Business Community > All Threads > ER7206 OpenVPN as Client
< All Threads

ER7206 OpenVPN as Client

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER7206 OpenVPN as Client

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER7206 OpenVPN as Client
ER7206 OpenVPN as Client
2023-11-09 03:13:43
Tags: #VPN #WAN Setup #Load Balancing #Routing
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.2.3 Build 20221104 Rel.41500

I have a baffling challenge:

 

I am trying to setup an ER7206 router with two active WAN connections in a 50/50 load balance design.  The second WAN (WAN/LAN1) is chosen for an OpenVPN client link to a remote OpenVPN server.  The .ovpn file has been tested to work fine from a desktop connection.  It was also used successfully as a router client config file on a Peplink Balance 20 prior to this.  The ER7206 client connection shows up connected at the server end and displays some minor traffic, however I am not able to communicate with the remote subnet that is defined in the .ovpn file for push-route to the remote subnet.  Note that this config is setup as route-nopull and is intended for only remote subnet traffic and works as such for other devices without issue.  Is there an additinon step on these tp-link routers to make things work in this scenario?  I will clarify again that this same config works as expected when used with Tunnelblick for a desktop application and also for another brand of router as client.

  0      
 
  0      
 
#1
Options
7 Reply
Re:ER7206 OpenVPN as Client
2023-11-09 03:30:30

 I should also mention that I am trying to configure this router standalone with no Omada Controller access.  I do not have the same options noted in this how-to:

 

https://www.tp-link.com/ca/support/faq/3633/

 

My limitations are show in image below:

 

  0  
  0  
#2
Options
Re:ER7206 OpenVPN as Client
2023-11-09 09:09:57

Hi @eightball 

Thanks for posting in our business forum.

The link you sent is configuring the server. Well, you are configuring a client.

To configure the client, you import the file. Specify the parameters.

Local Networks are the network where your LAN devices should be located. You desire 192.168.0.1/24 to access the VPN, put this subnet in the Local Subnet.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:ER7206 OpenVPN as Client
2023-11-09 19:33:38
I'm sorry I included the incorrect reference link. I meant to refer to this: https://www.tp-link.com/ca/support/faq/3631/ I am quite familiar with OpenVPN client / server setups. This OpenVPN server is located on a Edgerouter ER4, and I have several desktop connections to it as well as two router based clients on other hardware (Peplink and Netgear). This is my first try at a tp-link router as a client to replace my failed Peplink. the .ovpn file being uploaded to the tp-link works fine on a desktop and was the same file previous employed on the Peplink router successfully. I have populate my lan 10.54.XX.0/24 in the OpenVPN Client field for 'Local Network' as you noted. Any other things to check?
  0  
  0  
#5
Options
Re:ER7206 OpenVPN as Client
2023-11-09 23:38:38

I thought it might also be helpful to post the top lines of my .ovpn file in case tp-link requires additional lines or has issues with some of these?

 

client
dev tun
proto udp
remote 198.53.XXX.XXX 1194
float
resolv-retry infinite 
nobind
persist-key 
persist-tun 
verb 3
route-nopull
route 10.54.XX.0 255.255.255.0

  0  
  0  
#6
Options
Re:ER7206 OpenVPN as Client
2023-11-10 01:48:34

Hi @eightball 

Thanks for posting in our business forum.

What is this route?

I don't think we support any other format. This is the format from the Omada OVPN. Suggest you rearrange it based on the following.

 

client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
remote 1.2.3.4 1194

 

I also need to point out that your config does not contain the cipher??

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#7
Options
Re:ER7206 OpenVPN as Client
2023-11-10 03:10:15

  @Clive_A 

route 10.54.XX.0 255.255.255.0

In my application this openvpn client connection is intended to only route traffic to the server side subnet: 10.54.XX.0 similar to client-to-site business VPN

The client side subnet is 10.54.YY.0

 

route-nopull

The route-null pull command sends all other traffic down standard default routes.

 

The standard ca authentication keys are below this list of commands

 

client
dev tun
proto udp
remote 198.53.XXX.XXX (server ip) 1194
float
resolv-retry infinite 
nobind
persist-key 
persist-tun 
verb 3
route-nopull (only route traffic part of noted route below through this connection)
route 10.54.83.0 (server subnet) 255.255.255.0

<ca>

<cert>

<key>

 

  0  
  0  
#8
Options
Re:ER7206 OpenVPN as Client
2023-11-10 05:54:21

Hi @eightball 

Thanks for posting in our business forum.

Then I don't know. It does not seem to be a standard OVPN file we have. So I don't have any information about it. As for now, it does not look compatible with the OVPN in the router.

I have suggested what you should modify and do. Compare them then and modify them based on your will.

If you don't believe the OVPN works, if you happen to have another ER router, you can test the file from the other one. It should work as intended.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#9
Options

Information

Helpful: 0

Views: 684

Replies: 7

Tags

VPN WAN Setup Load Balancing Routing
Related Articles
ER7206 OpenVPN
653 0
Can ER7206 be an OpenVPN Client and Server at the same time?
200 0
ER7206 Router as OpenVPN client not working
1710 0
ER7206 v1.0 crashes when disabling an active OpenVPN VPN profile
825 0
ER7206: OpenVPN and static IPs
314 1
ER7206 Openvpn Site to Site
467 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.