MR600 v1 - IPSEC Road warrior

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

MR600 v1 - IPSEC Road warrior

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
MR600 v1 - IPSEC Road warrior
MR600 v1 - IPSEC Road warrior
2022-07-05 19:11:40 - last edited 2022-07-06 00:54:36
Model: Archer MR600  
Hardware Version: V1
Firmware Version: Build 200511 Rel.44954n

hi,

I'd like to use IPSEC Road warrior on MR600 v1.

 

 

I have remote IPSEc GW as 0.0.0.0

local Subnet IP configured for default - 192.168.2.0/24

remote subnet IP - blind shoot. I'm not sure here.

 

Connection tested with Macbook and Iphone.

Both clients have timeouts no message is on the router side in the log.

Maybe it's just a firewall issue?

NMAP online for UDP 500/4500 says closed.

 

Do you have any idea what I do wrong?

 

thank you

acaee5aa16d34b7f93b9149ffc032247

  0      
  0      
#1
Options
4 Reply
Re:MR600 v1 - IPSEC Road warrior
2022-07-06 06:22:15

  @S1lverhead 

 

Hi, usually the IPSec VPN tunnel is established between two VPN Routers which is called LAN to LAN or Site to Site VPN, however, your remote gateway is set to be 0.0.0.0 and remote subnet 192.168.3.0/24, which is unable to locate where the remote site is.

 

May I know your purpose of using IPSec VPN? The MR600 V1 is working 3G/4G Router mode or wireless router mode? and is its WAN IP a public IP address or private IP address? 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#2
Options
Re:MR600 v1 - IPSEC Road warrior
2022-07-06 06:26:39

Hi  @Sunshine 

I've never seen site-to-site IPSEC(I know it exists) but I've seen many "road warriors" setups.

Remote people using public wifi or hotspots connecting to home. 

this is exactly my setup :-) 

I have NAS at home, I'd like to get access from my laptop.

 

thank you, Jan

  0  
  0  
#3
Options
Re:MR600 v1 - IPSEC Road warrior
2022-07-06 06:33:48

  @S1lverhead 

 

Hi, thank you very much for the reply.

In that case, it is recommended to configure PPTP VPN or OpenVPN Sever on the MR600, then when you are not at home, you could connect the VPN Server on your client devices to access the home network. Here is the instruction:

https://www.tp-link.com/en/support/faq/2844/

 

Note: If the WAN/Internet IP address on the MR600 is a private IP address, which means there is another NAT in the front(If it works with SIM card only, the NAT is on ISP side), then you will not be able to connect the VPN Server when you are in a different network.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#4
Options
Re:MR600 v1 - IPSEC Road warrior
2022-07-06 08:22:34 - last edited 2022-07-06 08:24:21

Hi @Sunshine,

of course, I have public IP + dyndns service. Thank you for highlighting it for future readers.

Unfortunately, PPTP is not supported on the latest MacBook.

OpenVPN has known (not only) performance problems.

 

Is there a plan to support IPSEC road warrior on MR600?

 

thank you, Jan

 

PS: Can you report a bug(unless design of PPTP)? Login credentials are up to 15 characters and doesn't support uppercase in login name :( 

  0  
  0  
#5
Options