ER605v2 LAN Client l2tp VPN passthrough
Recently switched router from ubiquity usg-3p to tp-link er605v2. with this switch a user who is using windows 10 client on a default configured lan port cannot connect to remote VPN server. The router has minimal changes from default setup aside from LAN ip space - 192.168.2.0, and the WAN MAC. VPN settings in the ER605 are blank/default
Client - Windows 10, l2tp psk mschapv2 auth
client<->AP<->POE Switch<->Router<->cable modem
ALG setting on ER605 has all of the options selected
(transmission->nat->alg)
If I replace the er605 with the old usg-3p things work just fine again.
Another client on the LAN (Mac using cisco anyconnect) has no issues with establishing a VPN session.
What steps am I missing here?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @dgabler
Thanks for posting in our business forum.
Can you give some more details?
On the WAN, is it a public IP address like the UBNT? Your config details as well.
You can also refer to the following links to review your existing parameters:
How to set up L2TP / IPsec VPN Client on Windows PC and MacBook
Why my Windows PC cannot connect to TP-Link L2TP VPN server?
How to establish an L2TP Server by Omada Gateway in Standalone mode
Please mosaic your sensitive information. Here is a list of information considered sensitive:
1. Public IP address on your WAN if your WAN is.
2. Real MAC address of your device.
3. Your personal information including address, domain name, and credentials.
For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.
- Copy Link
- Report Inappropriate Content
| On the WAN, is it a public IP address like the UBNT?
It is exactly the same as the UBNT for the public IP configuration. The only change on the network is a drop-in replacement of the ER605 for the USG.
| Your config details as well.
What specifically and how to get the details you desire (screen shot etc.) Tried decrypting the backup.bin file but have not found the encryption key yet to do it.
- Copy Link
- Report Inappropriate Content
Hi @dgabler
Thanks for posting in our business forum.
dgabler wrote
| On the WAN, is it a public IP address like the UBNT?
It is exactly the same as the UBNT for the public IP configuration. The only change on the network is a drop-in replacement of the ER605 for the USG.
| Your config details as well.
What specifically and how to get the details you desire (screen shot etc.) Tried decrypting the backup.bin file but have not found the encryption key yet to do it.
We don't have methods to decrypt the backup .bin.
You can upload some screenshots of your VPN server and client setup.
- Copy Link
- Report Inappropriate Content
Ahh Ok slight confusion then, apologize.
I am NOT using any of the ER605's VPN configurations.
I have a client system on the LAN (window 10)
Client system is trying to connect from LAN to a l2tp VPN server on the public internet.
When the traffic passes through the ER605 the vpn cannot be established by the windows system.
IF I replace the ER605 with the old UBNT USG, changing nothing other than the router, the client is able to establish the VPN session.
It seems to me that there the ER605 if blocking the VPN traffic originating from LAN ports on its way to the internet (or something with NAT rules is missing)
All of the other NAT tabs (one-to-one, virtual servers, port triggering, nat-dmz) are blank and only have '--' in them.
- Copy Link
- Report Inappropriate Content
Here is a capture showing where 'things go wrong' at the 12th packet the connecting diverges. Good UBNT is on the right, bad TP-LINK on the left.
- Copy Link
- Report Inappropriate Content
Downgraded to 2.2.3 and no luck
downgraded to 2.2.2 and no luck.
Will be returning this product. Software has a bug that does not allow L2TP passthrough for clients on the local LAN to internet servers
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 630
Replies: 6
Voters 0
No one has voted for it yet.