How to set up PPTP & L2TP VPN Server with Omada Gateway in Controller Mode

Knowledgebase
Configuration Guide
Gateway
07-02-2024
114

Note: For Omada SDN Controller v 4.3 and above

Application Scenario

When a remote user wants to access the LAN, it is recommended to establish a client-to-site VPN tunnel in which the Omada gateway serves as a VPN server. This kind of VPN tunnel is useful and practical for business travelers to access the network in headquarter from a remote location without compromising security and privacy.

To set up the Omada gateway as PPTP/L2TP server and establish a VPN tunnel, follow the steps below.

Note: If the Omada gateway is behind a NAT device, make sure that UDP port 1701 for L2TP traffic, UDP port 500/4500 for L2TP over IPsec VPN are open on the NAT device in front of the Omada gateway.

Configuration

Step 1. Create a new VPN policy

Go to Settings > VPN and click + Create New VPN Policy.

Step 2. Configure the parameters to set up a PPTP/L2TP server

1) For PPTP Server: enter a name to identify the VPN policy, select the purpose for the new entry as Client-to-Site VPN, and the VPN Type as VPN Server-PPTP. Then configure the corresponding parameters, and click Create.

Status

Check the box to enable the VPN tunnel.

MPPE Encryption

Select Encrypted to enable MPPE (Microsoft Point-to-Point Encryption) for the VPN tunnel for security purpose.

Local Networks

Select the networks in headquarter. The VPN policy will be applied to the selected networks and the remote users can access the network with the created VPN tunnel.

WAN

Select the WAN port on which the VPN tunnel will be established. Each WAN port supports only one PPTP VPN tunnel when the gateway works as a PPTP server.

IP Pool

Specify the IP address and subnet, and the gateway will assign IP address from the pool to the remote users for them to access the local networks.

2) For L2TP Server: enter a name to identify the VPN policy, select the purpose for the new entry as Client-to-Site VPN, and the VPN Type as VPN Server-L2TP. Then configure the corresponding parameters, and click Create.

Status

Check the box to enable the VPN tunnel.

IPsec Encryption

Select Encrypted to encrypt the VPN tunnel by IPsec for security purpose.

Local Networks

Select the networks in headquarter. The VPN policy will be applied to the selected networks and the remote users can access the network with the created VPN tunnel.

Pre-Shared Key

Specify the Pre-Shared Key (PSK) for IPsec encryption. Both the gateway in headquarter and the remote user should use the same PSK for authentication.

WAN

Select the WAN port on which the VPN tunnel will be established. Each WAN port supports only one L2TP VPN tunnel when the gateway works as a L2TP server.

IP Pool

Specify the IP address and subnet, and the gateway will assign IP address from the pool to the remote users for them to access the local networks.

Step 3. Create a VPN user entry for the remote user

Go to Settings > VPN > VPN User. Click +Create New VPN User to add a new entry.

Step 4. Configure the parameters for the VPN user

Specify the username and password that the user will use for validation, and select the VPN server that has been created in Step 2.

Then, select Client as the Mode, and specify the maximum VPN connections that can use the specified username simultaneously. If you want to use a gateway as a PPTP/L2TP client, select Network Extension Mode as the Mode. Click Create.

Step 5. Configuring the PC/laptop of the remote user

On the remote PC/laptop, you can use the Windows built-in PPTP/L2TP software or software from the third party to connect to the PPTP/L2TP server. For detailed information, please refer to:

https://www.tp-link.com/support/faq/1629/

Verification of the L2TP/PPTP VPN Tunnel

Go to Insight > VPN Status > VPN Tunnel and check the entries. When a corresponding entry is displayed in the table, the VPN tunnel is successfully established.

Prosimy o ocenę tego dokumentu

Powiązane dokumenty