How to Configure GRE VPN on Omada Router

How to Configure GRE VPN on Omada Router

How to Configure GRE VPN on Omada Router
How to Configure GRE VPN on Omada Router
2024-08-23 02:34:57 - last edited 2024-11-13 01:38:37
Tags: #VPN

Background:

 

This post provides a comprehensive configuration guide on GRE VPN in standalone mode. For the controller mode, the steps are similar.

 

This Article Applies to:

 

All routers with GRE VPN are supported.

 

Application Scenario:

 

 

 

WAN Mode

WAN IP

LAN IP

User IP

Site 1

DHCP

111.1.1.111/22

192.168.1.1/24

192.168.1.100/24

Site 2

DHCP

222.2.2.222/22

192.168.101.1/24

192.168.101.100/24

 

Configuration Steps:

 

Step 1. Configure GRE VPN for Site 1


Log in standalone web, Go to VPN > GRE, and click Add to start configuration, as shown below:

 


If IPsec encryption is needed, additionally configure a pre-shared key:

 

 

Step 2. Configure GRE VPN for Site 2


Go to VPN > GRE and click Add to start configuration, as shown below
Set IPsec Encryption to Unencrypted

 


If IPsec Encryption is needed, additionally configure a Pre-shared Key:

 


Note: Local GRE IP & Remote GRE IP are the point-to-point IPv4 addresses used for GRE tunnel encapsulation. They can be filled in with different network segments, but should correspond when configuring the two sites.


Step 3. Check the GRE VPN configuration results.

 

Go to VPN > GRE to view the configured GRE VPN.


Take Site 1 as an example.
If IPsec Encryption is NOT required:

 


If IPsec Encryption is configured, in addition to viewing it in VPN > GRE, you can also check the IPsec negotiation information in VPN > IPsec:

 


An uneditable entry named GRE is automatically generated in VPN > IPsec > IPsec Policy:

 


View the negotiation results in VPN > IPsec > IPsec SA:

 


After GRE VPN configuration is complete, go to Transmission > Routing Table to ensure routes for the remote GRE IP and remote subnet exist, with the interface being the GRE VPN’s name.


Site 1:


Site 2:

 

Verification:

 

Test connectivity between User 1 and User 2:

 

User 1:

IP address, subnet mask, gateway:

 

 

Ping test to check reachability with User 2:

 

 

Use Tracert to check if packets are forwarded via GRE VPN:

 


User 2:
IP address, subnet mask, gateway:

 

 

Ping test to check reachability with User 1:

 

 

Use Tracert to see if packets are forwarded via GRE VPN:

 

 

Note:

 

1. Currently, only the GRE VPN tunnel can allow OSPF/RIP. 

2. Currently, our GRE VPN is layer 3 based. Layer 2 based protocols like broadcast cannot be used. For features like WOL broadcast in layer 2 cannot be effective. Unless the WOL is using L3 unicast for destination IP. 

3. If you are using a third-party GRE VPN router, note that our router GRE VPN does not allow you to change the IPsec encryption. 

The preset encryptions are:

  • MD5/3DES/DH2
  • SHA1/3DES/DH2
  • SHA1/AES/DH14

If you experience a problem with the third-party VPN router, please consider changing the encrpytion on it.

 

Update Log:

 

Aug 23rd, 2024:

Release of the article.

 

Recommended Threads:

 

Configuration Guide How to Configure WireGuard VPN on Omada Controller

Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates

Get the Latest Omada SDN Controller Releases Here - Subscribe for Updates

 

Feedback:

 

  • If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
  • If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valuable feedback!

 

------------------------------------------------------------------------------------------------

Have other off-topic issues to report? 

Welcome to > Start a New Thread < and elaborate on the issue for assistance.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0      
  0      
#1
Options