So I am a network architect and have strong networking background and done many VPN tunnels in my life. I for home gotan er605 just for my house and it is nice. I have it cloud managed by omada which works wonders. Everything works well, the policy based routes, acls, dual wna load balancing etc is amazing same fo dynamic dns.
My problem is with the openVPN . It always connects fine no matter how I build it. Via TCP or udp. all works. But when I am connected and if I try to reach anything internal like my SFTP server etc it never connects. Just fails. I have no deny acls in place to conflict. Nothing seems to route to my default network. Openvpn is passing it off as a VPN prefix but the router isnt allows in the network to be reachable. This von tunnel looks to not nat based not route based so it doesn’t need to be in the routing table. So why does this not work.
Mine is set to split VPN with the network that my ftp server on as the selected networks and advertised prefixs
How did you make openVPN work where it can reach your internal network.
I use have multi site vpns originating er605’s coming into my er8411. Some iPerf testing to clients from the subnet behind the er8411 to the er605 over wire guard really shocked me. 100-180mb consistently…. I didn’t believe the WG speed increase over OpenVPN but now I’m a believer.
Another question. Is there any other riders I can update to that has significant increases bandwidth for either openVPN or sslvpn? The er8411 seems to be crazy large physically for my goal. The er707-m2 I can’t tell if it does SSL and it’s openVPN and sslvpn throughout is unlisted. The er7206 seems too weak.
The et706w looks nice but I already have wifi and don’t need to double spend on that. Do you have any recommendations?
Hi, I have the same issue but with my PC windows 11, it can connect to the OpenVPN tunnel but the client can not access internet and can not ping to the principal network. Any advice ?
Sued that’s really slow for these routers. You do know the er8411 is rated on ipsec for 4GBs and the er605 is 1GBs. The openVPN can do between them about 100 to 140 Mbps. So what your experiencing is not a significant difference when it comes to networking. It’s also a much lower security standard compared to ipsec too. Just use auto ipsec for God sake it will be 10x faster then this. This is really slow fyi. I as architect for big companies is do this for a living 100 to 180mpbs for a VPN tunnel is abysmal. If your seeing this on a gig line and your only gettig. 10 to 18 percent of your advertised speeds your doing bad even from these
I have both ER8411, ER707-M2 and ER706W, they are all good routers, if you are going to use IPS/IDS, only the ER8411 can do the job, all the others are slow. I wouldn’t use OpenVPN either, it’s slow on all routers, use Wireguard. but my recommendation as a starter package is the ER706W, it has very good wifi but good range for a cheap price. then there is ER707-M2 if you are not going to use IPS/IDS, ER8411 if you want IPS/IDS, but use Wireguard regardless of the router.
Yikes never knew the ratings…. Well not that this completely explains things. But the er605 is behind a Comcast 800mb down and probably not more than 100mb cable connection … not sure what the current Comcast Business subscription is but I doubt the upload is more than 100mb up and the er8411 is on a 2gig symmetrical fiber.
Can I do auto ipsec on that er605 without static ip there ?
The er8411 is the only ones that get close to a gigabit VPN throughout the rest don’t specify if they do and the er605 and 7206 don’t come close.
The er706w does but I already have a great wifi access point so its confusing to buy that one.
If the throughput of the er605 on wireguard is good I may consider this. But I can’t get it setup. No matter what I put in the peers allowed ips it just failed and accepts nothing says my mask or IP is not correct. Makes no sense.
The throughout differences seem insignificant between wireguard and openVPN so don’t set a benefit there. Just will stick with openvpn or sslvpn if the new appliance supports it just need to find one with way more throughout but 796w seems to be it but I didn’t want the WiFi maybe a er706 will come out idk
What would you say their throughout is on sslvpn. I got wireguard to work and it wasn’t noticably faster about a 4 megabit difference on the er605. Openvpn is simpler and since it has full aers 255 encryption vs wireguard 128 I like it better
I would just rather go to an ore powerful appliance. How much throughout does er707 get?
Yes you can if your setup with omada it’s a feature of that. You just in the vpn section select auto ipsec and then selectwhat router connects to what and it auto does it all from there. Since the omada cloud controller keeps learning your dynamic IP address just like dynamic dns does to manage the router it will updated auto ipsec tunnels as it changes too. That’s the beauty of sd,-wan. It’s very simple and automatically. How to set up site-to-site Auto IPsec VPN Tunnels on Omada Gateway in Controller Mode | TP-Link
I dont use SSL vpn or Wireguard on tp-link but my guess is 3-400Mbps witch wireguard on ER707-M2. you have to remember that SSL VPN is actually a more advanced OpenVPN and has about the same speed as OpenVPN.
The ER605v2 manages 20Mbps with OpenVPN and 100Mbps with Wireguard so it was strange that you didn’t get a better speed. I use Wireguard on ER605v2 in my children’s house so I can test quite accurately there.
Hmm I’m using a hardware controller tho… what I did is manually point the routers to the er8411 which is behind a static ip and forwarded the ports to a oc200 which is on the er8411 network. Devices behind the er605 then just use the vpn tunel for their management traffic to the hardware oc200 ……
Yeah I guess I could try it …. Back up the er605 and give it a shot. Since I have it managed can always go back and revert to previous settings.
Of course it’s working just right and honestly the bandwidth requirements for this use case aren’t high. The WG tunnel is already a step up from OpenVPN.
But the itch of destruction of what works for something new to explore are to great and I’ll probably go in all guinea pig …. it haha.
