ER605v2 LAN Client l2tp VPN passthrough

ER605v2 LAN Client l2tp VPN passthrough

ER605v2 LAN Client l2tp VPN passthrough
ER605v2 LAN Client l2tp VPN passthrough
2024-05-15 20:09:25 - last edited 2024-05-16 03:49:35
Tags: #VPN #NAT #passthrough
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4 Build 20240119 Rel.44368

Recently switched router from ubiquity usg-3p to tp-link er605v2. with this switch a user who is using windows 10 client on a default configured lan port cannot connect to remote VPN server. The router has minimal changes from default setup aside from LAN ip space - 192.168.2.0, and the WAN MAC. VPN settings in the ER605 are blank/default

 

Client - Windows 10, l2tp psk mschapv2 auth

client<->AP<->POE Switch<->Router<->cable modem

 

ALG setting on ER605 has all of the options selected

(transmission->nat->alg)

 

If I replace the er605 with the old usg-3p things work just fine again.

 

Another client on the LAN (Mac using cisco anyconnect) has no issues with establishing a VPN session.

 

What steps am I missing here?

  0      
  0      
#1
Options
6 Reply
Re:ER605v2 LAN Client l2tp VPN passthrough
2024-05-16 02:22:28

Hi @dgabler 

Thanks for posting in our business forum.

Can you give some more details?

On the WAN, is it a public IP address like the UBNT? Your config details as well.

 

You can also refer to the following links to review your existing parameters:

How to set up L2TP / IPsec VPN Client on Windows PC and MacBook

Why my Windows PC cannot connect to TP-Link L2TP VPN server?

How to establish an L2TP Server by Omada Gateway in Standalone mode

 

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:ER605v2 LAN Client l2tp VPN passthrough
2024-05-16 03:15:27

  @Clive_A

|  On the WAN, is it a public IP address like the UBNT?

 

It is exactly the same as the UBNT for the public IP configuration. The only change on the network is a drop-in replacement of the ER605 for the USG.

 

| Your config details as well.

 

What specifically and how to get the details you desire (screen shot etc.)  Tried decrypting the backup.bin file but have not found the encryption key yet to do it.

 

 

  0  
  0  
#3
Options
Re:ER605v2 LAN Client l2tp VPN passthrough
2024-05-16 03:19:52 - last edited 2024-05-16 03:20:16

Hi @dgabler 

Thanks for posting in our business forum.

dgabler wrote

  @Clive_A

|  On the WAN, is it a public IP address like the UBNT?

 

It is exactly the same as the UBNT for the public IP configuration. The only change on the network is a drop-in replacement of the ER605 for the USG.

 

| Your config details as well.

 

What specifically and how to get the details you desire (screen shot etc.)  Tried decrypting the backup.bin file but have not found the encryption key yet to do it.

 

 

We don't have methods to decrypt the backup .bin.

You can upload some screenshots of your VPN server and client setup.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:ER605v2 LAN Client l2tp VPN passthrough
2024-05-16 03:35:48 - last edited 2024-05-16 03:50:00

  @Clive_A 

Ahh Ok slight confusion then, apologize.

I am NOT using any of the ER605's VPN configurations.

I have a client system on the LAN (window 10)

Client system is trying to connect from LAN to a l2tp VPN server on the public internet.

 

When the traffic passes through the ER605 the vpn cannot be established by the windows system.

IF I replace the ER605 with the old UBNT USG, changing nothing other than the router, the client is able to establish the VPN session.

 

It seems to me that there the ER605 if blocking the VPN traffic originating from LAN ports on its way to the internet (or something with NAT rules is missing)

All of the other NAT tabs (one-to-one, virtual servers, port triggering, nat-dmz) are blank and only have '--' in them.

 

  0  
  0  
#5
Options
Re:ER605v2 LAN Client l2tp VPN passthrough
2024-05-17 01:20:24

  @Clive_A 

Here is a capture showing where 'things go wrong'  at the 12th packet the connecting diverges.  Good UBNT is on the right, bad TP-LINK on the left.

  0  
  0  
#6
Options
Re:ER605v2 LAN Client l2tp VPN passthrough
2024-05-17 19:29:39

Downgraded to 2.2.3 and no luck

downgraded to 2.2.2 and no luck.

 

Will be returning this product.  Software has a bug that does not allow L2TP passthrough for clients on the local LAN to internet servers

  0  
  0  
#7
Options