Note: For Omada SDN Controller v 4.3 and above
Application Scenario
When a remote user wants to access the LAN, it is recommended to establish a client-to-site VPN tunnel in which the Omada gateway serves as a VPN server. This kind of VPN tunnel is useful and practical for business travelers to access the network in headquarter from a remote location without compromising security and privacy.
To set up the Omada gateway as PPTP/L2TP server and establish a VPN tunnel, follow the steps below.
Note: If the Omada gateway is behind a NAT device, make sure that UDP port 1701 for L2TP traffic, UDP port 500/4500 for L2TP over IPsec VPN are open on the NAT device in front of the Omada gateway.
Configuration
Go to Settings > VPN and click + Create New VPN Policy.
1) For PPTP Server: enter a name to identify the VPN policy, select the purpose for the new entry as Client-to-Site VPN, and the VPN Type as VPN Server-PPTP. Then configure the corresponding parameters, and click Create.
Status |
Check the box to enable the VPN tunnel. |
MPPE Encryption |
Select Encrypted to enable MPPE (Microsoft Point-to-Point Encryption) for the VPN tunnel for security purpose. |
Local Networks |
Select the networks in headquarter. The VPN policy will be applied to the selected networks and the remote users can access the network with the created VPN tunnel. |
WAN |
Select the WAN port on which the VPN tunnel will be established. Each WAN port supports only one PPTP VPN tunnel when the gateway works as a PPTP server. |
IP Pool |
Specify the IP address and subnet, and the gateway will assign IP address from the pool to the remote users for them to access the local networks. |
2) For L2TP Server: enter a name to identify the VPN policy, select the purpose for the new entry as Client-to-Site VPN, and the VPN Type as VPN Server-L2TP. Then configure the corresponding parameters, and click Create.
Status |
Check the box to enable the VPN tunnel. |
IPsec Encryption |
Select Encrypted to encrypt the VPN tunnel by IPsec for security purpose. |
Local Networks |
Select the networks in headquarter. The VPN policy will be applied to the selected networks and the remote users can access the network with the created VPN tunnel. |
Pre-Shared Key |
Specify the Pre-Shared Key (PSK) for IPsec encryption. Both the gateway in headquarter and the remote user should use the same PSK for authentication. |
WAN |
Select the WAN port on which the VPN tunnel will be established. Each WAN port supports only one L2TP VPN tunnel when the gateway works as a L2TP server. |
IP Pool |
Specify the IP address and subnet, and the gateway will assign IP address from the pool to the remote users for them to access the local networks. |
Go to Settings > VPN > VPN User. Click +Create New VPN User to add a new entry.
Specify the username and password that the user will use for validation, and select the VPN server that has been created in Step 2.
Then, select Client as the Mode, and specify the maximum VPN connections that can use the specified username simultaneously. If you want to use a gateway as a PPTP/L2TP client, select Network Extension Mode as the Mode. Click Create.
On the remote PC/laptop, you can use the Windows built-in PPTP/L2TP software or software from the third party to connect to the PPTP/L2TP server. For detailed information, please refer to:
https://www.tp-link.com/support/faq/1629/
Verification of the L2TP/PPTP VPN Tunnel
Go to Insight > VPN Status > VPN Tunnel and check the entries. When a corresponding entry is displayed in the table, the VPN tunnel is successfully established.