How to configure Omada Gateway as a PPTP/L2TP VPN Client to enable the VPN Server as Proxy Gateway for backend clients

Knowledgebase
Configuration Guide
01-03-2024

Application Scenario:

Take the following network topology as an example, we will configure Router B as PPTP/L2TP VPN Client to connect the PPTP/L2TP VPN Server (Router A).

Configuration Overview:

  1. Configure Router A as PPTP/L2TP VPN Server.
  2. Configure Router B as PPTP/L2TP VPN Client.

Case 1: All backend clients want to access the Internet via VPN Server.

Case 2: Specific backend clients want to access the Internet via VPN Server, which needs configuring Policy Routing on Router B (PPTP/L2TP VPN Client) for specific devices

Configuration Steps:

  1. Configure Router A as PPTP/L2TP VPN Server.

For detail configuration, please refer to the following articles:

How to establish an L2TP Server by Omada Gateway in Standalone mode

How to establish a PPTP Server by Omada Gateway in Standalone mode

  1. Configure Router B as PPTP/L2TP VPN Client.

Case 1: If you want all the backend clients to access the Internet via VPN Server,

please refer to the following article:

How to set up PPTP & L2TP VPN client with Omada Gateway in standalone mode

Note: Remote Subnet set to 0.0.0.0/0 would make all the backend clients to access the Internet via VPN Server by default.

Case 2: If you want specific backend clients to access the Internet via VPN Server,

please refer to the following article to begin with:

How to set up PPTP & L2TP VPN client with Omada Gateway in standalone mode

After last configuration, please refer to the following steps below:

  1. Configure Policy Routing on Router B (PPTP/L2TP VPN Client) for specific devices. (Here we take L2TP VPN Server and L2TP VPN Client as an example, and the configuration is the same for PPTP VPN Server and PPTP VPN Client.)

  1. Go to “Preferences>IP Group” to setup corresponding IP group and IP address range for specific devices which want to access the Internet via PPTP/L2TP VPN Server as a Proxy Gateway.

  1. Then go to “Transmission>Routing>Policy Routing” to create a rule for the devices of last step.

Here we select “Source IP” to “test1” which is the IP group name you configured of last step, and select “WAN“ to “L2TP” which means routing the relevant traffic of the clients in the IP Group into the L2TP VPN tunnel.

Note: Here we select “Destination IP” to “IPGROUP_ANY”, which means this routing rule would forward all the traffic of the clients in the selected IP Group.

  1. Verification.

(1) Without Policy Routing by default, the devices would access the Internet via their default gateway 192.168.10.1 by verifying with command “tracert 8.8.8.8”.

(2) With Policy Routing, the devices would access the Internet by using the VPN Server 192.168.0.1 as a Proxy Gateway by verifying with the command “tracert 8.8.8.8” as well.

Please Rate this Document