Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 14 of 14
  1. #1

    Exclamation TL-ER604W Remote VPN Clients cannot see LAN computers

    Region : UnitedStates

    Model : TL-ER604W

    Hardware Version : V1

    Firmware Version :

    ISP :


    Remote Clients connected to VPN cannot access LAN computers connected to the TL-ER604W.

    Configuration of IP Address Pool will not allow Remote Clients to be on same subnet as LAN computers connected to TL-ER604W.

    Is there a workaround that could provide this connectivity?

    The WHOLE point of remote VPN clients connecting is for access to LAN computers at the HOST end.

  2. #2

    Same issue

    I have tried adding routes for the ip pool, I am at a loss on why this isn't working. makes this router pointless....super frustrating PLEASE HELP

  3. #3

    Any help?

    I see your post on the 3rd hasn't been replied to. Has anyone contacted you yet?

  4. #4

    Unhappy no reply still

    Quote Originally Posted by cmaslin View Post
    I see your post on the 3rd hasn't been replied to. Has anyone contacted you yet?
    NO ONE HAS CONTACTED ME...

  5. #5

    VERY slow support

    Quote Originally Posted by Mizel View Post
    NO ONE HAS CONTACTED ME...
    I have nearly the same problem. I opened a new ticket but TPlink support is slow. It took two+ weeks to escalate an email support thread and they kept asking questions that I had already answered.

    Frustrating.

  6. #6

    Any Luck

    Was this ever resolved? I am having the same issue.

  7. #7

    Any Luck With This?

    I have the same issue, was this ever resolved?

  8. #8
    I was able to resolve this as there were two issues.

    1. The local cable company provided the modem/router at the remote end. By default, all of the protocol helpers were disabled, ie, IPsec passthrough was disabled. Since I was getting a public IP on my TPlink, it did not occur to me that the cable modem may not be completely transparent. Apparently, it is a "Feature" designed to encourage upgrades to business level services.

    2. The second issue was a conflicting route left over from previous testing.

    I was previously trying to get a remote TP-Link router to connect to a pfSense main router via IPsec, but I never got that working. TP-Link ER-604W on both ends (One is static IP, the other uses DDNS) is working nicely.

  9. #9

    Cool How to fix your VPN connections.

    Hi guys,
    I encountered the same problem, I believe it to be a bug in the router firmware and have reported it as such, however I'm happy to tell you that there is a workaround.

    The basic issue is that the router does not send back the correct routing table entries to the client after connection in all cases.
    You can verify this yourself in windows by checking the routing table.

    I'll illustrate this with my own configuration.

    my LAN network address is 172.16.106.0
    when I initially set up client - network VPN, I followed the example in the guide, and created an address pool in the range 10.10.10.10. - 10.10.10.50 for VPN clients.
    When I connected to the VPN, as you have all seen, it connected fine, but I was unable to contact any machine on my LAN.
    What I discovered from the windows routing table, was that no route had been created for the 172.16.106 network.
    Instead, a route to 10.0.0.0 had been created, which didn't make a great deal of sense.

    However, I found that if I manually created a route to 172.16.106.0 then miraculously everything started to work.
    To do this manually, check what your VPN client address is (in my case it was 10.10.10.10), and add the route in an administrator command prompt with (again using my network as an example)
    route add 172.16.106.0 mask 255.255.255.0 10.10.10.10

    There is also an automated way to achieve the same objective by changing the address pool so that the range is contained within the same superset as the LAN addresses.
    In my example, I set the pool address range to be 172.16.108.1 - 172.16.108.50

    Now when I connect to the VPN, the router creates for me a route for 172.16.0.0 which includes both the VPN client range, and the LAN subnet, so everything works as expected.

    I hope that works for everyone.

    P

  10. #10
    Hello - I tried using your method on the LAN & VPN (adjusted for my subnets) to setup the er6120 for the site-to-site pptp vpn connection -

    - I'm trying to use the er6120 to connect to a remote win 2008 pptp server where I see the same problem; the WAN makes the vpn connection (and the er6120 can be ping'd from the remote network side) but nothing on the er6120 LAN side can ping anything on the remote pptp side -

    - the LAN side does not appear to be routing correctly to the WAN side - using your method (above), it still does not resolve the issue -

    - I need to force all traffic through the VPN connection but I don't see any settings for that so I'm trying your method for routing -

    My setup:

