Ability of AP to Connect to VPN Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Ability of AP to Connect to VPN Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Ability of AP to Connect to VPN Server
Ability of AP to Connect to VPN Server
2023-12-22 02:54:17 - last edited 2023-12-25 05:44:38
Model: EAP110-Outdoor  
Hardware Version: V5
Firmware Version: 5.0.7

Hello,

 

Im new in TP-LINK, is there a way to connect My AP to my VPN Server L2TP / PPTP,

my Radius server needs to Send CoA or Disconnect request to the said AP but the AP is Under a CGNAT so it impossible to send request direct to the public IP.

 

  0      
  0      
#1
Options
3 Reply
Re:Ability of AP to Connect to VPN Server
2023-12-25 06:06:45

  @Mendylivium 

 

If you set lan-lan ipsec vpn not the client-lan, can EAP connect to the radius server?

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Ability of AP to Connect to VPN Server
2023-12-26 08:42:25

  @Virgo 

 

Hello I dont know yet,

 

I only have a TPLINK EAP110, which needs to be set up in a specific area. My plan is to distribute only TPLINK EAP110 or EAP225 without any gateway. I will use only an access point (AP) directly connected to the client's router. The AP will then communicate with my Radius Server. However, some of my clients' internet is under CGNAT, so my Radius Server can't send a CoA (Change of Authorization) or a Disconnect Request to the AP to disconnect specific users.

  0  
  0  
#3
Options
Re:Ability of AP to Connect to VPN Server
2023-12-26 18:08:41

  @Mendylivium 

 

There is no VPN client on the AP.

 

The only angle I can think of to get around CGNAT (admittedly only 1 coffee into the day..so be gentle) is to leverage a remote controller.  You can configure the AP to be managed by a controller located elsewhere (including the TPlink cloud controller offering) even behind a CGNAT.  However, that's where the out-of-the-box bit ends...you'd need to find a way use the API to force a client to reconnect (I know freeRADIUS allows for some scripting to get integrated within the whole process, so you could insert something in the pre-auth portion for a device that is to be removed), which would then fail when it tries to AUTH again via your updated RADIUS server.

<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#4
Options

Information

Helpful: 0

Views: 455

Replies: 3

Related Articles