further addressed? I require the model number and firmware version and IP addresses mounted on them.

It sounds strange to me. So, if your both models are ER605 V2, how come one works with the latest firmware while the other one does not and requires the downgrade?

 

And, I recommend you bypass the PPTP, and try some other types. L2TP at least. PPTP has its own limit in the L3 networking and it is because of its nature. L2TP improves this.

 

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  1  
  1  
#10
Options

Information

Helpful: 0

Views: 163

Replies: 6

Related Articles
ER605 as VPN Client to share remote internet on LAN
1789 0
LAN client to Remote Subnet server Routing by way of VPN
174 0
WireGuard VPN to Remote IPSEC network.
670 0
ER605 - IPSec VPN / Remote Subnets & Adopting ER605 to remote OC200
313 0
NAT-T Support with IPSEC VPN
245 0
Cannot ping devices on remote network using OpenVPN/PPTP VPN (RESOLVED)
1011 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.