    ER6120 <--> cable modem router <--> INTERNET <--> University (ISP) <--> Win 2008 RRAS PPTP (appropriate firewall exceptions; works for all other clients)

    TL-ER6120 (NAT mode)
    LAN = x.x.171.124
    LAN DHCP = x.x.171.x to y

    WAN = dynamic IP to cable modem / router = 192.168.1.1 (reserved dhcp static)
    VPN - L2TP/PPTP - PPTP Client = server x.x.175.x with Remote Subnet x.x.175.0/24 (active and connected; assigned ip from remotepptp server)

    Route Table
    No. Destination Gateway Flags Logical Interface Physical Interface Metric
    1 0.0.0.0/0 192.168.1.1 GS eth1 WAN1 0
    2 x.x.171.0/24 N/A C eth0 LAN 0
    3 x.x.175.0/24 x.x.175.x S pptp-vpn-0 WAN1 0
    4 x.x.175.x N/A HP pptp-vpn-0 WAN1 2
    5 192.168.1.0/24 N/A C eth1 WAN1 0

    Any suggestions?

    (yes, I've posted to support at TP-Link; they pointed to faqid=411 which is not a solution and that is how I setup the er6120 in the first place)

    regards, chris o.
    Last edited by owen325; 01-11-2015 at 01:44.

  11. #11
    hi!

    Have you found solution on this issue?? Sounds that no one answering from TP-LINK support team..

    I'm having Same issue ...VPN connection was successfully established however I can't Ping the Server [ IP: 192.168.1.2 ].. or any computer on that network except for the TP-Link LAN IP 192.168.1.1

    Here is my Setup..

    Name:  doubleNAT.JPG
Views: 0
Size:  26.7 KB

    Appreciate your help...

    Thanks

  12. #12
    Region : Germany
    Model : Archer C7
    Hardware Version : Not Clear
    Firmware Version : 3.14.1 Build 140929 Rel.33293n

    Same Issue here.


    The VPN Server(10.8.0.1) is running on a machine in the LAN (local IP 192.168.0.3 , IP forwarding enabled).
    The TP-Link router is used as gateway (192.168.0.1). Port forwarding from WAN to the VPN Server is enabled.
    A VPN Client(10.8.0.*) can successfully connect to the VPN Server over the Internet.

    Now I'd like to access samba shares within the LAN that are located on a different machine (192.168.0.2) than the VPN server.
    To do so, you have to "set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server" (source).

    So I configured a static route on the Archer C7:
    Code:
    Destination Network: 10.8.0.0
    Subnet Mask: 255.255.255.0
    Default Gateway: 192.168.0.3


    However this doesn't seem to work. The VPN client can successfully connect to the VPN Server and the router with it's local IP can be pinged from the VPN client too. But the VPN client won't find any other machine on the LAN side. The strange thing is, when I install OpenWRT on the Archer C7 and apply the very same rules there, it works just fine.

  13. #13

    If the VPN is connected

    If the VPN says you are connected...then you are connected.

    When you put in your local and remote IP's did you use a range 192.168.1.0/24 or did you do a specific IP?

    Also check your AV software.

    A lot of people forget that if you aren't on the network with the same IP your AV software will block anything that is not a local IP.

    Also if you have windows firewall enabled it will happen also. You just have to add an IP Scope of the opposing IP addresses in each computer if you are trying to access data in particular.

    If you have your Windows Firewall enabled, just go to:

    Control Panel (Switch to View By:Small icons .... ahhhh familiarity)

    Select Windows Firewall
    Advanced Settings on the left
    Left Click on Inbound Rules
    Wait for the list to populate
    Now right click on inbound rules and select New Rule
    Select Custom
    Then on the Left pick scope
    Then under Which remote IP addresses does this rule apply to?
    Select These IP addresses
    Then Click Add
    Add your opposing Network IP or range
    Click Ok
    Name the rule and click finish

    See if that might be the problem possibly


    - Q

  14. #14
    Another workaround:

    Set machines you want to connect to as users
    Set Traffic Control rules, Bandwidth rules, for those users (for the WAN the VPN is connecting to)

    Somehow now those machines can be reached via VPN.

    CORRECTION:
    My problem was that by default I was setting a bandwidth limitation by default so I was not able to connect to those machines that had not been included in a Bandwidht Control rule because de default bandwidth was the minimum.
    Last edited by alber; 02-25-2017 at 10:33.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.