ER605v2 VPN issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605v2 VPN issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605v2 VPN issue
ER605v2 VPN issue
2024-04-30 13:36:19 - last edited 2024-05-08 02:46:48
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4

So I followed the guide here: https://www.reddit.com/r/TPLink_Omada/comments/16tj25p/wireguard_vpn_on_er605_v2_with_omada_a/

 

I successfully set up a wireguard vpn that my laptop (kubuntu) can connect to. I can ping all the devices on my home network and I can ssh to them as well. DNS works fine for the local devices.

 

My problem is this: Even though I can ping and ssh to a device, I cannot get a web interface up. As one example, I have a local machine which runs piHole. I can ssh to it, I can ping it, and it serves DNS. I cannot access the web interface. This is the same for various other local servers I have running, some on the standard port 80, others on unique ports (such as homeassistant). All of these work fine on my local network.

Internet sites work just fine.

 

I've disabled all ACLs.

 

I've also tried OpenVPN and get the same results.

 

I'm using version 5.13.30.20 of the controller on an OC200 with firmware 1.29.4 Build 20240304 Rel.54362

 

Any thoughts or suggestions would be hugely appreciated.

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605v2 VPN issue-Solution
2024-05-08 02:46:33 - last edited 2024-05-08 02:46:48

I finally solved my VPN issue. I don't entirely understand it, I am not a networking guy.

 

The default MTU of 1420 was apparently too big. I don't know if this is something with my ISP or something with Linux. I found a post somewhere about needing to adjust that number below 1400. I used 1300 as the author of that post did and everything started working just fine.

 

So I'll consider this the final solution. I am posting this for future reference if anyone else sees this issue.

 

Recommended Solution
  0  
  0  
#7
Options
6 Reply
Re:ER605v2 VPN issue
2024-05-01 18:54:55

  @brianc1969 

Without my changing anything, ssh has stopped working... it partially loads the welcome message from the server, but never actually gives me a shell prompt... and it just sits there waiting.

I checked insights on the gateway and I see right around 40% memory usage and 2-4% cpu usage. Don't think I'm being constrained here.

External websites are still working. Ping still works (so DNS is still working).

  0  
  0  
#2
Options
Re:ER605v2 VPN issue
2024-05-06 12:02:05

Hi @brianc1969 

brianc1969 wrote

  @brianc1969 

Without my changing anything, ssh has stopped working... it partially loads the welcome message from the server, but never actually gives me a shell prompt... and it just sits there waiting.

I checked insights on the gateway and I see right around 40% memory usage and 2-4% cpu usage. Don't think I'm being constrained here.

External websites are still working. Ping still works (so DNS is still working).

Based on what you described, there seems to be nothing wrong.

VPN should be working.

For the web interface, you probably want to double-check the pi-hole interface. As it is not a domain name like <ip>:port. It requires the following lines:

With the /admin/, can you access it. Simply putting the IP in the URL does not get you connected to the web interface.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#3
Options
Re:ER605v2 VPN issue
2024-05-06 12:03:32

Hi  @brianc1969 

e.g. direct IP.

 

Correct URL:

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options
Re:ER605v2 VPN issue
2024-05-06 13:16:53

  @Clive_A 
Thanks for the reply.

 

I was trying to describe that I cannot get anything to completely load. With piHole as the example, it works from a name from within my network. But via the VPN, I cannot get the control page to load, either with a name or with just the IP. And yes, I am using the /admin. I can ping via name, which tells me the VPN is resolving DNS, so names should work.

 

Another example is my homeassistant webpage. It is on a different port, on a different IP. Again, it works via name or IP locally, but never loads either way via VPN.

 

And a third example, I run a local webserver, which again is available via name or IP on standard port 80 on yet another machine. Again, I cannot get that to load via VPN.

 

Additionally, as I stated in my second post, at this time, SSH only loads part of the welcome message and never allows me to connect to any machine on my network, even though this worked initially.

 

The fact that I get part of the welcome message tells me the VPN made the connection. But for some reason I cannot complete it.

  0  
  0  
#5
Options
Re:ER605v2 VPN issue
2024-05-07 01:28:19

Hi @brianc1969 

Thanks for posting in our business forum.

brianc1969 wrote

  @Clive_A 
Thanks for the reply.

 

I was trying to describe that I cannot get anything to completely load. With piHole as the example, it works from a name from within my network. But via the VPN, I cannot get the control page to load, either with a name or with just the IP. And yes, I am using the /admin. I can ping via name, which tells me the VPN is resolving DNS, so names should work.

 

Another example is my homeassistant webpage. It is on a different port, on a different IP. Again, it works via name or IP locally, but never loads either way via VPN.

 

And a third example, I run a local webserver, which again is available via name or IP on standard port 80 on yet another machine. Again, I cannot get that to load via VPN.

 

Additionally, as I stated in my second post, at this time, SSH only loads part of the welcome message and never allows me to connect to any machine on my network, even though this worked initially.

 

The fact that I get part of the welcome message tells me the VPN made the connection. But for some reason I cannot complete it.

If it worked before, it should do the same now.

Did you change any parameters in the Wireguard peer?

If you can do a self-examination, that would be great. We have guides on how-to Wireguard setup.

 

You can delete the existing Wireguard and create it again and test it out one more time. If this persists, please paste your parameters and a simple network diagram.

 

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#6
Options
Re:ER605v2 VPN issue-Solution
2024-05-08 02:46:33 - last edited 2024-05-08 02:46:48

I finally solved my VPN issue. I don't entirely understand it, I am not a networking guy.

 

The default MTU of 1420 was apparently too big. I don't know if this is something with my ISP or something with Linux. I found a post somewhere about needing to adjust that number below 1400. I used 1300 as the author of that post did and everything started working just fine.

 

So I'll consider this the final solution. I am posting this for future reference if anyone else sees this issue.

 

Recommended Solution
  0  
  0  
#7
Options