How to configure GRE VPN on the Omada Gateway in Standalone Web

Configuration Guide
Updated 08-20-2024 08:11:39 AM FAQ view icon5379
This Article Applies to: 

Contents

Objective

Requirements

Introduction

Configuration

Verification

Conclusion

FAQ

Objective

This article introduces how to configure the GRE VPN function on the Omada Gateway through typical examples. Currently, this configuration can only be done in Standalone web.

Requirements

  • Omada Gateways
  • Remote Gateway’s WAN IP Address
  • Local & Remote LAN IP Subnets

Introduction

The Omada Gateway’s GRE VPN function is used to encapsulate network layer protocol data packets, allowing them to be transmitted in another network layer protocol. GRE VPN cannot encrypt the packets so it is usually used together with IPsec.

The common scenario for using GRE VPN is shown in the figure below:

Site 1 and Site 2 can access the internet via DHCP dial-up. By configuring GRE VPN, communication can be established between LAN 1 of Site 1 and LAN 2 of Site 2.

IP addresses:

WAN Mode

WAN IP

LAN IP

User IP

Site 1

DHCP

111.1.1.111/22

192.168.1.1/24

192.168.1.100/24

Site 2

DHCP

222.2.2.222/22

192.168.101.1/24

192.168.101.100/24

Configuration

Step 1. Configure GRE VPN for Site 1

Log in standalone web, Go to VPN > GRE and click Add to start configuration, as shown below:

If IPsec encryption is needed, additionally configure a pre-shared key:

Step 2. Configure GRE VPN for Site 2

Go to VPN > GRE and click Add to start configuration, as shown below

Set IPsec Encryption to Unencrypted

If IPsec encryption is needed, additionally configure a pre-shared key:

Note: Local GRE IP & Remote GRE IP are the point-to-point IPv4 addresses used for GRE tunnel encapsulation. They can be filled in with different network segments, but should correspond when configuring the two sites.

Step 3. Check the GRE VPN configuration results. Go to VPN > GRE to view the configured GRE VPN.

Taking Site 1 as an example.

If IPsec encryption is not required:

If IPsec encryption is configured, in addition to viewing it in VPN > GRE, you can also check IPsec negotiation information in VPN > IPsec:

An uneditable entry named GRE is automatically generated in VPN > IPsec > IPsec Policy:

View the negotiation results in VPN > IPsec > IPsec SA:

After GRE VPN configuration is complete, go to Transmission > Routing Table to ensure routes for the remote GRE IP and remote subnet exist, with the interface being the GRE VPN’s name.

Site 1:

Site 2:

Verification

Test connectivity between User 1 and User 2:

User 1:

IP address, subnet mask, gateway:

Ping test to check reachability with User 2:

Use Tracert to check if packets are forwarded via GRE VPN:

User 2:

IP address, subnet mask, gateway:

Ping test to check reachability with User 1:

Use Tracert to see if packets are forwarded via GRE VPN:

Conclusion

You have now successfully configured GRE VPN on the Omada Gateway.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

FAQ

Users from local and remote subnets cannot communicate over GRE VPN?

  • Check the reachability of local and remote WAN IP addresses.
  • Verify the consistency of GRE VPN configuration: in VPN > GRE, find the corresponding entry, then go to Operation > Edit to check the configuration.
  • If IPsec encryption is configured, you can also check the negotiation results in VPN > IPsec > IPsec SA.
  • Go to Transmission > Routing Table to check if there are routes for GRE IP addresses and remote subnet routes.

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.