Configuration Guide How to Configure GRE VPN on Omada Router
Background:
This post provides a comprehensive configuration guide on GRE VPN in standalone mode. For the controller mode, the steps are similar.
This Article Applies to:
All routers with GRE VPN are supported.
Application Scenario:
| WAN Mode |
WAN IP |
LAN IP |
User IP | |
| Site 1 |
DHCP |
111.1.1.111/22 |
192.168.1.1/24 |
192.168.1.100/24 |
| Site 2 |
DHCP |
222.2.2.222/22 |
192.168.101.1/24 |
192.168.101.100/24 |
Configuration Steps:
Step 1. Configure GRE VPN for Site 1
Log in standalone web, Go to VPN > GRE, and click Add to start configuration, as shown below:
If IPsec encryption is needed, additionally configure a pre-shared key:
Step 2. Configure GRE VPN for Site 2
Go to VPN > GRE and click Add to start configuration, as shown below
Set IPsec Encryption to Unencrypted
If IPsec Encryption is needed, additionally configure a Pre-shared Key:
Note: Local GRE IP & Remote GRE IP are the point-to-point IPv4 addresses used for GRE tunnel encapsulation. They can be filled in with different network segments, but should correspond when configuring the two sites.
Step 3. Check the GRE VPN configuration results.
Go to VPN > GRE to view the configured GRE VPN.
Take Site 1 as an example.
If IPsec Encryption is NOT required:
If IPsec Encryption is configured, in addition to viewing it in VPN > GRE, you can also check the IPsec negotiation information in VPN > IPsec:
An uneditable entry named GRE is automatically generated in VPN > IPsec > IPsec Policy:
View the negotiation results in VPN > IPsec > IPsec SA:
After GRE VPN configuration is complete, go to Transmission > Routing Table to ensure routes for the remote GRE IP and remote subnet exist, with the interface being the GRE VPN’s name.
Site 1:
Site 2:
Verification:
Test connectivity between User 1 and User 2:
User 1:
IP address, subnet mask, gateway:
Ping test to check reachability with User 2:
Use Tracert to check if packets are forwarded via GRE VPN:
User 2:
IP address, subnet mask, gateway:
Ping test to check reachability with User 1:
Use Tracert to see if packets are forwarded via GRE VPN:
Note:
1. Currently, only the GRE VPN tunnel can allow OSPF/RIP.
2. Currently, our GRE VPN is layer 3 based. Layer 2 based protocols like broadcast cannot be used. For features like WOL broadcast in layer 2 cannot be effective. Unless the WOL is using L3 unicast for destination IP.
3. If you are using a third-party GRE VPN router, note that our router GRE VPN does not allow you to change the IPsec encryption.
The preset encryptions are:
- MD5/3DES/DH2
- SHA1/3DES/DH2
- SHA1/AES/DH14
If you experience a problem with the third-party VPN router, please consider changing the encrpytion on it.
Update Log:
Aug 23rd, 2024:
Release of the article.
Recommended Threads:
Configuration Guide How to Configure WireGuard VPN on Omada Controller
Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates
Get the Latest Omada SDN Controller Releases Here - Subscribe for Updates
Feedback:
- If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
- If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valuable feedback!
------------------------------------------------------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.