TL-R600VPN multiple IPSec Client-to-LAN
TL-R600VPN multiple IPSec Client-to-LAN
I am trying to setup multiple Client-to-LAN connections so multiple users can connect to the local network remotely and securely.
Of course the remote gateway I am setting as 0.0.0.0 since users might be using the vpn from a laptop so there is no fixed place, plus users do not have static IPs on their internet at home.
But, when I start setting up the second connection I get the follwing error:
For an IPsec policy with the same IP address at both ends, the pre-shared key should be kept the same.
I mean this doesn't make sense to me.
Can someone help maybe already met this issue please?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@ChrisCassar Hi, I was just actually doing what you're doing.
The IPSec, in the advanced, set it to Responder, then what I do is add Name for Local and Remote (just below) and I only use 1 IPSec policy per user, then I can use a client like Shrew, build the profile, test it, then export it out as a file, send it to the user to import into a version on their end, and they can connect with ease. If they leave the the place where the IPSec policy is, merely remote in with yours and disable theirs, reuse it for someone else later (just change the setup some).
That should do the trick.
- Copy Link
- Report Inappropriate Content
Thanks for the reply.
I have set it to responder and I am putting in a name as you did in local and remote id.
The problem I have tho is that when I try to set the second policy for another user it does not let me. I set the remote host 0.0.0.0
what did you set that as?
- Copy Link
- Report Inappropriate Content
@ChrisCassar Set to 0.0.0.0 for the remote.
Have you checked your unit for the latest firmware, just a thought, as I know it only complained about that if I didn't have it set to Responder, as soon as I did, it saves.
- Copy Link
- Report Inappropriate Content
@ChrisCassar This is the one I did, it is the second one in the list.
- Copy Link
- Report Inappropriate Content
when I setup the second client-to-lan policy I still get the same error:
You are setting multiple policies right? so each user has a separate policy. You are not using same policy for all uesrs right?
- Copy Link
- Report Inappropriate Content
Dear @ChrisCassar,
But, when I start setting up the second connection I get the follwing error:
For an IPsec policy with the same IP address at both ends, the pre-shared key should be kept the same.
If your purpose is to allow multiple users to connect to the local network remotely and securely, why not choosing L2TP Client-to-LAN VPN? With which, you don't need to specify the remote gateway, neither you need a 3rd party IPSec VPN Client, but simply connect with the built-in VPN client on the clients for the VPN connection. Here is the configuration example for your reference.
- Copy Link
- Report Inappropriate Content
Thanks for your repoly but L2TP is not considered secure.
That is why I need a reliabel and secure IPSec Vpn solution.
- Copy Link
- Report Inappropriate Content
@ChrisCassar Try using the same Pre-shared Key and see if it works, as the ones I have are identical, if I change it, I get that error.
- Copy Link
- Report Inappropriate Content
Thanks for the replies but we re going in circles here.
All I need is to setup individual separate IPSec policies for multiple users to connect securely over VPN.
Altough this product has "VPN" in the model its actual features are very dubious to me!
I do not see why I need to put same pre-shared key on policies and why i should keep same settings on different policies, it s just a waste of time, thats how it feels.
Think I'll just trash this device and be done with it!
- Copy Link
- Report Inappropriate Content
Dear @ChrisCassar,
I am trying to setup multiple Client-to-LAN connections so multiple users can connect to the local network remotely and securely.
Of course the remote gateway I am setting as 0.0.0.0 since users might be using the vpn from a laptop so there is no fixed place, plus users do not have static IPs on their internet at home.
But, when I start setting up the second connection I get the follwing error:
For an IPsec policy with the same IP address at both ends, the pre-shared key should be kept the same.
It's a pity that the TL-R600VPN router only allows one pre-shared key for the IPSec policy that has the same IP address at both ends.
If you want to offer different pre-shared keys for the users, but the remote gateway has to be 0.0.0.0, I'm afraid that it cannot meet your requirement.
For your case, I've reported to the developer team for future evaluation. Thank you so much for posting the problem on the TP-link Community!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4206
Replies: 11
Voters 0
No one has voted for it yet.