How to create IPSec VPN connection between 4G Router and AWS virtual machine (Windows 2012 Server)

everycloud used Ask the Experts™

I have a TP-Link ML-MR6400 4G router and I want to create a VPN connection with my AWS VM. The scenario is that I have a sales demo unit that the sales guy takes on the road. Rather than require him to configure a local server for each demo, I want to have the complicated server on the AWS VM and he just plugs in his local device and 4G router and the device and VM can connect.

Local Device <> 4G Router <> Cellular Network <> AWS VM

I am using SoftEther on the AWS VM.
I have configured an IPSec tunnel between the local 4G router and the AWS VM.
I have been able to get the 4G router to show in its GUI that the VPN tunnel is up, but I can't get the devices to talk to each other.

Can anyone help me please? There is no configurable OS on the local device. It is a black box All that I can do is connect it to the 4G router and it will be given a local IP address.

The TP-Link 4G Router has the possibility to make itself the VPN Server (using OpenVPN) but for various reason I can't make the 4G Router the VPN server. I need it to be the client and for the AWS VM to be the VPN server.

I probably need to give you more information, but I'm not sure where to start. Thanks for your help!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

sounds like a tough one. before discussion possibilities, lets cover some alternative options:
  • Assuming this is a demo system with no real data in, you could expose the AWS server to the internet i a secure way (e.g. minimal ports, strong passwords etc.) This would negate the need for a VPN.
  • AWS can provide VPN endpoints as part of their packages. You may not need to install/configure your own VPN endpoint on your server to make this work.

Anyway, on the basis that you want to make your current option work, lets see where we can go.
When you say the 4G router shows the tunnel is up, does it show any traffic flow/statistics to suggest it is working?
Can you see corresponding info at the other end to confirm this?

Can you ping the gateway at the other end over the VPN?


Hi Steve

I apologise for the really long delay in replying. Thanks very much for your help. I appreciate you taking the time.

I ended up replacing the wifi router with a GL-AR150 wifi router and it worked much better. I user OpenWRT and it was all so much simpler to configure!

Cool, glad you got it sorted :-)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial