0
Votes

IPsec VPN tunnel backup.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
0
Votes

IPsec VPN tunnel backup.

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPsec VPN tunnel backup.
IPsec VPN tunnel backup.
2021-11-22 10:20:46
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version:

Hi,

 

I would like to ask about site to site IPsec VPN tunnel backup. Now ER605 cannot setup 2 tunnels with same IP adresses. I try to find some reliable solution. Now I use ER605 and W9960 at one side of VPN tunnel and ER605 and W9980 on the other side ( W9960 and W9980 only for wifi purpose, but both of them can also make VPN tunnels if needed ). Can somebody help me with this please ? 

Many thanks.

#1
Options
5 Reply
Re:IPsec VPN tunnel backup.
2021-11-24 02:28:36

@Hydros 

 

Hey!

 

If I'm not guess mistaken, you want to set up two VPNs on both ER605s at the same time, one of them as a backup?
I don't think it will work because you are setting up two VPNs with the same WAN IP, LAN IP on both ends, so it is actually enough to set up one successfully, because as far as I know the VPN channel will automatically detect a reconnection if it is disconnected.

 

And setting up a VPN on the W9960-W9980 probably won't work either, because the data exit at both ends is still the ER605 on the front end, same reasoning as above, in my opinion.

Just striving to develop myself while helping others.
#2
Options
Re:IPsec VPN tunnel backup.
2021-11-24 06:51:10

 

And what about this solution:

I create multiple Vlans at both ends. Then setup VPN tunnels between them. For example at one side I create 192.168.1.0 and 192.168.2.0 and on the other side 192.168.10.0 and 192.168.20.0. Then tunnel will be 192.168.1.0==192.168.10.0 and 192.168.2.0==192.168.20.0 . Then I assign 2 IP adresess to my PCs at both ends. ...Do you think it will work ? 

Thanks 

#3
Options
Re:IPsec VPN tunnel backup.
2021-11-24 08:07:01

Yes, I want to create 2 VPN tunnels, but between different ISP. If first failed ( lack of connection) then the second VPN tunnel will be used automatically.

#4
Options
Re:IPsec VPN tunnel backup.
2021-11-24 09:10:27

@Hydros 

 

If you enable DPD, it will automatically detect disconnection and reconnection.

 

Hydros wrote

 

And what about this solution:

I create multiple Vlans at both ends. Then setup VPN tunnels between them. For example at one side I create 192.168.1.0 and 192.168.2.0 and on the other side 192.168.10.0 and 192.168.20.0. Then tunnel will be 192.168.1.0==192.168.10.0 and 192.168.2.0==192.168.20.0 . Then I assign 2 IP adresess to my PCs at both ends. ...Do you think it will work ? 

Thanks 

 

In fact, to be honest, I think it is also meaningless, because when one of the disconnected (such as 192.168.1.0 == 192.168.10.0 disconnected), then the two ends of the device in this LAN is still no way to communicate, only 192.168.2.0 == 192.168.20.0 this section of the two LAN devices can still communicate normally but already, then this case is not what you call VPN backup.

I think that DPD is very useful for you. It's got the similar features you're looking for.

Just striving to develop myself while helping others.
#5
Options
Re:IPsec VPN tunnel backup.
2021-11-24 09:33:11

I find some solution how to make VPN backup. It is not automatic, but lets call it "semiautomatic" :). Here is my setup:

1.END -HQ

Router R605, DHCP on, 192.168.1.1.

Router W9960, DHCP off, 192.168.3.1.

Both routers are connected to one switch.

Server has two IP adresses: 192.168.1.2 and 192.168.3.2. Default gateways 192.168.1.1 and 192.168.0.1. Primary DNS 192.168.1.1, secondary DNS 192.168.3.1.

 

2. END-subsidiary

Router R605, DHCP on, 192.168.2.1

 

VPN tunnel 1

192.168.1.0/24==192.168.2.0/24

 

VPN tunnel 2

192.168.3.0/24==192.168.2.0/24

 

PCs in subsidiary connect to HQ server via RDP. 

If remote desktop 192.168.1.2 cannot connect ( lack of internet connection) , then we could connect to remote desktop 192.168.3.2.

 

This works for me good right now but maybe TP link makes some update to R605 firmware and it can be done automatically....

 

Have a nice day 

 

 

#6
Options

Information

Helpful: 0

Views: 820

Replies: 5

Voters 0

No one has voted for it yet.