Business Community > Routers > Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s
< Routers

Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s
Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s
2023-10-25 16:08:26 - last edited 2023-10-31 01:22:08
Tags: #VPN #Network Connectivity
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: V2.6_2.2.2

I have an Archer AX55 v1.0-AX3000 (latest firmware) at the main office, behind another router using NAT. I've enabled the VPN server using WireGuard. I've forwarded the correct port to the Archer. Installed the WG client on my Android and I'm able to connect through cell service and use the resources and the office's internet (which I'd rather not be able to do, selecting Network Only makes no difference).

 

I don't have a separate outside network yet to test the ER605, but I set it up with a laptop going through the ER605 going through my network to the main endpoint (my external IP), and it can connect and I can access network resources. But I'm not able to see or ping the laptop from the main network. Maybe an issue of using one network?

 

My question, is it possible to create a VPN bridge both ways using an Archer AX55 and an ER605? Being able to access devices at the remote location while the remote location can access network resources/shares at the main office?

 

For right now I'm setting up to access a network timeclock from the office that will be at location #2 (too far away for a point-to-point). In the near future we'll probably want the computers over there to access network shares from the main office too.

 

I do have two ER605s if that's what's required. I was just trying to reduce the electronics and use my Archer VPN that I already have in place. It seems like when you connect in Client mode access only goes one way.

 

So anyway, if possible, I'd like to setup a two way bridge using an Archer AX55 and an ER605, or two ER605s, probably using WireGuard.

  0      
 
  0      
 
#1
Options
3 Reply
Re:Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s
2023-10-26 02:41:38

Hi @MrTom 

Thanks for posting in our business forum.

You can refer to the guide for setting up WireGuard VPN: Configuration Guide How to Configure Site-to-Site WireGuard VPN on Omada Controller

Archer is not a business product. I am not able to provide insights on that device. You can refer to the FAQ on the official website about the Archer VPN guide.

 

If you cannot access a device after you connect to a VPN, you should check if you can ping the gateway IP. If you can, then it is your device firewall. In your case, the firewall of the laptop. It is very very common to have such an issue. Windows firewall is definitely to blame. You should seek help from the MS forum for this solution.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  0  
  0  
#2
Options
Re:Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s
2023-10-30 21:30:15 - last edited 2023-10-30 21:30:46

  @Clive_A I decided to use two ER605s routers. I've read through the provided Guide, but I'm confused if both Peers, one from each side, need to connect to the other peer? i.e. Entering in an Endpoint for each peer? I've tried a connection with an ER605 to a WireGuard server using just one Endpoint Peer and it seemed to only connect as a Client-to-Peer, data access was only one direction on the network.

 

If I program both ER605s with the each others Endpoint and Allowed IPs for each, will it function this way where each site can access resources from the other site?

  0  
  0  
#3
Options
Re:Help creating site-to-site using WireGuard with an ER605 to Archer AX55, or two ER605s
2023-10-31 01:21:57

Hi @MrTom 

Thanks for posting in our business forum.

MrTom wrote

  @Clive_A I decided to use two ER605s routers. I've read through the provided Guide, but I'm confused if both Peers, one from each side, need to connect to the other peer? i.e. Entering in an Endpoint for each peer? I've tried a connection with an ER605 to a WireGuard server using just one Endpoint Peer and it seemed to only connect as a Client-to-Peer, data access was only one direction on the network.

 

If I program both ER605s with the each others Endpoint and Allowed IPs for each, will it function this way where each site can access resources from the other site?

First, there is no client or server(site) in the WG, all are concluded as peers. I am saying client or site in the following to help you understand it in a plain way.

If you are gonna set up the site-to-site, you'd better input the peer. It is an S2S VPN, and you cannot get them connected if you don't configure the peer. I have marked this in the S2S WG guide.

If you are creating a site-to-multi-site, the main site that receives multi-connections can leave the Endpoint blank. It'll listen to the peer.

 

If you are using it for client-to-site, read the other CG: Configuration Guide How to Configure WireGuard VPN on Omada Controller

On the client, cellphone, or laptop, you need to configure manually with the Endpoint specified as well.

And read the S2S carefully again to learn about the resource access. I have explained what you need to do if you need to get bidirectional access.

 

For each technical term in WG, I have explained them. I would recommend you read the guide server time or go to the WireGuard official website to understand how it works. If you lack experience with the old VPN protocols, you might find WG VPN quite hard to configure and understand. It involves several jargon and some routing knowledge. Take some time to digest it. Or leave it and use OVPN which is super simple to config.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
  0  
  0  
#4
Options

Information

Helpful: 0

Views: 440

Replies: 3

Tags

VPN Network Connectivity
Related Articles
Multiple Wireguard Site-To-Site / Is it possible?
224 0
Wireguard Site-To-Site not working / ER605, V2, Firmware 2.2.2
344 0
ER605 Site to Site Wireguard setup
830 0
Creating a Site to Site Open VPN client connection to use my VPN provider (Privado)
282 0
OpenVPN and Site to Site Connection
334 0
Site to Site VPN Connects but can't ping devices
326 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.