IPsec - full tunneling

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPsec - full tunneling

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPsec - full tunneling
IPsec - full tunneling
2024-02-02 10:46:22 - last edited 2024-02-05 02:23:04
Tags: #VPN
Model: ER706W  
Hardware Version: V1
Firmware Version: 1.0.3 Build 20240106 Rel.81532(4555)

Hi guys! :)

 

I have a question to more experienced admins of TP-Link Omada solution. I'm trying to find the info on the web for few days but without luck.

 

Do you know if it is possible to set up Site To Site IPsec connection between two TP-Link routers with full tunneling mode? So whole traffic from Site B will be redirected to Site A and reach out to the internet using Site A as a gateway?

 

For now I've been able to set it by default that it can reach out to each other's LANs but every Site is reaching out to the internet using their own gateways.

 

Best Regards

RR

  0      
  0      
#1
Options
2 Accepted Solutions
Re:IPsec - full tunneling-Solution
2024-02-04 11:24:38 - last edited 2024-02-05 08:47:25

  @RaRu 

 

i'm pretty sure you can't do this with ipsec site to site.

 

but if you have tp-link Omada routers at both ends of the vpn, then you have two options, l2tp site to site or wireguard site to site.

 

I have a similar scenario where I need access to a remote network that is locked to a special IP, so I have to proxy via the network at work.
now I use wireguard but previously I used l2tp and policy routing.

 

I'm not sure if l2tp site to site will work but you can try.
l2tp without site to site work very well with policy route.

 

 

 

Recommended Solution
  2  
  2  
#4
Options
Re:IPsec - full tunneling-Solution
2024-02-05 02:22:40 - last edited 2024-02-05 02:23:14

Hi @RaRu 

Thanks for posting in our business forum.

RaRu wrote

  @Clive_A 

 

Hi,

 

Thank you for the response.

 

I'm using basic manual from TP-Link: https://www.tp-link.com/us/support/faq/3051/

 

My case is: I have some external services that I need to access from certain IP address - which is public IP address of my Site A office.

Therefore, I would like to redirect the traffic from Site B to also access the internet via Site A, so the IP address will match requirements of my external services.

 

At the same time i need to have possibility to cross access services between Site A and Site B such as File servers, Printers - so the simple: Site A OpenVPN server and Site B OpenVPN client with full tunneling config won't do.

 

Just asking if there is a possibility to do full tunneling in IPsec :) What I read on the net, is that IPsec S2S is mostly for LAN only :/

 

Best Regards

 

1. This guide is not a guide to set up the full tunnel. S2S is not a full tunneling. And it does not mention anything about the full tunnel.

2. You did not answer the question about the thing where you learned about the IPsec full tunneling based on the S2S tunnel. AFAIK, it should not be a thing.

Of course, S2S IPsec is created for LAN to LAN. Never saw a case for proxy. I think you barely can find anything on Google related to this topic.

 

S2S does not have any relation with the full tunneling. Think about the reason why you have S2S, what you config in the settings, and how it is supposed to do. From the basis, it should not exist even though routing is a concept that seems can do anything but it does not always apply in some situations.

 

If you need to use the proxy, just set up something else additionally INSTEAD OF messing around with the S2S IPsec.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#6
Options
5 Reply
Re:IPsec - full tunneling
2024-02-04 02:04:56

Hi @RaRu 

Thanks for posting in our business forum.

I have a question for you, what is the meaning of S2S IPsec VPN in your eye and what should S2S be supposed to do in general?

Following that question, where do you learn that you can or you should set up full tunneling in S2S IPsec? Is there a specific guide you are reading and having this idea in your mind?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:IPsec - full tunneling
2024-02-04 11:09:33

  @Clive_A 

 

Hi,

 

Thank you for the response.

 

I'm using basic manual from TP-Link: https://www.tp-link.com/us/support/faq/3051/

 

My case is: I have some external services that I need to access from certain IP address - which is public IP address of my Site A office.

Therefore, I would like to redirect the traffic from Site B to also access the internet via Site A, so the IP address will match requirements of my external services.

 

At the same time i need to have possibility to cross access services between Site A and Site B such as File servers, Printers - so the simple: Site A OpenVPN server and Site B OpenVPN client with full tunneling config won't do.

 

Just asking if there is a possibility to do full tunneling in IPsec :) What I read on the net, is that IPsec S2S is mostly for LAN only :/

 

Best Regards

 

  0  
  0  
#3
Options
Re:IPsec - full tunneling-Solution
2024-02-04 11:24:38 - last edited 2024-02-05 08:47:25

  @RaRu 

 

i'm pretty sure you can't do this with ipsec site to site.

 

but if you have tp-link Omada routers at both ends of the vpn, then you have two options, l2tp site to site or wireguard site to site.

 

I have a similar scenario where I need access to a remote network that is locked to a special IP, so I have to proxy via the network at work.
now I use wireguard but previously I used l2tp and policy routing.

 

I'm not sure if l2tp site to site will work but you can try.
l2tp without site to site work very well with policy route.

 

 

 

Recommended Solution
  2  
  2  
#4
Options
Re:IPsec - full tunneling
2024-02-04 15:23:05

  @MR.S 

 

Thank you for your time, I'll try other VPN methods then. See if some will work for me better than IPsec :)

  1  
  1  
#5
Options
Re:IPsec - full tunneling-Solution
2024-02-05 02:22:40 - last edited 2024-02-05 02:23:14

Hi @RaRu 

Thanks for posting in our business forum.

RaRu wrote

  @Clive_A 

 

Hi,

 

Thank you for the response.

 

I'm using basic manual from TP-Link: https://www.tp-link.com/us/support/faq/3051/

 

My case is: I have some external services that I need to access from certain IP address - which is public IP address of my Site A office.

Therefore, I would like to redirect the traffic from Site B to also access the internet via Site A, so the IP address will match requirements of my external services.

 

At the same time i need to have possibility to cross access services between Site A and Site B such as File servers, Printers - so the simple: Site A OpenVPN server and Site B OpenVPN client with full tunneling config won't do.

 

Just asking if there is a possibility to do full tunneling in IPsec :) What I read on the net, is that IPsec S2S is mostly for LAN only :/

 

Best Regards

 

1. This guide is not a guide to set up the full tunnel. S2S is not a full tunneling. And it does not mention anything about the full tunnel.

2. You did not answer the question about the thing where you learned about the IPsec full tunneling based on the S2S tunnel. AFAIK, it should not be a thing.

Of course, S2S IPsec is created for LAN to LAN. Never saw a case for proxy. I think you barely can find anything on Google related to this topic.

 

S2S does not have any relation with the full tunneling. Think about the reason why you have S2S, what you config in the settings, and how it is supposed to do. From the basis, it should not exist even though routing is a concept that seems can do anything but it does not always apply in some situations.

 

If you need to use the proxy, just set up something else additionally INSTEAD OF messing around with the S2S IPsec.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#6
Options

Information

Helpful: 0

Views: 571

Replies: 5

Tags

Related Articles