ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
ER707-M2 - Local LAN client cannot connect to OpenVPN on the router
Hello,
I can't connect to the router's OpenVPN server from the local network
(connection to the router's SSL VPN server is possible from local LAN users)
With my previous ER605 V2 router everything is fine and I can connect to OpenVPN from the local network.
Any suggestions?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @RMitev
Thanks for posting in our business forum.
RMitev wrote
Hello, from the external network 10.17.21.1/24 everithing is OK, but from internal network I can't connect.
In ER605 v1 and v2, I can connect to the openvpn server from both internal and external network ...
(By the way, the ER605 V1 with the latest firmware has a speed of 25 to 30 megabits via OpenVPN)
Best Regards
Tested and have a reproduction of the issue. The problem mainly lies in the 707-M2, which has added a function to limit the OVPN message. Previously, it was found that in certain scenarios, OVPN messages would not be sent from the specified wan port, so restrictions were added to only send and receive messages on the corresponding WAN port.
605 has not been considered for this feature. But I think if this is added to the firmware. It should later be added to the 605.
The question now is what kind of scenario do you need this connection from the LAN? We have not found a legit scenario for such a use case which may cause some other trouble. So, we limit it.
- Copy Link
- Report Inappropriate Content
Hi @RMitev
Never seen this issue before. Can you confirm that it happens(steadily reproducible) on your ER707-M2 V1 1.2.2?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @RMitev
What's the update on this matter?
Our dev is interested in your case and would like to learn the progress.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
[May 25, 2024, 17:11:19] OpenVPN core 3.8.2connect3 win x86_64 64-bit OVPN-DCO built on Dec 1 2023 16:39:43
⏎[May 25, 2024, 17:11:19] Frame=512/2112/512 mssfix-ctrl=1250
⏎[May 25, 2024, 17:11:19] NOTE: This configuration contains options that were not used:
⏎[May 25, 2024, 17:11:19] Unsupported option (ignored)
⏎[May 25, 2024, 17:11:19] 7 [resolv-retry] [infinite]
⏎[May 25, 2024, 17:11:19] 9 [persist-key]
⏎[May 25, 2024, 17:11:19] 11 [explicit-exit-notify]
⏎[May 25, 2024, 17:11:19] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:19] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:19] EVENT: WAIT ⏎[May 25, 2024, 17:11:19] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
"host" : "10.17.21.71",
"ipv6" : false
}
⏎[May 25, 2024, 17:11:19] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:29] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:29] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:29] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:29] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:29] EVENT: WAIT ⏎[May 25, 2024, 17:11:29] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
"host" : "10.17.21.71",
"ipv6" : false
}
⏎[May 25, 2024, 17:11:29] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:39] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:39] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:39] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:39] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:39] EVENT: WAIT ⏎[May 25, 2024, 17:11:39] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
"host" : "10.17.21.71",
"ipv6" : false
}
⏎[May 25, 2024, 17:11:39] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:49] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:49] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:49] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:49] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:49] EVENT: WAIT ⏎[May 25, 2024, 17:11:49] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
"host" : "10.17.21.71",
"ipv6" : false
}
⏎[May 25, 2024, 17:11:49] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:11:59] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:11:59] EVENT: RECONNECTING ⏎[May 25, 2024, 17:11:59] EVENT: RESOLVE ⏎[May 25, 2024, 17:11:59] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:11:59] EVENT: WAIT ⏎[May 25, 2024, 17:11:59] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
"host" : "10.17.21.71",
"ipv6" : false
}
⏎[May 25, 2024, 17:11:59] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:12:09] Server poll timeout, trying next remote entry...
⏎[May 25, 2024, 17:12:09] EVENT: RECONNECTING ⏎[May 25, 2024, 17:12:09] EVENT: RESOLVE ⏎[May 25, 2024, 17:12:09] Contacting 10.17.21.71:31194 via UDP
⏎[May 25, 2024, 17:12:09] EVENT: WAIT ⏎[May 25, 2024, 17:12:09] WinCommandAgent: transmitting bypass route to 10.17.21.71
{
"host" : "10.17.21.71",
"ipv6" : false
}
⏎[May 25, 2024, 17:12:09] Connecting to [10.17.21.71]:31194 (10.17.21.71) via UDP
⏎[May 25, 2024, 17:12:19] EVENT: CONNECTION_TIMEOUT BYTES_OUT : 840
PACKETS_OUT : 60
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
⏎[May 25, 2024, 17:12:19] EVENT: DISCONNECTED ⏎
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
As I mentioned in ER605 therad: https://community.tp-link.com/en/business/forum/topic/640894
An OpenVPN log will be very helpfull ...
- Copy Link
- Report Inappropriate Content
Hi @RMitev
Thanks for posting in our business forum.
RMitev wrote
Huh.. You don't have a public IP address. You should fix this first before we move on.
If that's the case, your WAN is not a public IP, I think I know what's wrong. The whole thread is going the wrong direction because you don't have a public IP address.
Fix this first, and you should proceed the rest of the parts smoothly on your own with the guides.
Check on your modem router and what's the IP address you get?
Please mosaic your sensitive information. Here is a list of information considered sensitive:
1. Real Public IP address on your WAN if your WAN is.
2. Real MAC address of your device.
3. Your personal information including address, domain name, and credentials.
For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.
- Copy Link
- Report Inappropriate Content
Yes, that's right, there is a replacement device in place of the Er707-M2 router in question. In the original setup, the router has a real IP, but I can't stop the service to test everything with this router.
The OpenVPN connection is created from the internal LAN, so the external IP does not matter in this case.
I believe I have shown how to reproduce the problem - the WAN connection is via WAN/LAN3, an OpenVPN server is set up on this interface and we are trying to connect to it from the LAN network.
I believe you have enough devices to test what happens in this case.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1775
Replies: 15
Voters 0
No one has voted for it yet.