VPN & IPv6 on AX50. IPv4 under CGNAT

VPN & IPv6 on AX50. IPv4 under CGNAT
VPN & IPv6 on AX50. IPv4 under CGNAT
2020-08-13 19:43:03
Hardware Version: V1
Firmware Version: 1.0.9 rel55037

Im trying to set up the VPN server (openVPN) option on my AX50.

 

I followed these tutorial here:

https://www.tp-link.com/us/user-guides/archer-ax50_v1/chapter-11-vpn-server#ug-sub-title-1

 

I activated Dynamic DNS Service and binded it with my TP Link cloud account. I changed the default REMOTE  [xxx.xxx.xxx.xxx IPv4 IP] 1194 on the 12th line of the generated VPN configuration file with a text editor in order to try to point out the connection to my previously configured TP-Link DDNS address (on the format XXXX.tplinkdns.com).

 

But I am having no luck, I can not stablish the connection through the openvpn android/windows client.

 

Initially I suspected it was related to my ISP IPv4 Ip being under CGNAT, but I confirmed IPv6 is properly configured on the router and it is assigning IPv6s ips to all devices on my network. So I came up to the conclussion that VPN Server function on the AX50 only works with IPv4.

 

Can anyone confirm these? Have anyone using these AX50 router been able to set up VPN?

 

I also found these link: https://community.tp-link.com/en/home/forum/topic/193732

Is that the same case with the AX50 (simply no IPv6 support VPN connectivity)?

 

Thanks in advance.

 

0
0
#1
Options
4 Replies
Re:VPN & IPv6 on AX50. IPv4 under CGNAT
2020-08-14 17:50:12

@Zapahacks 

 

Have you tried disabling IPV6 on your router and test the OpenVPN connection? Rather than using the DDNS address, but your public IP address?  

 

If you connect to the AX50 LAN, does the OpenVPN connection work? (Reference the router IP rather then the public IP).

1
1
#2
Options
Re:VPN & IPv6 on AX50. IPv4 under CGNAT
2020-08-14 18:07:11
Thanks for the suggestions, I'll try that tonight and report back.
0
0
#3
Options
Re:VPN & IPv6 on AX50. IPv4 under CGNAT
2020-08-18 14:36:12 - last edited 2020-08-18 14:45:04

@Tony 

I tried as you suggested.

 

I disabled ipv6 on the router, leaving it with only ipv4 from my ISP (which I enfassise, is under CGNAT)

I enabled VPN funciont on the router.

I registered a new DDNS and bined it to my tplinkcloud account.

I rebooted the router and confirmed that my laptop and all other devices were working only with ipv4 ips.

I generated the VPN file within the router UI and exported it to my pc.

 

I always use my laptop connected to the router itself trough LAN, so I proceeded with the sugested tests:

 

1. I used the original configuration file, which included the IP that appears as my IP Address (when you go to Advanced, Status) which is an ipv4. --> VPN connection worked.

 

2. I used the ethernet default gateway ip 192.168.0.1 on the VPN configuration file --> VPN connection worked.

 

3. I then proceeded to change the ip address to the DDNS tplink address, tried to connect with no success. I did see that on the openVPN client log it was not trying to reach the router ip address (I mean, the one that was tested on number 1.test, which is the same one that is included in the originally generated certificate); it was trying to reach the ipv4 that I see when I go this site https://ipv6-test.com/ with any of the devices that are wireless or wired connected to the AX50. Yes, all the devices show the same ip (cellphone, TV, laptop) when I do the ip test on that page.

 

I also performed the same tests connected through wifi, getting the same results. Routers ip and gateway work, DDNS does not (and tries to reach a different ip than the one showed on the AX50 UI)

 

So these leaves me in the same place, I can not acces my router outside my network using an ipv4 under cgnat.

 

So that is were ipv6 should do the trick, but my guessing is the vpn server through ipv6 is malfunctioning on the AX50.

 

Any other test you would suggest?

 

Thanks in advance.

 

 

0
0
#4
Options
Re:VPN & IPv6 on AX50. IPv4 under CGNAT
2020-08-19 22:39:51

@Zapahacks 

 

Here is the information I was able to get:

 

1. IPv6 does not work with our VPN server.

 

2. Our VPN server function can work with the DDNS domain. It might be because when the router is rebooted, the WAN IP changes, and our DDNS updates the new IP. But the router DNS server still has a cache so when the DDNS is used, the DNS server replies with the old IP address. It is suggested to change the DNS server of the VPN client to 8.8.8.8 because 8.8.8.8 will flush the cache immediately.

0
0
#5
Options