Zac123
asked on
Open port for VPN?
I'm trying to create a VPN connection between two TP link routers, VR600 & VR900. The control panels are virtually identical to each other.
Both locations have a fixed/static public IP address.
I have selected IPSEC, inputted the ip details, ensured that the two locations are on different subnets:
192.168.1.1
192.168.9.1
The routers allow me to save these settings without throwing an error but the connection is listed as being "down" on both routers so clearly something is not right.
Should i open a port? if so which one? or is there anything else about what i have described that is wrong?
thanks
zac
Both locations have a fixed/static public IP address.
I have selected IPSEC, inputted the ip details, ensured that the two locations are on different subnets:
192.168.1.1
192.168.9.1
The routers allow me to save these settings without throwing an error but the connection is listed as being "down" on both routers so clearly something is not right.
Should i open a port? if so which one? or is there anything else about what i have described that is wrong?
thanks
zac
ASKER
i actually have it listed as:
"single address" - 255.255.255.255
maybe it should be "multi address" - 255.255.255.0
?
"single address" - 255.255.255.255
maybe it should be "multi address" - 255.255.255.0
?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Where you are wanting to access other devices on the respective networks it should be 255.255.255.0
Thought that could stop communication, it wouldn't cause the tunnel to be down. Sounds like a configuration error
Thought that could stop communication, it wouldn't cause the tunnel to be down. Sounds like a configuration error
Not clear vr600 includes VPN capabilities.
You need to make sure you hve the configuration as. Mirror?
SIde A
Side B WAN IP
Local LAN Segment:
Remote LAN segment::
Key lifetime, refresh ...
Encryption/encapsulation
Passphrase/secret word
Side B, the
Side A WAN IP
The two have to be flipped from what is shown on Side A
Everything else has to remain the same.
You need to make sure you hve the configuration as. Mirror?
SIde A
Side B WAN IP
Local LAN Segment:
Remote LAN segment::
Key lifetime, refresh ...
Encryption/encapsulation
Passphrase/secret word
Side B, the
Side A WAN IP
The two have to be flipped from what is shown on Side A
Everything else has to remain the same.
ASKER
ok, sorry for wasting your time. I have been onto TP link support chat, and it turns out.....
"This still needs to go through a VPN server. Because the routers do not have built in VPN and only passthrough. So you will need a VPN provider for such set up "
sorry about that everyone.
"This still needs to go through a VPN server. Because the routers do not have built in VPN and only passthrough. So you will need a VPN provider for such set up "
sorry about that everyone.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
noci provided the information you need once you setup a system on each side that can handle a VPN connection. Look at untangle as a starting point.
Then you would forward port 500/4500 to that IP if using ipsec. you could use openVPN between them. by opening other ports that on each side points to the internal system where the VPN starts and ends...
Then you would forward port 500/4500 to that IP if using ipsec. you could use openVPN between them. by opening other ports that on each side points to the internal system where the VPN starts and ends...
Be sure to use UDP based OpenVPN if you go that route. TCP over TCP can quickly become a nightmare if you go across a network with some packet loss.
Wireguard maybe an other option, it is especially handy with mobile equipment because u drains the batteries a lot less.
If you still are looking for firewalls, maybe also look into pfSense.
Wireguard maybe an other option, it is especially handy with mobile equipment because u drains the batteries a lot less.
If you still are looking for firewalls, maybe also look into pfSense.
The subnets masks for 192.168.1.1 and 192.168.9.1 are 255.255.255.0 correct? and not 255.255.0.0