Omada Router as VPN client
Omada Router as VPN client
Hi!
In Site Settings -> VPN -> VPN:
I'm trying to figure out how to connect this router to an external VPN server of mine.
(This Omada router is connected only through an LTE network, external modem using passthrough to the WAN ethernet port. On this network IPv6 is flaky, and the IPv4 is CGNAT, so I'm looking to setup a connection to be able to get in from the outside.)
According to the docs, Site-to-Site is for connecting Omada Sites.
In this case, then, I would have to setup Client-to-Site.
So I did setup a Client-to-Site VPN, defining my router as a VPN client - OpenVPN using Certificate.
I specified the IPv4 and port number of the Remote Server and chose WAN as the WAN, and I imported the ovpn config file.
When I hit Apply, it was enabled, and it looks like it's working.
... Except ... Where can I see/utilize this VPN tunnel?
I can't find it anywhere, it's not an available interface in ACL's or anywhere that I can seem to find.
So I don't actually know if it's working/what it's doing (if anything).
There's nothing showing in Insights -> VPN Status -> OpenVPN/PPTP/L2TP -> Client ... So I guess not much is happening.
But how is it supposed to be used/seen?
(My preferred VPN setup would be Wireguard, but in Omada it's only WG server, not client, it seems.)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@flips01 So, in this other thread/topic, I found that I had to setup the OpenVPN server to provide TCP connection and some specific compatibility options.
But how exactly do you guys enable routing?
I can ping both ways, from my devices on my LAN to the VPN server, and also from the VPN server to the IP assigned to the VPN client on the ER605.
But I would like to be able to reach from the VPN server to different internal VLAN's.
On the OpenVPN server I've tried adding routes like this:
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 185.213.175.1 0.0.0.0 UG 0 0 0 eth0
10.206.180.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.20.0 10.206.180.2 255.255.255.0 UG 0 0 0 tun0
192.168.30.0 10.206.180.2 255.255.255.0 UG 0 0 0 tun0
And I checked that the firewall should allow all this in forward chain and that ip_forwarding is enabled.
But still I'm not able to reach from the VPN server to any of the internal networks.
The networks are added like this in the OpenVPN client config on ER605v2:
(I also tried Custom IP and defining the OpenVPN IP range and the other internal ranges.)
I've also tried adding Gateway ACL to permit WAN[IN] TCP, UDP and ICMP from the VPN IPv4 range 10.206.180.0/24 to IPGroup_Any.
At this point not sure where/what the problem might be. Thankful for suggestions.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2726
Replies: 12
Voters 0
No one has voted for it yet.