Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 15 of 32
  1. #1

    TL-ER6020 IPSEC VPN (Client to LAN) - no IKE reply

    Region : Denmark

    Model : TL-ER6120

    Hardware Version : V1

    Firmware Version : 1.0.0 Build 20120807 Rel.34348

    ISP : Fullrate.dk


    I'm having problems establishing an IPSEC connection to my TL-ER6020 (couldn't select under "Model Number" here)...

    I have setup port mirroring to troubleshoot the traffic and I'm no seing any IKE reply from the TL-ER6020...

    Using tcpdump (tcpdump -i eth0 -n -vvv -s 1514 'host <my-public-ip> && udp port 500') I can see that the load balancer / VPN router isn't responding to the IKE request(s) it's receiving...

    I followed Your Shrewsoft guide but it just doesn't work (I have tested over and over again, removing the IKE/IPSEC settings on router and re-creating them)...

    The DSL modem in front of WAN1 is a Netgear VVG2000 in bridge mode (provided by my ISP)...

    Any ideas...?

    Is the setup guide missing something regarding opening of ports, static routes etc....?

    http://www.tp-link.dk/article/?faqid=452

  2. #2
    OK, let me rephrase my question... ;-)

    Has anyone ever had success with setting up a Client-to-LAN IPsec VPN and connecting to it (any client)...

    I have a working LAN-to-LAN (site-to-site) IPsec tunnel running, but no matter what I do it seems like the TL-ER6020 doesn't reply to IKE requests when in aggressive mode...

    I have been trying to set this up for a week now, and to me, it seems like the TL-ER6020 is FUBAR... PLEASE tell me I'm wrong...! :-)

    It doesn't make sense to me that a site-to-site tunnel (also using ESP) works flawlessly, but when trying to use a Client-to-LAN setup the client receives no reply no matter which combination of proposals I use...

    ANY kind of guidance would be appreciated...! :-)

  3. #3
    Hello,

    I have gotten IPsec VPN working client to lan. I initially did not have much luck with it but eventually deleted all ike and IPsec policies and just had the IPsec enabled check box checked alone. This allowed it to work, don't ask me why. Perhaps the policies I had set were disagreeable to the clients.

    Once you get VPN'd in, you will be on a separate subnet than the main LAN subnet. I think this sucks but I haven't been able to tell whether or not it is normal among routers or if this one's just a dud.

  4. #4
    Hi...

    Thanks for the answer... ;-)

    Sounds to me like You're describing L2TP/IPsec:
    http://www.tp-link.dk/article/?faqid=444

    But what I'm referring to are these guides:
    http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
    http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)

    I'm not using windows (and the Shrewsoft client is ancient on Linux), but I have been using the guides above for reference (and have been testing from a Windows box)...

    I also managed to get L2TP/IPsec working, but when TP-Link say it should work with pure IPsec it should work... ;-)

    If it doesn't, it's false advertising... I'm hoping they "forgot" to upload a newer firmware or something like that... :-)

    For L2TP/IPsec it's perfectly normal to use a seperate IP Pool, one of the main reasons (the other big one is security!) for wanting to use pure IPsec with a pre-shared key (and choose the security level myself)... :-)

    Either TP-Link forgot to mention something in the guides above (I don't think so) or the TL-ER6020 just doesn't work as advertised... The latter is not acceptable... Firmware hasn't been updated since 8/7/2012 (and if it's buggy You can't just leave Your customers in the dark about it):
    http://www.tp-link.com/en/support/do...rsion=V1#tbl_j

    One thing that's definitely a bug (although a minor one) is that the Page Title, when connecting to the TL-ER6020 (before login), says: "TP-LINK ER5110" which tells me that the firmware used for the ER6020 is just the ER5110 firmware with added VPN support (kind of)...

    The feature we're both missing is mentioned here:
    http://www.tp-link.com/en/products/d...=TL-ER6020#fea
    "Client-to-LAN IPsec VPN"
    Last edited by DrWilken; 02-20-2013 at 12:00.

  5. #5
    Has anyone been able to get a working Client-to-LAN IPsec VPN using one of these 2 guides...?

    http://www.tp-link.dk/article/?faqid=452 (IPsec - Shrewsoft client)
    http://www.tp-link.dk/article/?faqid=443 (IPsec - Greenbow client)

    I still haven't heard from TP-Link (wrote a mail to them last wednesday, the 20th of February)...

  6. #6
    Nope...
    I have the same problem here.
    Maybe the ISP is the reason I don't know.

  7. #7
    I will check another guide from thegreenbow site: http://www.thegreenbow.com/doc/tgbvp...-tl-er6120.pdf

  8. #8
    I too have been beating myself up over this. The site to site vpn connections were very easy. I have followed the shrew soft instructions over and over again with no luck. Please let me know if you here back from them about this.

  9. #9
    Still nothing on this matter?

  10. #10
    I have contacted tech support via email but have not had any luck with them yet. When I tried to reply to the first person that emailed me back the email was bounced back as non deliverable and I have not heard back from the second tech to email me.

  11. #11
    We often have the same non-reply from the ER6120. We trace the packets through the ISP router and they arrive at the WAN interface of the TPLINK, but on some occasions, it just drops the packet or never responds. This is the case for VPN and HTTP traffic. Then at other times, it responds as expected and you can HTTP in and setup VPN client-server LLTP connections.

    We have both WANs active at the same time, to different suppliers. Is this something teh TPLINK cannot handle, having both WANs active and responding to VPN and HTTP requests coming in?

  12. #12

    Thumbs up Same issue here

    Sucks
    model 6120 Ipsec / Ike
    client shrew
    just times out while negotiating.
    used this FAQ:
    http://www.tp-link.com/en/article/?faqid=452

    Made in china

  13. #13
    I had the same issue before with ER6120, I contacted tech support and they said when there is NAT device between client PC and ER6120, the ER6120 won't response, maybe it's a bug, and the technical guy sent me a beta firmware, everything is working now, I think ER6020 has the same bug since it looks like the little brother of ER6120, maybe you should ask tech support for a beta firmware as well. I'm not sure, but it worth trying I think.

  14. #14
    I emailed tech support asking if they did indeed have a new firmware for the ER-6020 that fixed the problem and received this reply. Hope it is sooner than later.

    Thank you very much for your email requesting information about our product.

    Sorry for the inconvenience caused. Would you please wait for a period of time? We are trying to improve the firmware and we will send you the firmware once it’s OK.

    If you need any further help, please feel free to let me know.
    To get technical support more quickly, please go to http://www.tp-link.com/en/support/faq

    Best Regards

  15. #15
    I can confirm it is working with beta firmware. There are still other minor issues to be fixed for upcomming non beta update, but I'm happy for the moment.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.