Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 2 of 2
  1. #1

    VPN connection between MR200 (private IP) and Fritz 6490 (public IP via DynDNS)

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Hi,

    I hope there are some true VPN cracks around here?
    I am trying to connect my TPLink Archer MR200 (which unfortunately gets a private IP address from my spanish 4G provider) with my Fritz 6490 at home.
    After hours of research and trial/error this is what I came up with... but have not been able to get the status ever changing from "down" to anything different...

    TPLink side:

    router internal IP: 192.168.179.1
    router external IP: as said... a private one, thus dyndns isn't possible.

    I created the following entry in Network > IPSec VPN:
    ConnectionName: BerlinLaPalma
    Remote Gateway: XXX.myfritz.net (the dyndns address of the fritz router)thi
    Tunnel Access from local IP addresses: Subnet Address
    Local Address: 192.168.179.0, Mask: 255.255.255.0
    Remote Address: 192.168.178.0, Mask: 255.255.255.0
    Key Exchange Method: Auto
    Authentication Method: Pre-Shared Key
    Pre-Shared Key: YYY (obviously the key I am using is a little longer (;-))
    Perfect Forward Secrecy: Enable
    Phase 1 Mode: Aggressive
    Local Identifier Type: FQDN
    Local Identifier: www.dummy.com (as said, I have a private IP, thus I was thinking using a dummy URL instead)
    Remote Identifier Type: FQDN
    Remote IDentifier: XXX.myfritz.net
    The remaining entries are all with default values:
    Encryption Algorithm: 3DES, Integrity Algorithm: MD5, Diffie-Hellmann Group: 1024 bit, Key Life Time: 3600,...


    On the Fritz Side
    Router IP is 192.168.178.1
    I imported the following config file:

    vpncfg {
    connections {
    enabled = yes;
    conn_type = conntype_lan;
    name = "BerlinLaPalma";
    always_renew = no;
    reject_not_encrypted = no;
    dont_filter_netbios = no;
    localip = 0.0.0.0;
    local_virtualip = 0.0.0.0;
    remoteip = 0.0.0.0;
    remote_virtualip = 0.0.0.0;
    remotehostname = "";
    localid {
    fqdn = "XXX.myfritz.net";
    }
    remoteid {
    fqdn = "www.dummy.com";
    }
    mode = phase1_mode_aggressive;
    phase1ss = "all/all/all";
    keytype = connkeytype_pre_shared;
    key = "YYY";
    cert_do_server_auth = no;
    use_nat_t = yes;
    use_xauth = no;
    use_cfgmode = no;
    phase2localid {
    ipnet {
    ipaddr = 192.168.178.0;
    mask = 255.255.255.0;
    }
    }
    phase2remoteid {
    ipnet {
    ipaddr = 192.168.179.0;
    mask = 255.255.255.0;
    }
    }
    phase2ss = "esp-all-all/ah-none/comp-all/pfs";
    accesslist = "permit ip any 192.168.179.0 255.255.255.0";
    }
    ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
    "udp 0.0.0.0:4500 0.0.0.0:4500";
    }


    // EOF


    Anyone having any idea what I am doing wrong?

  2. #2
    Not really good at VPN. But as I know, there is some trouble on MR200 V1 with VPN passthrough, you can try to contact TP-Link tech support to get the beta firmware which fix the VPN Passthrough problem if you haven't done that.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.