ER7206, Guest SSID to WAN VPN
Hi,
I know, this may sound odd, but :). I want to set up a Guest SSID, and ONLY for that Wi-Fi network, the upstream (WAN) connection is over VPN (router as a client). For the "stock" SSID, use the standard WAN connection.
Clear as mud? Is there a way to do this?
Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @arrmo
Thanks for posting in our business forum.
L2TP VPN with Policy Routing. This might need VLAN interface involved but this will require additional settings in the ACL.
- Copy Link
- Report Inappropriate Content
Hi @arrmo
PBR has been scheduled to V5.16: Wireguard policy routing
- Copy Link
- Report Inappropriate Content
Hi @arrmo
Thanks for posting in our business forum.
L2TP VPN with Policy Routing. This might need VLAN interface involved but this will require additional settings in the ACL.
- Copy Link
- Report Inappropriate Content
@Clive_A Thanks! Let me do some digging. I admit (and I should have said this, sorry!), wanting to use WireGuard on the uplink (for that one SSID).
- Copy Link
- Report Inappropriate Content
@Clive_A OK, it may just be me, but struggling a bit to add a (Omada) client to server VPN ... site-to-site I think this is? I don't see WireGuard there (sadly), but I do see OpenVPN ... but even then, not sufficient settings to get the connection up?
Perhaps just me, but need that VPN first. And - do I need it on a second WAN interface, or can I have two IP's on a single WAN interface, and Policy Route to them?
Thanks!
- Copy Link
- Report Inappropriate Content
Hi @arrmo
Thanks for posting in our business forum.
arrmo wrote
@Clive_A OK, it may just be me, but struggling a bit to add a (Omada) client to server VPN ... site-to-site I think this is? I don't see WireGuard there (sadly), but I do see OpenVPN ... but even then, not sufficient settings to get the connection up?
Perhaps just me, but need that VPN first. And - do I need it on a second WAN interface, or can I have two IP's on a single WAN interface, and Policy Route to them?
Thanks!
Update your firmware. WireGuard is available on the ER7206.
Wireguard and OVPN tunnels do not support PBR yet.
The last sentence does not make sense to me. You don't need a second WAN. One WAN can suffice multiple VPNs.
If you have multiple NATs, you need to use the One-to-One NAT and it is mainly for port forwarding purposes as you need to mirror local service to multiple IPs.
It does not work for the VPN servers.
- Copy Link
- Report Inappropriate Content
@Clive_A Thanks for the pointers - I was digging in parallel, and figured it out. I do have WireGuard, but like you note - not for Client-to-Site yet :(. Any idea if / when that's coming? WireGuard speed is just so much better than OpenVPN.
Thanks again!
FYI, a very helpful link: https://paulhiggs.github.io/tp-link-vpn/
- Copy Link
- Report Inappropriate Content
Hi @arrmo
PBR has been scheduled to V5.16: Wireguard policy routing
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 499
Replies: 6
Voters 0
No one has voted for it yet.