PPTP VPN client fails to access remote resources through Site-to-Site tunnel
Hi,
I have two ER605 routers which connect two remote offices together and they are worked fine so far. I did a fw upgrade from 2.1.2 to the latest 2.2.4 in 3 steps: 2.1.2 -> 2.2.2 -> 2.2.3 -> 2.2.4 (whithout factor reset and config restore).
After upgrade the clients (PPTP VPN) are not able to access the remote siteB through S2S VPN tunnel. They see only the network where they are connected.
The topology is the same as this (of course with different private IPs): https://www.tp-link.com/hu/support/faq/3363/
I can reproduce the error on both router.
I tried PPTP first then Wireguard and Andoroid IPSEC clients but they are also failed.
Before the FW upgrade it worked well. Any suggestion would be nice!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @mzperx
Thanks for posting in our business forum.
Reboot one of the devices to establish the IPsec. Unless you can confirm the IPsec is up.
Delete the VPN profile and create it again. Or create a new one to test. It looks like the update may affect the C2S VPN parameters.
BTW, you can still access the local LAN of one of the sites? I mean the C2S connection is okay? Screenshot of the test results. If you have the diagram, that would be wonderful.
Please mosaic your sensitive information. Here is a list of information considered sensitive:
1. Public IP address on your WAN if your WAN is.
2. Real MAC address of your device.
3. Your personal information including address, domain name, and credentials.
For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
than you for your reply!
"BTW, you can still access the local LAN of one of the sites? I mean the C2S connection is okay? "
Yes, it is okay on both sides!
"Delete the VPN profile and create it again. Or create a new one to test. It looks like the update may affect the C2S VPN parameters."
It fixed the problem on routerA, but not on routerB, it is strange. I just deleted the PPTP server and added again without any user or ip_pool modification.
Topology: Router1 (LAN1: 192.168.10.0/24) -----S2SVPN----- Router2(LAN2: 192.168.1.0/24)
If a PPTP client connects to Rotuer1 it sees the LAN2 resources now, but if client connects to Router2 it doesn't see LAN1 resources.
S2S settings on Router2:
PPTP srv settings on Router2 (I tried both pools, but pool #2 would be preferred):
- Copy Link
- Report Inappropriate Content
S2S settings on router2:
Mode: LAN-to-LAN
Remote Gateway: WAN IP of router2
WAN: WAN
Local Network type: Network
Local Network: LAN
Remote subnet: 192.168.10.0/24
- Copy Link
- Report Inappropriate Content
What is strange that only PPTP client can access to LAN2 (if it connects to Router1). If I try wireguard (connect to Router1) it doesn't see LAN2. But I'm new in Wireguard may I missed something, I used this to try it: https://www.tp-link.com/us/support/faq/3559/
- Copy Link
- Report Inappropriate Content
RouterA is ok, I reconfigured the PPTP server and this solved the problem.
But on RouterB it didn't work neither the factory reset and manual setting. The difference is that RotuerB have more S2S IPSEC connections. RouterA only have 1 to connect to RouterB.
The solution was the FW downgrade to the working one.
- Copy Link
- Report Inappropriate Content
Hi @mzperx
Thanks for posting in our business forum.
mzperx wrote
RouterA is ok, I reconfigured the PPTP server and this solved the problem.
But on RouterB it didn't work neither the factory reset and manual setting. The difference is that RotuerB have more S2S IPSEC connections. RouterA only have 1 to connect to RouterB.The solution was the FW downgrade to the working one.
Can you draw the diagram for me if this needs to be further addressed? I require the model number and firmware version and IP addresses mounted on them.
It sounds strange to me. So, if your both models are ER605 V2, how come one works with the latest firmware while the other one does not and requires the downgrade?
And, I recommend you bypass the PPTP, and try some other types. L2TP at least. PPTP has its own limit in the L3 networking and it is because of its nature. L2TP improves this.
Please mosaic your sensitive information. Here is a list of information considered sensitive:
1. Public IP address on your WAN if your WAN is.
2. Real MAC address of your device.
3. Your personal information including address, domain name, and credentials.
For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 592
Replies: 6
Voters 0
No one has voted for it yet.