PPTP VPN client fails to access remote resources through Site-to-Site tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

PPTP VPN client fails to access remote resources through Site-to-Site tunnel

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
PPTP VPN client fails to access remote resources through Site-to-Site tunnel
PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2024-04-11 15:57:48
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4 Build 20240119 Rel.44368

Hi,

 

I have two ER605 routers which connect two remote offices together and they are worked fine so far. I did a fw upgrade from 2.1.2 to the latest 2.2.4 in 3 steps: 2.1.2 -> 2.2.2 -> 2.2.3 -> 2.2.4 (whithout factor reset and config restore).

After upgrade the clients (PPTP VPN) are not able to access the remote siteB through S2S VPN tunnel. They see only the network where they are connected.

The topology is the same as this (of course with different private IPs): https://www.tp-link.com/hu/support/faq/3363/

I can reproduce the error on both router.

I tried PPTP first then Wireguard and Andoroid IPSEC clients but they are also failed.

Before the FW upgrade it worked well. Any suggestion would be nice!
 

  0      
  0      
#1
Options
6 Reply
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2024-04-12 03:28:54 - last edited 2024-04-12 03:30:40

Hi @mzperx 

Thanks for posting in our business forum.

Reboot one of the devices to establish the IPsec. Unless you can confirm the IPsec is up.

Delete the VPN profile and create it again. Or create a new one to test. It looks like the update may affect the C2S VPN parameters.

 

BTW, you can still access the local LAN of one of the sites? I mean the C2S connection is okay? Screenshot of the test results. If you have the diagram, that would be wonderful.

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2024-04-12 10:26:21 - last edited 2024-04-12 10:28:47

 Hi @Clive_A,

 

than you for your reply!

"BTW, you can still access the local LAN of one of the sites? I mean the C2S connection is okay? "

Yes, it is okay on both sides!
 

"Delete the VPN profile and create it again. Or create a new one to test. It looks like the update may affect the C2S VPN parameters."

It fixed the problem on routerA, but not on routerB, it is strange. I just deleted the PPTP server and added again without any user or ip_pool modification.

 

Topology:   Router1 (LAN1: 192.168.10.0/24) -----S2SVPN----- Router2(LAN2: 192.168.1.0/24)

 

If a PPTP client connects to Rotuer1 it sees the LAN2 resources now, but if client connects to Router2 it doesn't see LAN1 resources.

 

S2S settings on Router2:

 

 

PPTP srv settings on Router2 (I tried both pools, but pool #2 would be preferred):

 

 

 

  0  
  0  
#3
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2024-04-12 10:36:43

S2S settings on router2:
 

Mode: LAN-to-LAN

Remote Gateway: WAN IP of router2

WAN: WAN

Local Network type: Network

Local Network: LAN

Remote subnet: 192.168.10.0/24

 

  0  
  0  
#7
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2024-04-12 10:44:35 - last edited 2024-04-12 10:45:25

What is strange that only PPTP client can access to LAN2 (if it connects to Router1). If I try wireguard (connect to Router1) it doesn't see LAN2. But I'm new in Wireguard may I missed something, I used this to try it: https://www.tp-link.com/us/support/faq/3559/

  0  
  0  
#8
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2024-04-17 12:47:50

RouterA is ok, I reconfigured the PPTP server and this solved the problem.
But on RouterB it didn't work neither the factory reset and manual setting. The difference is that RotuerB have more S2S IPSEC connections. RouterA only have 1 to connect to RouterB.

The solution was the FW downgrade to the working one.

  0  
  0  
#9
Options
Re:PPTP VPN client fails to access remote resources through Site-to-Site tunnel
2024-04-18 01:44:42

Hi @mzperx 

Thanks for posting in our business forum.

mzperx wrote

RouterA is ok, I reconfigured the PPTP server and this solved the problem.
But on RouterB it didn't work neither the factory reset and manual setting. The difference is that RotuerB have more S2S IPSEC connections. RouterA only have 1 to connect to RouterB.

The solution was the FW downgrade to the working one.

Can you draw the diagram for me if this needs to be further addressed? I require the model number and firmware version and IP addresses mounted on them.

It sounds strange to me. So, if your both models are ER605 V2, how come one works with the latest firmware while the other one does not and requires the downgrade?

 

And, I recommend you bypass the PPTP, and try some other types. L2TP at least. PPTP has its own limit in the L3 networking and it is because of its nature. L2TP improves this.

 

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#10
Options