Omada SDN gateway as OpenVPN Client

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada SDN gateway as OpenVPN Client

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
32 Reply
Re:Omada SDN gateway as OpenVPN Client
2021-11-18 20:00:16

@MethosTDK 

 

This thread is discussing an OpenVPN client running on the Omada gateway.  You are talking about running an OpenVPN server on the Omada gateway.

 

Take a look at the attached screenshot.  Unless your configuration says VPN Type: "VPN Client - OpenVPN", you're in the wrong thread.

 

 

  0  
  0  
#14
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-18 20:07:20
Yes, my mistake. I was talking about VPN Server - Open VPN
  1  
  1  
#15
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-19 19:33:59

Hello Guys,

OK so my thread is ok.

 

I want to run Open VPN Client on my Omada controller ER605 to connect to my openVPN server somewhere in internet.

 

it is not working.

 

Opne VPN config is creaton on my server ,downloaded  and deployed via Omada. .ovpn config has no user/no password. just certificates entry and few parameters.

 

I dont see anything either on er605 (no vpn status entry, no other place to check), either on my OPen VPN server - in internet, that there was some attemtp to connect.

 

I tried, TCP, UDP, 1194/ random port , none of this combination worked.

 

Do we know about some parameters that cannot be haldned by Omada ER605 device ?

 

Thank you for advice.

  0  
  0  
#16
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-19 21:40:10

Hi @Peter20,

 

(And appologies to @penguintree)

 

After a great deal of frustration,  I DID managed to make it work.  I spun up a new OpenVPN access server on digital ocean, and, using the "auto-login" profile that it generates, I was able to get the gateway to make a connection. 

 

Here's the "but" part:

 

  1. When it was connected, it was connected.  I found no way to only route certain clients or certain traffic over the VPN.  
  2. While I'm far from an expert managing OpenVPN, I found no way to portmap from the access server back to the local network.  Getting portmapping or UPNP (or port mapping protocol) working is the only way this is useful to me, but I understand others might not need it.
  3. Speed was pretty crappy.  I'm on a Spectrum 400Mbit DL (that pulls about 480) connection - I got maybe 10-15Mbit/sec out of the VPN.

 

Given #2 and #3, I'm less interested in this.  I just spent the day putting together a standalone VPN router that does what I want (and can peacefully coexist with everything w/o double-NATing).

 

If someone else would like to work on this with a FUNCTIONING OpenVPN endpoint, I will happily give you a working config.  I'll probably destroy this VM in a week or two, but maybe someone (@Peter20) can take this a bit further.

 

No clue if you can send direct messages in this forum, but email me at john ray mac com if you're interested in giving this a try.

 

Best wishes,

John

 

 

  0  
  0  
#17
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-19 21:41:55

@BLite 

 

I should note that I disabled all encryption on this particular server, although it seemed to work fine with encryption enabled.  I just wanted to make sure that encryption wasn't the cause of the slowdown. 

  0  
  0  
#18
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-20 11:01:23 - last edited 2021-11-20 11:20:16

@BLite 

 

Sorry I haven't followed this thread, but I moved on - as I'll explain - and therefore don't read these pages. I did make this work - in the way I described in precise terms *much* earlier, but I stopped using it because if it loses connection (due to a failure of the physical connection, or in my case frequent dropping of the 4G connection) to the internet then it won't reconnect and so is in effect entirely useless. I haven't looked at this since my previous messages (was that a year ago?) so I don't know if newer firmware, which has been updated at least a couple of times in the interim, has introduced better functionality - I doubt it. Anyway I now use my Synology NAS to do the same job; this is much more reliable and makes a reasonable fist of reconnection but crucially, even when it fails to autoreconnect using its own efforts, I have a script (which I found on the internet somewhere and tweaked for my own purposes) that runs every 30 seconds on the NAS to check the connection and force a reconnect if necessary. This has been 100% effective over several months, so I'm happy. It would be much better if the router could do it, but it was a half-hearted attempt by tp-link and I assume is not seen as a critical function by them, otherwise they'd offer a complete solution. It's as if it was coded by a teenager as a school project and although it has the bones of a solution, it is absolutely not business-ready, unlike most of the rest of this product's functionality which is otherwise excellent. If it really matters to you I can take another look at this and post step-by-step instructions, although to be honest if you need instructions that are more detailed than the ones I already gave I suspect you're going to be very disappointed (as I was) at the lack of automation in connection-keeping. Unless tp-link make substantial improvements, this is a dead end if you're looking for anything beyond a curious diversion to swallow a few hours of head scratching.

 

Really tp-link themselves should be able to offer this support - but I never found any and had to blunder my way to a half solution using brute force and persistence, but as I said, it was unreliable and I gave it up in favour of a complete workaround using other equipment. 

  0  
  0  
#20
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-20 14:53:20

@Peter20 

 

(I kept replying to the wrong person. Hopefully this time is right)

 

Well, finally concluded this entire topic; OpenVPN client mode lacks the routing option. This is TP-Link's fault. I was just able to setup an L2TP VPN server and was able successfully route this VPN connection to a seperate WiFi SSID (though it is slow - getting around 20Mbps out of 230Mbps)

 

Let me know if you need instructions on how to do that.

  0  
  0  
#22
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-22 19:53:28

Dear @FreeWoRLD 

Thank you for feedback and offer, I'm prefering OpenVPN.

 

I'm currently writing big list of issues owith er605 which I found during this simple task, product needs lot of improvement :)

I'll post link soon

  0  
  0  
#23
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-22 20:01:03 - last edited 2021-11-23 16:13:52

Dear @BLite, Thanks for info. yes, it is pain to troubleshoot,

 

I dont see enything on ER605 and even on my target Open VPN server in internet.

I tried to make Open VPN server on ER605, export VPN config to see what parameters are there in comparison of my VPN server on Debian.

 

I saw around 6 parameters NOT USED BY ER605 (they are used by my OpenVPN server on Debian) like:

tls-client tls-version-min 1.2

tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256

ignore-unknown-option block-outside-dns

setenv opt block-outside-dns

 

I saw that ER605 OpenVPN server has also AES-128-CBC and my Debian Open VPN sever uses cipher AES-128-GCM

So I'v tested both cases ER605 as OpenVPN client to use AES-128-GCM and AES-128-CBC but non of them worked.

 

So I still did not manage to make ER605 as OpenVPN client to my OpenVPN server (Debian) in internet On my OpenVPN server

I did not see any connection attempt from my ER605...and in Omada, it is nowhere to trace....

By this I guess Omada is having issues with .ovpn config but there is really nothing in the logs..so...

 

I canno read your email properly, can I kindly ask you to send me to OPen VPN client config for Er605 to my email     retron at retron dot sk.

 

Thakn you very much

  0  
  0  
#24
Options
Re:Omada SDN gateway as OpenVPN Client
2021-11-30 17:19:02

@MethosTDK 

I concur with these findings and it is beginning to look more and more like I will need to set up an OpenVPN access server on a virtual Linux platform ((per OpenVPN) so that I can control access and open up the VPN tunnel to the other network devices (web server, etc.). Mounting the OpenVPN server on the TP-Link ER605 only gets you a tunnel to the access server configured on the router (which I can see on the Insight tab/VPN status tab) and nothing more. Please advise if there is more to this than what I am reading in these threads.

  0  
  0  
#25
Options
Related Articles