VPN IPSEC IKEv2 windows and Android clients

VPN IPSEC IKEv2 windows and Android clients

VPN IPSEC IKEv2 windows and Android clients
VPN IPSEC IKEv2 windows and Android clients
2024-08-27 13:52:32 - last edited 2024-08-28 02:09:41
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.6 Build 20240718 Rel.82712

I aim to setup a VPN server using this router model, WAN connected behind the ISP provider fiber router with NAT.

ER605 with WAN fixed IP and DMZ setted to this IP on the ISP router.

 

Folowing the available TP-Link documents, I was able to successfuly estabilish a PPTP Client-Server VPN connection, between my Windows 11 client, and the ER605 router.

 

Internet --> fiber -->ISP Router-->ISP Router LAN port4 (192.168.1.254) --> ER605 WAN (192.168.1.253)

 

After this I tried to setup an IKEv2 PSK tunnel but I could never get the VPN up either on Windows 11 or Android 14.

 

I followed this document: https://www.tp-link.com/br/support/faq/3447/


In this thread: https://community.tp-link.com/en/business/forum/topic/643176?sortDir=ASC&page=1 , is stated that the only solution is for the ER605 WAN be connected to a bridge and not behing a NAT. At this point I still have it behind the ISP router NAT.

 

The problem is that I already connected my Win11 client LAN (192.168.1.100) directly to the ER605 WAN (192.168.1.253) and could not estabilish a IKEv2 connection. With PPTP stil can connect with no problem.

 

Is there any development on the ER605 router that makes it able to use IKEv2 behind a router NAT?

Why can't I connect via Win11 client, using IKEv2 while being directly connected to the ER605 WAN port, but using PPTP the connection is successfully established?

 

I hoppe I did not confuse you.

 

  0      
  0      
#1
Options
1 Reply
Re:VPN IPSEC IKEv2 windows and Android clients
2024-08-28 02:01:39 - last edited 2024-08-28 02:09:41

Hi @rfsimoes 

Thanks for posting in our business forum.

Like I explained earlier, there is a problem when it is behind a NAT, it could not be established correctly due to the NAT issue.

In the negotiation phase, if it is behind a NAT, the IP would be a private IP when establishing the VPN tunnel. And this would cause a failure in connection.

 

I think I explained the reason in this guide.

How to Configure IPsec IKEv2 VPN for Android 13/14 or iPhone

 

 

 

If you cannot go around the NAT, consider other types of VPN. WG or OVPN. They are both better than traditional VPN types. PPTP is considered as not safe now.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options