Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 2 of 2
  1. #1

    VPN connection between MR200 (private IP) and Fritz 6490 (public IP via DynDNS)

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]


    I hope there are some true VPN cracks around here?
    I am trying to connect my TPLink Archer MR200 (which unfortunately gets a private IP address from my spanish 4G provider) with my Fritz 6490 at home.
    After hours of research and trial/error this is what I came up with... but have not been able to get the status ever changing from "down" to anything different...

    TPLink side:

    router internal IP:
    router external IP: as said... a private one, thus dyndns isn't possible.

    I created the following entry in Network > IPSec VPN:
    ConnectionName: BerlinLaPalma
    Remote Gateway: XXX.myfritz.net (the dyndns address of the fritz router)thi
    Tunnel Access from local IP addresses: Subnet Address
    Local Address:, Mask:
    Remote Address:, Mask:
    Key Exchange Method: Auto
    Authentication Method: Pre-Shared Key
    Pre-Shared Key: YYY (obviously the key I am using is a little longer (;-))
    Perfect Forward Secrecy: Enable
    Phase 1 Mode: Aggressive
    Local Identifier Type: FQDN
    Local Identifier: www.dummy.com (as said, I have a private IP, thus I was thinking using a dummy URL instead)
    Remote Identifier Type: FQDN
    Remote IDentifier: XXX.myfritz.net
    The remaining entries are all with default values:
    Encryption Algorithm: 3DES, Integrity Algorithm: MD5, Diffie-Hellmann Group: 1024 bit, Key Life Time: 3600,...

    On the Fritz Side
    Router IP is
    I imported the following config file:

    vpncfg {
    connections {
    enabled = yes;
    conn_type = conntype_lan;
    name = "BerlinLaPalma";
    always_renew = no;
    reject_not_encrypted = no;
    dont_filter_netbios = no;
    localip =;
    local_virtualip =;
    remoteip =;
    remote_virtualip =;
    remotehostname = "";
    localid {
    fqdn = "XXX.myfritz.net";
    remoteid {
    fqdn = "www.dummy.com";
    mode = phase1_mode_aggressive;
    phase1ss = "all/all/all";
    keytype = connkeytype_pre_shared;
    key = "YYY";
    cert_do_server_auth = no;
    use_nat_t = yes;
    use_xauth = no;
    use_cfgmode = no;
    phase2localid {
    ipnet {
    ipaddr =;
    mask =;
    phase2remoteid {
    ipnet {
    ipaddr =;
    mask =;
    phase2ss = "esp-all-all/ah-none/comp-all/pfs";
    accesslist = "permit ip any";
    ike_forward_rules = "udp",

    // EOF

    Anyone having any idea what I am doing wrong?

  2. #2
    Not really good at VPN. But as I know, there is some trouble on MR200 V1 with VPN passthrough, you can try to contact TP-Link tech support to get the beta firmware which fix the VPN Passthrough problem if you haven't done that.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2018 TP-LINK Technologies Co., Ltd. All rights reserved.