Business Community > Routers > How to direct remote site's internet traffic to central site
< Routers

How to direct remote site's internet traffic to central site

How to direct remote site's internet traffic to central site

How to direct remote site's internet traffic to central site
How to direct remote site's internet traffic to central site
Friday - last edited 19 hours ago
Tags: #VPN #Routing
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.6 Build 20240718 Rel.82712

Dear suppor team,

 

I have an ER605 setup the IKEv2/PSK VPN, and running behind the GPON gateway. I can use iOS device connect to it (client-to-LAN configuration), and access Internet well.

 

I intend to purchase another ER605 as a remote site router, the idea is to get all clients from that remote site to go via remote site->central site->Internet

 

I tried to configure a LAN-to-LAN IPsec VPN, but I noticed that I cannot use 0.0.0.0/0 as my local network on central site's ER605.

If a default route is unable to be injected, then even if the remote site's IPsec VPN is working, it will only be able to exchange info of specific subnets from both sides, ie the remote site will not automatically route internet traffic to central site, and exit to internet.

(the other alternative is to configure my remote ER605 to be client-to-LAN setting again, is this the right understanding for my use case?)

 

Is there something I missed in my configuration, if i'd like to stay with LAN-to-LAN mode? 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:How to direct remote site's internet traffic to central site-Solution
19 hours ago - last edited 19 hours ago

Hi @BruceInSG 

Thanks for posting in our business forum.

Not sure why you consider Site-to-Site in this case.

As your tile writes, you should consider client-to-site.

 

0.0.0.0/0 is not perfect in IPsec.

 

GFW is sensitive if you are bypassing the international network. If you are creating VPN inside China, this is fine.

If you are bypassing the GFW, you will be banned after some traffic regardless of what type of VPN you use. For international network access, you should apply for it before you create the VPN to encrypt it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#6
Options
5 Reply
Re:How to direct remote site's internet traffic to central site
Friday - last edited Friday

  @BruceInSG 

 

Hi,

 

Site 2 Site is by default LAN to LAN only. If you would like to use it to redirect whole traffic, then you would have to use Static Routing which may be tricky.

 

The easiest way is to configure what you need is Client to LAN VPN with Full Tunneling enabled, then whle traffic from Client gets redirected to Server.

 

Best Regards

RR

  1  
  1  
#2
Options
Re:How to direct remote site's internet traffic to central site
Saturday

  @RaRu 

 

thanks for your answer.

 

I observed on the internet, there are some other vendor's product that can support policy based routing and tie that with VPN tunnel, for instance, sonic..

 

it will be nice to see tplink develop a similar function in stead of static route(the other way i have thought about is to use a proxy at the central site, and configure remote client with that proxy) 

  0  
  0  
#3
Options
Re:How to direct remote site's internet traffic to central site
Saturday

  @BruceInSG 

 

Hi,

 

As far as I know, the Policy Based Routing for VPN is on their roadmap. I haven't seen any release date tho. I've seen something about Omada SDN 5.15 version but I'm not totally sure.

 

In the meantime, you could (in theory) set up OpenVPN server in Full Mode on Main router, and OpenVPN client on Site router. That should redirect all traffic from SIte to Main location.

 

Cheers

  1  
  1  
#4
Options
Re:How to direct remote site's internet traffic to central site
Saturday

  @RaRu 

 

was told OpenVPN generally is blocked in china by GFW, not sure how true it is.

 

thus the idea of using IKEv2/IPSec to do it, not so much it is more difficult to be blocked, but rather it is more business usage oriented.

  0  
  0  
#5
Options
Re:How to direct remote site's internet traffic to central site-Solution
19 hours ago - last edited 19 hours ago

Hi @BruceInSG 

Thanks for posting in our business forum.

Not sure why you consider Site-to-Site in this case.

As your tile writes, you should consider client-to-site.

 

0.0.0.0/0 is not perfect in IPsec.

 

GFW is sensitive if you are bypassing the international network. If you are creating VPN inside China, this is fine.

If you are bypassing the GFW, you will be banned after some traffic regardless of what type of VPN you use. For international network access, you should apply for it before you create the VPN to encrypt it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#6
Options

Information

Helpful: 0

Views: 83

Replies: 5

Tags

VPN Routing
Related Articles
Can I limit type of traffic over VPN (HTTP/S)
515 0
Policy VPN Routing (Specific traffic down the VPN)
1019 0
VPN traffic for specific IP (not range or subnet)
228 0
ER605: Traffic Redirection
835 0
 Can I limit type of traffic over VPN (HTTP/S)
382 0
VPN tunnel up but doesn't route traffic.
331 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.