MR600 VPN connection to Web service

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

MR600 VPN connection to Web service

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
MR600 VPN connection to Web service
MR600 VPN connection to Web service
2020-09-18 16:22:05 - last edited 2020-09-24 10:28:25
Model: Archer MR600  
Hardware Version:
Firmware Version:

Hello,

 

I have a problem with following setup:

 

1. Raspberry PI + SignalK Web server (fixed IP 192.168.1.99)

2. MR600 4G router (public 4G IP something like 193.NNN.NNN.NNN) + OpenVPN server 

3. Windows 10 laptop somewhere in internet 

 

My OpenVPN settings in MR600 router (checked via 192.168.1.1. => VPN server) are:

 

 

Test scenarios:

1. If Windows laptop is connected to 4G router locally (with wire or wireless), I am able to access my server using web browser URL http://192.168.1.99:80 - web server OK

2. If Windows laptop is connected to internet I am able to establish VPN connection with OpenVPN client (OpenVPN client status connected and router shows one VPN connection) - VPN configuration OK?

3. If Windows laptop is connected to internet and VPN is activated, I am NOT able to access my server using web browser URL http://192.168.1.99:80 => timeout 

4. If I enable/configure virtual server (port forwarding?) in 4G router, I am able to connect my web server using public IP address 193.NNN.NNN.NNN:80 without VPN at all - Raspberry firewall/config OK. 

5. If I totally disable my Windows 10 laptop firewalls (Windows Defender), I am still not able to access service with VPN connection - problem not related to my Windows firewall settings.

 

I speculate that problem might be related to different subnet between VPN (10.8.NNN.NNN) and "local" network server (192.168.1.99) or something to do with NAT. Sorry, I am not familiar with network technology/terminology. 

 

Any idea/proposals what is wrong?

How to troubleshoot the problem?

How to fix the problem?

 

Thanl you for your help,

Antti  

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:MR600 VPN connection to Web service-Solution
2020-09-24 10:28:14 - last edited 2020-09-24 10:28:25

@ankl 

Good day.

Thank you very much for your time and patience.

Have you tried to ping 192.168.1.99 on the OpenVPN client PC

If not the server, are you able to log into the web interface of the 4G router via 192.168.1.1 or http://tplinkmodem.net

 Later, we would like to forward your case to our senior engineers and would you please help me check the hardware and firmware version on the router?

 

And just in case there is a port conflict for 80, could you please change the local management port for http to something else ;

(it is under advanced>system tools>administration>local management.)

Thank you very much.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
Recommended Solution
  1  
  1  
#3
Options
5 Reply
Re:MR600 VPN connection to Web service
2020-09-21 20:01:53

Ping! Help still needed!

  0  
  0  
#2
Options
Re:MR600 VPN connection to Web service-Solution
2020-09-24 10:28:14 - last edited 2020-09-24 10:28:25

@ankl 

Good day.

Thank you very much for your time and patience.

Have you tried to ping 192.168.1.99 on the OpenVPN client PC

If not the server, are you able to log into the web interface of the 4G router via 192.168.1.1 or http://tplinkmodem.net

 Later, we would like to forward your case to our senior engineers and would you please help me check the hardware and firmware version on the router?

 

And just in case there is a port conflict for 80, could you please change the local management port for http to something else ;

(it is under advanced>system tools>administration>local management.)

Thank you very much.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
Recommended Solution
  1  
  1  
#3
Options
Re:MR600 VPN connection to Web service
2020-10-12 14:37:46

@Sunshine 

 

Hi,

 

And sorry for late answer.

 

Firmware: 1.2.0 0.9.1 v0001.0 Build 200511 Rel.44954n

HW: Archer MR600 v1 00000001

 

From OpenVPN client:

 

Ping to 192.168.1.1 via VPN connection works OK:

Reply from 192.168.1.1: bytes=32 time=30ms TTL=64

 

I am able to open 192.168.1.1 in Chrome but it says:

ERROR 403 - forbidden

 

If I connect PC directly to router (not via VPN), login works fine. Strange.

 

I also changed the local management port to 8081 (lwithout VPN). Still ERROR 403 - forbidden. Is there some limitation for management console access from VPN?

 

 

  0  
  0  
#4
Options
Re:MR600 VPN connection to Web service
2020-10-12 14:50:48

@Sunshine 

 

Actually I think this 403-forbidden is "known issue", so do not worry about it.

 

Anyhow the IP address of my server (raspberry) is different (192.168.1.99) than IP of router (192.168.1.1) so there should not be conflict even using same port 80?

 

-ankl

  0  
  0  
#5
Options
Re:MR600 VPN connection to Web service
2020-10-13 03:34:46

@ankl 

Good day.

Thank you very much for your time and patience.

Sorry for the delay.

For your case, we would like to consult our senior engineers and follow up your case via email and please have a check of your email box later.

Thanks a lot.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  1  
  1  
#6
Options