VPN IPSEC IKEv2 windows and Android clients
I aim to setup a VPN server using this router model, WAN connected behind the ISP provider fiber router with NAT.
ER605 with WAN fixed IP and DMZ setted to this IP on the ISP router.
Folowing the available TP-Link documents, I was able to successfuly estabilish a PPTP Client-Server VPN connection, between my Windows 11 client, and the ER605 router.
Internet --> fiber -->ISP Router-->ISP Router LAN port4 (192.168.1.254) --> ER605 WAN (192.168.1.253)
After this I tried to setup an IKEv2 PSK tunnel but I could never get the VPN up either on Windows 11 or Android 14.
I followed this document: https://www.tp-link.com/br/support/faq/3447/
In this thread: https://community.tp-link.com/en/business/forum/topic/643176?sortDir=ASC&page=1 , is stated that the only solution is for the ER605 WAN be connected to a bridge and not behing a NAT. At this point I still have it behind the ISP router NAT.
The problem is that I already connected my Win11 client LAN (192.168.1.100) directly to the ER605 WAN (192.168.1.253) and could not estabilish a IKEv2 connection. With PPTP stil can connect with no problem.
Is there any development on the ER605 router that makes it able to use IKEv2 behind a router NAT?
Why can't I connect via Win11 client, using IKEv2 while being directly connected to the ER605 WAN port, but using PPTP the connection is successfully established?
I hoppe I did not confuse you.
Hi @rfsimoes
Thanks for posting in our business forum.
Like I explained earlier, there is a problem when it is behind a NAT, it could not be established correctly due to the NAT issue.
In the negotiation phase, if it is behind a NAT, the IP would be a private IP when establishing the VPN tunnel. And this would cause a failure in connection.
I think I explained the reason in this guide.
How to Configure IPsec IKEv2 VPN for Android 13/14 or iPhone
If you cannot go around the NAT, consider other types of VPN. WG or OVPN. They are both better than traditional VPN types. PPTP is considered as not safe now.