IKEv2/IPsec Support for ER605
Hi,
I have recently configured IKEv2/IPsec on my router. I have the following queries regarding the same:
1. How do I configure windows 10/11 machines to connect to it.
2. Is it necessary to provide the WAN ip on the client side - can't it resolve a domain name?
3. I had to delete the existing L2TP/IPsec settings from the router as I was unable to assign the same WAN port - Is there any solution that both can work together?
Note: I have been able to successfully connect Android & IOS devices.
Thanks
Kunal
Hi,
1. How do I configure windows 10/11 machines to connect to it.
I haven found any instruction nor article which would describe such option. Even in official TP-Link KB there's only an article of IPSec (v1) connection from Windows machines:
https://www.tp-link.com/en/support/faq/3976/
I don't think that connection IKEv2 is a possibility here. Sorry.
I'm personally using OpenVPN and WireGuard to connect to my home Gateway or company one. You can have multiple VPN servers hosted at the same time on your Gateway.
2. Is it necessary to provide the WAN ip on the client side - can't it resolve a domain name?
It is not. You can use FQDNS, but this needs to direct to your IP address. Therefore some DynDNS can be user to achieve that.
Once you have FQDNS working, you can manually include it in VPN config file, instead of WAN address.
3. I had to delete the existing L2TP/IPsec settings from the router as I was unable to assign the same WAN port - Is there any solution that both can work together?
Hmmmm, I was able to create multiple VPN servers using one (and only) WAN at the same time on my ER605:
Are you sure you are were forced to delet it?
Best Regards
RR
Hi,
1. How do I configure windows 10/11 machines to connect to it.
I haven found any instruction nor article which would describe such option. Even in official TP-Link KB there's only an article of IPSec (v1) connection from Windows machines:
https://www.tp-link.com/en/support/faq/3976/
I don't think that connection IKEv2 is a possibility here. Sorry.
I'm personally using OpenVPN and WireGuard to connect to my home Gateway or company one. You can have multiple VPN servers hosted at the same time on your Gateway.
2. Is it necessary to provide the WAN ip on the client side - can't it resolve a domain name?
It is not. You can use FQDNS, but this needs to direct to your IP address. Therefore some DynDNS can be user to achieve that.
Once you have FQDNS working, you can manually include it in VPN config file, instead of WAN address.
3. I had to delete the existing L2TP/IPsec settings from the router as I was unable to assign the same WAN port - Is there any solution that both can work together?
Hmmmm, I was able to create multiple VPN servers using one (and only) WAN at the same time on my ER605:
Are you sure you are were forced to delet it?
Best Regards
RR
The other thing you could do is:
- Create a LAN interface of the same IP addresses range as your IP Pool group for OpenVPN clients is
- In LAN settings of your Gateway (VPN server) go to LAN DNS settings
- Create and enable LAN DNS record, assign it to your VPN's LAN interface
- Reconnect your VPN client, the name resolution should work
BUT there is a BUT, always ;)
In this case the name has to be in proper format. So it cant be simple SERVERNAME or COMPUTERNAME.
It has to be more like SERVERNAME.local or COMPUTERNAME.local (or anything that you want after the . [dot].
And only this format ([dot]something) will be recognized by system.
And here's a proof that it works while connected (on mobile) to cellular network with VPN connected:
This LAN DNS policy you can assign to your VPN LAN interface as well as your local LAN, so users from both locations (local network as well as remote - VPN - network) can use the same names to access server or computer (SERVERNAME.local).
Best Regards
RR