Omada SDN gateway as OpenVPN Client
Trying to set up a client-to-site VPN to an OpenVPN server which is elsewhere, so that the OpenVPN client is my TL-R605 gateway here. I've set up the configuration using "Client-to-Site", "VPN Client" and "OpenVPN" options, as below, and the configuration completes, apparently successfully. Although I've imported the ".ovpn" file, there's nowhere to enter a username or password. How do I actually connect, and how do I subsequently put in a transmission route through the VPN connection? By the way, I can successfully connect to this remote VPN server from a windows PC here using standard OpenVPN client, or even from a Synology NAS here using an OpenVPN profile, so there's no technical problem other than configuration of the TP-Link router/Omada SDN. Can anyone help?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I would also like a copy of your config file for setting up a OpenVPN client on the ER605. I have the OpenVPN access server set up and it works on a limited basis. I can connect a client application from a laptop to the server and see the tunnel connection in the Insight tab/VPN tunnel/server status but the tunnel stops there at the ER605/OpenVPN server. I don't have access to any domain services such as the web server and file shares. I researched OpenVPN server set up on their web site and they state that an additional configuration must be installed to allow the server to encompass additional IP address within the domain to access additional resources. TP-Link doesn't have that option available for their OpenVPN access server that I know of. Maybe if I can set up the client configuration to allow the tunnel to pass through the ER605 to an actual OpenVPN access server I can mount on a Linux virtual platform, I can get a working enterprise VPN tunnel for my domain resources.
- Copy Link
- Report Inappropriate Content
Hi @todonal
Not sure if I understood your request.
How I gave up with ER605:
ER605 is just my gateway, it is not runiing OpenVPN server, and it is also not connecting to my VPN server as VPN client.
I moved all responsibility to my previous "gateway" - Raspberry PI.
On ER605 I'm only Natting 1:1 all ports to my Raspberry which acts like router from my entire LAN.
This Pi is running OpenVPN server, so if Im outside somewhere, I can connect to my home and browse internet through my home.
This PI is also VPN client it is connecting to my OpenVPN server in the internet to hide my real IP address (from my ISP).
For oVPN server I used this script https://github.com/Angristan/OpenVPN-install. It wors like a charm, easy to manage/add/remove users, very satisfied.
- Copy Link
- Report Inappropriate Content
I finally succeeded in setting the ER605 as OpenVPN client (on two WANs by the way), and redirecting all network traffic through it. I just followed TP-Link official tutorial (using OpenVPN server's UDP port as mentioned by @penguintree), BUT the main trick is that you have to reboot the ER605 once the config is finished.
- Copy Link
- Report Inappropriate Content
I used the ER605 updated to Frimware version: 1.2.0 Build 20220114 Rel.76871 It has the option for an OpenVPN client without needing the Omada controller (I did use the controller to update the firmware on the ER605, so maybe that's why the openvpn section showed up?)
Setup: ER605 behind CG-NAT (Starlink) connecting to OpenVPN Access Server hosted in AWS.
The tunnel wasn't showing up so I started jacking with the .ovpn. I noticed some iroute and push routes down in the "Extra user defined configuration" section. Got rid of those and the tunnel came up (took about 5-10 seconds to show up after the page loaded). Traceroute verifies all traffic is going through the VPN.
- Copy Link
- Report Inappropriate Content
@phlip I'm trying to configure the connection to surfshark (SS) but without success.
I tried with the controller, but after a while i noticed your last post and I upgdaded the SO CALLED VPN ROUTER.
Assume I want to forward all my LAN to the VPN tunnel, is this config correct (Local network especially)? The OVPN file is the one provided by SSand is reported below. No athentication is inserted even though SS tells me to insert it manually for the connection... Thank you
OVPN FILE:
client
dev tun
proto udp
remote <IP port>
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
auth-user-pass
#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
<omissis>
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
<omissis>
-----END OpenVPN Static key V1-----
</tls-auth>
- Copy Link
- Report Inappropriate Content
Hello all, I had same issue before and able to get it working (if anyone is still alive in this thread):
I have a video of how to configure the OpenVPN Server, as well as what to put in the Omada. I used the OpenVPN Access Server you can download at openvpn dot net
If you dont like to watch the video, these are the keypoints that worked for me:
* Must use tls-auth (Omada does not support (yet) tls-crypt or tls-crypt v2)
* Must have auto-login allowed for the account
* Must download the .ovpn generated by the server
* Follow the User Guide on how to create Omada OpenVPN client
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks for video, but this is not working for me.
I have my own VPN server hosted in internet on debian 10.
Most things are working with official OpenVPN access server but not in selfhosted scenarios. - so far from my experience.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 25443
Replies: 32