VPN Connection Potential Issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

VPN Connection Potential Issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN Connection Potential Issues
VPN Connection Potential Issues
2019-06-18 15:27:59 - last edited 2019-06-19 06:55:25
Model: Archer VR2800  
Hardware Version: V1
Firmware Version: 0.3.0 0.9.1 v006c.0 Build 170809 Rel.42095n

Hi Guys,

I've recently purchased a VR2800 wifi modem router and I am very much satisfied with it.

Maybe there are some minor issues I cannot manage to addres maybe due to my poor networking knowledge.

When I am on VPN (via OpenVPN) from my android phone everything works as if I am connected from within my home wifi net. I can access my nas server files in read write mode, I can successfully ping and any smart device connected to the network (smart tv, sound system,...) and I even can log in to my wifi extender typing the relevant local lan ip address of the device as if I am at home.

What I cannot do

-login to my vr2800 router management page (403 forbidden error given), even if is pingable.
-use the smart devices from the app on my phone as I would do at home. They actually can't be controlled when on VPN. I can ping them, but I cannot use them.

My local lan ip pool address has been changed from the default one, so there shouldn't be issues relating to ip's conflict. It looks like even if I am in VPN, some apps won't recognise that, even if I can ping the related devices. You can ping them but can't use them. I've also tried to do some port forwarding with no luck. Anyway as I can reach them via ping, there shouldn't be a port issue and that's what I don't understand where the problem is.

Any help from you guys?
thanks in advance

  0      
  0      
#1
Options
11 Reply
Re:VPN Connection Potential Issues
2019-06-19 10:18:36

Hi,

 

Please login to the web interface of Archer VR2800 and then enable remote management.

Note: You can go to advanced-system tools-administration-remote management

 

After that, please check whether you can access it remotely with VPN connected.

 

Good day. 

 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:VPN Connection Potential Issues
2019-06-19 13:40:29

Hi Kevin,

thanks for your prompt reply.

 

I did it already and yes I can login to the router via the remote management tool via VPN as well.

 

But what I would like to do, when in VPN mode, is to disable the remote management and login to the router as if I am connected from within my home wifi, meaning that I'd like to open a browser and put the router ip address in the address bar, which is what I do when I am at home. If I do that from VPN I get the 403 forbidden error and I don't know why.

 

At the moment when I want to remotely login to the router I use the remote management tool via dynamic DNS service with no issues at all.

But what I would like to do is to disable the remote management and login to the router when I am in VPN as if I am at home.

 

thanks

  0  
  0  
#3
Options
Re:Re:VPN Connection Potential Issues
2019-06-19 16:18:32 - last edited 2019-06-19 16:20:15

I have the same issue.

I need to access the router though VPN but without having "remote management" active.

I do not like the idea that by IP or hostname, people are able to see the login page and try to access.

 

Is there no option to allow VPN guests or VPN users to access management page without having to activate remote management?

 

It’s a fact that having "remote management" deactivated and connecting to the VPN, the gateway IP for the router is active and pings. Even the local IP pings (192.168.1.1).

It just throws "403 Forbidden" error.

 

There must be a rule or option. Could this be changed through shell or telnet?

Other market routers have an option to allow VPN users/guests to access the administration page without having to activate remote administration.

 

Your help would be much appreciated. Thank you.

 

Firmware Version: 1.6.0.0.9.1 v0001.0 Build 181022 Rel.40644n
Hardware Versiuon TL-MR6400 v3 00000001

 

 

  0  
  0  
#4
Options
Re:VPN Connection Potential Issues
2019-06-19 18:49:11

Precisely,

and btw I forgot to mention that I have this issue when in openvpn mode only.

If I set pptp vpn, everything works as expected. That's why I thought there's some misconfiguration from my  side.

Where's the reason behind they choose to block the access to the router configuration page when in openvpn mode which is the most secure in fact? It makes no sense at all to me.

  0  
  0  
#5
Options
Re:Re:VPN Connection Potential Issues
2019-06-24 03:01:55

@MrSlash @deltav 

 

Thanks for your reply; For your information, some specific routers, including the Vr2800 and MR6400, the connection via OpenVPN will be recoginized as remote connection. So in order to access the router remotely, the remote management should be activated. 

 

May it help and have a nice day. 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#6
Options
Re:Re:Re:VPN Connection Potential Issues
2019-06-24 08:34:30
mmm. ok. but why this choice for openvpn connection and not for pptp vpn, is still a mystery to me. I mean: if you guys want us to access the router configuration page by remote access only even if in vpn, then you should set this for all types of vpn connections. I don't see the reason why the login via direct ip input is allowed when on the most unsecure vpn connection and not enabled when connected with the most secure one. But by the way, thanks for your reply
  0  
  0  
#7
Options
Re:Re:Re:VPN Connection Potential Issues
2019-06-24 10:37:03

Hi, thanks for the response, but this makes no sense and a potential security risk.
Activating VPN is to make a secure remote encrypted connection and leave access to router settings (optional) as if it’s a local network, so it should only be allowed in its sub IP's under its local network.
Activating Remote management is kind of risky making it even more easier to be broken by anyone with the domain that will be able to connect and see the router interface.

VPN should not be considered remote management but local management. At least a button to allow VPN users to access the router.

 

Is there a new firmware being looked at?
Can you check if this can be done through terminal on the router?

 

That would be of big help.

  1  
  1  
#8
Options
Re:Re:Re:Re:VPN Connection Potential Issues
2019-06-26 06:56:46 - last edited 2019-06-26 06:58:46

Hi @deltav @MrSlash 

 

Thanks for your reply.

 

Per I said, the VPN data will be recognized as remote access, to login  to the web UI, we need activate the remote management;  while I do catch your points.

 

We will remind our R&D team and let them evaluate the feasibility.

 

Good day. 

 

deltav wrote

mmm. ok. but why this choice for openvpn connection and not for pptp vpn, is still a mystery to me. I mean: if you guys want us to access the router configuration page by remote access only even if in vpn, then you should set this for all types of vpn connections. I don't see the reason why the login via direct ip input is allowed when on the most unsecure vpn connection and not enabled when connected with the most secure one. But by the way, thanks for your reply

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  2  
  2  
#9
Options
Re:Re:Re:Re:Re:VPN Connection Potential Issues
2019-06-26 08:44:17

Thanks for the reponse, at least its a start

  0  
  0  
#10
Options
Re:VPN Connection Potential Issues
2019-06-26 15:11:32

Kevin,

thanks

  0  
  0  
#11
Options