Home

Forums

Stories

Knowledge Base

Business Community > Gateways > VPN Site to Site dynamic IP

< Gateways

VPN Site to Site dynamic IP

Fishy8

2025-05-02 15:34:56 - last edited 2025-05-06 00:47:09

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-05-02

VPN Site to Site dynamic IP

2025-05-02 15:34:56 - last edited 2025-05-06 00:47:09

Tags: #VPN

Model: ER605 (TL-R605)

Hardware Version: V2

Firmware Version: 2.2.6

I'm trying to connect 2 sites through Site to Site VPN

both sites will change IP address once I force provision of the new VPN IP

How would I set this up?

I used to work with the previous ISP which didn't constantly change IP

2 Accepted Solutions

RaRu

LV3

2025-05-02 16:22:35 - last edited 2025-05-06 00:47:09

Posts: 264

Helpful: 79

Solutions: 39

Stories: 0

Registered: 2024-01-28

Re:VPN Site to Site dynamic IP-Solution

2025-05-02 16:22:35 - last edited 2025-05-06 00:47:09

@Fishy8

Hi,

Use DynDNS.

You need to set up an account in any paid or free DynDNS service (DuckDNS, FreeDNS Afraid).

Then configure autoupdate of DynDNS record for each site.

Use your FQDN addresses in IPsec configuration instead of IP.

I do use that and it works.

Just keep in mind that IP address you get from ISP has to be a public one (not private).

Best Regards

Recommended Solution

RaRu

LV3

2025-05-04 14:00:11 - last edited 2025-05-06 00:47:21

Posts: 264

Helpful: 79

Solutions: 39

Stories: 0

Registered: 2024-01-28

Re:VPN Site to Site dynamic IP-Solution

2025-05-04 14:00:11 - last edited 2025-05-06 00:47:21

@Fishy8

Hi,

Maybe it doesn't PING cuz you have blocked PINGs from WAN in Attack Defence settings:

Try to disable that feature and test the PING again then.

If you want your TP-Link router to obtain public IP (if provided by your ISP), then their device (router) should be set up in Bridge Mode (if you have one) - to exclude double NAT.

Otherwise you need to make sure ports are properly forwarded on the ISP's router to let VPN work properly (despite double NAT).

Cheers

Recommended Solution

6 Reply

RaRu

LV3

2025-05-02 16:22:35 - last edited 2025-05-06 00:47:09

Posts: 264

Helpful: 79

Solutions: 39

Stories: 0

Registered: 2024-01-28

Re:VPN Site to Site dynamic IP-Solution

2025-05-02 16:22:35 - last edited 2025-05-06 00:47:09

@Fishy8

Hi,

Use DynDNS.

You need to set up an account in any paid or free DynDNS service (DuckDNS, FreeDNS Afraid).

Then configure autoupdate of DynDNS record for each site.

Use your FQDN addresses in IPsec configuration instead of IP.

I do use that and it works.

Just keep in mind that IP address you get from ISP has to be a public one (not private).

Best Regards

Recommended Solution

MR.S

LV5

2025-05-03 04:04:23

Posts: 2834

Helpful: 1012

Solutions: 398

Stories: 0

Registered: 2018-08-17

Re:VPN Site to Site dynamic IP

2025-05-03 04:04:23

@Fishy8

If you have adopted both routers into the same Omada controller you can install the new ER605v2 EA firmware 2.3.0 and use SD-WAN, you need a public IP on the HUB device and it can be dynamic, you do not need DDNS to use SD-WAN

RaRu

LV3

2025-05-03 17:33:57

Posts: 264

Helpful: 79

Solutions: 39

Stories: 0

Registered: 2024-01-28

Re:VPN Site to Site dynamic IP

2025-05-03 17:33:57

@MR.S

Ooooo, That's good to know! :)

Although, that is still beta firmware as well as not many other TP-Link's routers got that update yet :(

Cheers

Fishy8

LV1

2025-05-04 07:25:03

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-05-02

Re:VPN Site to Site dynamic IP

2025-05-04 07:25:03

@RaRu

Thanks, I got the DDNS set up with NOIP but pinging the address results in Request timed out

Is it a firewall issue or a NAT port rule that needs to be added?

In the VPN I entered the 2 DDNS addresses but it still won't connect

RaRu

LV3

2025-05-04 14:00:11 - last edited 2025-05-06 00:47:21

Posts: 264

Helpful: 79

Solutions: 39

Stories: 0

Registered: 2024-01-28

Re:VPN Site to Site dynamic IP-Solution

2025-05-04 14:00:11 - last edited 2025-05-06 00:47:21

@Fishy8

Hi,

Maybe it doesn't PING cuz you have blocked PINGs from WAN in Attack Defence settings:

Try to disable that feature and test the PING again then.

If you want your TP-Link router to obtain public IP (if provided by your ISP), then their device (router) should be set up in Bridge Mode (if you have one) - to exclude double NAT.

Otherwise you need to make sure ports are properly forwarded on the ISP's router to let VPN work properly (despite double NAT).

Cheers

Recommended Solution

Clive_A

2025-05-06 00:46:39

Posts: 8362

Helpful: 4289

Solutions: 2178

Stories: 0

Registered: 2023-06-09

Re:VPN Site to Site dynamic IP

2025-05-06 00:46:39

Hi @Fishy8

Thanks for posting in our business forum.

SD-WAN or IPsec would both work. It depends on what you decide to do if you have two public IPs on both sites.

SD-WAN would be ideal for a multiple-site setup. Traditional IPsec would work great for most people.

VPN Site to Site dynamic IP

VPN Site to Site dynamic IP

Information

Voters 0

Tags