ER707-M2 - Local LAN client cannot connect to OpenVPN on the router

ER707-M2 - Local LAN client cannot connect to OpenVPN on the router

ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-01 16:00:39 - last edited 2024-06-11 06:17:38
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.2 Build 20240324 Rel.42799

Hello,

 

I can't connect to the router's OpenVPN server from the local network

 

(connection to the router's SSL VPN server is possible from local LAN users)

 

With my previous ER605 V2 router everything is fine and I can connect to OpenVPN from the local network.

 

Any suggestions?

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router-Solution
2024-05-30 00:53:51 - last edited 2024-06-11 06:17:38

Hi @RMitev

Thanks for posting in our business forum.

RMitev wrote

  @Clive_A 

 

Hello, from the external network 10.17.21.1/24  everithing is OK, but from internal network I can't connect.

 

In ER605 v1 and v2, I can connect to the openvpn server from both internal and external network ...

 

(By the way, the ER605 V1 with the latest firmware has a speed of 25 to 30 megabits via OpenVPN)

 

 

Best Regards

Tested and have a reproduction of the issue. The problem mainly lies in the 707-M2, which has added a function to limit the OVPN message. Previously, it was found that in certain scenarios, OVPN messages would not be sent from the specified wan port, so restrictions were added to only send and receive messages on the corresponding WAN port.

605 has not been considered for this feature. But I think if this is added to the firmware. It should later be added to the 605.

The question now is what kind of scenario do you need this connection from the LAN? We have not found a legit scenario for such a use case which may cause some other trouble. So, we limit it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#14
Options
15 Reply
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-07 02:49:35

Hi @RMitev

Never seen this issue before. Can you confirm that it happens(steadily reproducible) on your ER707-M2 V1 1.2.2?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-07 17:50:17

  @Clive_A 

 

When I have free time I will reset the router and I will confirm ...

  1  
  1  
#3
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-24 01:18:19

Hi @RMitev

What's the update on this matter?

Our dev is interested in your case and would like to learn the progress.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-25 14:15:41

  @Clive_A 

 

After reset without any other configuration, situation is the same...

  0  
  0  
#5
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-25 14:17:52

  0  
  0  
#6
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-25 14:20:18

[May 25, 2024, 17:11:19] OpenVPN core 3.8.2connect3 win x86_64 64-bit OVPN-DCO built on Dec  1 2023 16:39:43
⏎[May 25, 2024, 17:11:19] Frame=512/2112/512 mssfix-ctrl=1250
⏎[May 25, 2024, 17:11:19] NOTE: This configuration contains options that were not used:
⏎[May 25, 2024, 17:11:19] Unsupported option (ignored)
⏎[May 25, 2024, 17:11:19] 7 [resolv-retry] [infinite]
⏎[May 25, 2024, 17:11:19] 9 [persist-key]
⏎[May 25, 2024, 17:11:19] 11 [explicit-exit-notify]
⏎[May 25, 2024, 17:11:19] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:19] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:19] EVENT: WAIT ⏎[May 25, 2024, 17:11:19] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
    "host" : "10.17.21.71",
    "ipv6" : false
}

⏎[May 25, 2024, 17:11:19] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:29] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:29] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:29] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:29] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:29] EVENT: WAIT ⏎[May 25, 2024, 17:11:29] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
    "host" : "10.17.21.71",
    "ipv6" : false
}

⏎[May 25, 2024, 17:11:29] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:39] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:39] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:39] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:39] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:39] EVENT: WAIT ⏎[May 25, 2024, 17:11:39] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
    "host" : "10.17.21.71",
    "ipv6" : false
}

⏎[May 25, 2024, 17:11:39] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:49] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:49] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:49] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:49] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:49] EVENT: WAIT ⏎[May 25, 2024, 17:11:49] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
    "host" : "10.17.21.71",
    "ipv6" : false
}

⏎[May 25, 2024, 17:11:49] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:59] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:59] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:59] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:59] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:59] EVENT: WAIT ⏎[May 25, 2024, 17:11:59] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
    "host" : "10.17.21.71",
    "ipv6" : false
}

⏎[May 25, 2024, 17:11:59] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:12:09] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:12:09] EVENT: RECONNECTING ⏎[May 25, 2024, 17:12:09] EVENT: RESOLVE ⏎[May 25, 2024, 17:12:09] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:12:09] EVENT: WAIT ⏎[May 25, 2024, 17:12:09] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
    "host" : "10.17.21.71",
    "ipv6" : false
}

⏎[May 25, 2024, 17:12:09] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:12:19] EVENT: CONNECTION_TIMEOUT  BYTES_OUT : 840
 PACKETS_OUT : 60
 CONNECTION_TIMEOUT : 1
 N_RECONNECT : 5
⏎[May 25, 2024, 17:12:19] EVENT: DISCONNECTED ⏎

  0  
  0  
#7
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-25 14:22:50 - last edited 2024-05-25 14:23:49

 

  0  
  0  
#8
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-25 14:47:24

As I mentioned in ER605 therad: https://community.tp-link.com/en/business/forum/topic/640894


An OpenVPN log will be very helpfull ...

  0  
  0  
#9
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-27 01:07:35

Hi @RMitev 

Thanks for posting in our business forum.

RMitev wrote

 

Huh.. You don't have a public IP address. You should fix this first before we move on.

If that's the case, your WAN is not a public IP, I think I know what's wrong. The whole thread is going the wrong direction because you don't have a public IP address.

Fix this first, and you should proceed the rest of the parts smoothly on your own with the guides.

 

Check on your modem router and what's the IP address you get?

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Real Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#10
Options
Re:ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
2024-05-27 08:32:40

  @Clive_A 

 

Yes, that's right, there is a replacement device in place of the Er707-M2 router in question. In the original setup, the router has a real IP, but I can't stop the service to test everything with this router.

 

The OpenVPN connection is created from the internal LAN, so the external IP does not matter in this case.

 

I believe I have shown how to reproduce the problem - the WAN connection is via WAN/LAN3, an OpenVPN server is set up on this interface and we are trying to connect to it from the LAN network.

 

I believe you have enough devices to test what happens in this case.

  0  
  0  
#11
Options