How to configure GRE VPN on the Omada Gateway in Standalone Web
654 Contents
This article introduces how to configure the GRE VPN function on the Omada Gateway through typical examples. Currently, this configuration can only be done in Standalone web.
- Omada Gateways
- Remote Gateway’s WAN IP Address
- Local & Remote LAN IP Subnets
The Omada Gateway’s GRE VPN function is used to encapsulate network layer protocol data packets, allowing them to be transmitted in another network layer protocol. GRE VPN cannot encrypt the packets so it is usually used together with IPsec.
The common scenario for using GRE VPN is shown in the figure below:
Site 1 and Site 2 can access the internet via DHCP dial-up. By configuring GRE VPN, communication can be established between LAN 1 of Site 1 and LAN 2 of Site 2.
IP addresses:
|
|
WAN Mode |
WAN IP |
LAN IP |
User IP |
|
Site 1 |
DHCP |
111.1.1.111/22 |
192.168.1.1/24 |
192.168.1.100/24 |
|
Site 2 |
DHCP |
222.2.2.222/22 |
192.168.101.1/24 |
192.168.101.100/24 |
Step 1. Configure GRE VPN for Site 1
Log in standalone web, Go to VPN > GRE and click Add to start configuration, as shown below:
If IPsec encryption is needed, additionally configure a pre-shared key:
Step 2. Configure GRE VPN for Site 2
Go to VPN > GRE and click Add to start configuration, as shown below
Set IPsec Encryption to Unencrypted
If IPsec encryption is needed, additionally configure a pre-shared key:
Note: Local GRE IP & Remote GRE IP are the point-to-point IPv4 addresses used for GRE tunnel encapsulation. They can be filled in with different network segments, but should correspond when configuring the two sites.
Step 3. Check the GRE VPN configuration results. Go to VPN > GRE to view the configured GRE VPN.
Taking Site 1 as an example.
If IPsec encryption is not required:
If IPsec encryption is configured, in addition to viewing it in VPN > GRE, you can also check IPsec negotiation information in VPN > IPsec:
An uneditable entry named GRE is automatically generated in VPN > IPsec > IPsec Policy:
View the negotiation results in VPN > IPsec > IPsec SA:
After GRE VPN configuration is complete, go to Transmission > Routing Table to ensure routes for the remote GRE IP and remote subnet exist, with the interface being the GRE VPN’s name.
Site 1:
Site 2:
Test connectivity between User 1 and User 2:
User 1:
IP address, subnet mask, gateway:
Ping test to check reachability with User 2:
Use Tracert to check if packets are forwarded via GRE VPN:
User 2:
IP address, subnet mask, gateway:
Ping test to check reachability with User 1:
Use Tracert to see if packets are forwarded via GRE VPN:
You have now successfully configured GRE VPN on the Omada Gateway.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Users from local and remote subnets cannot communicate over GRE VPN?
- Check the reachability of local and remote WAN IP addresses.
- Verify the consistency of GRE VPN configuration: in VPN > GRE, find the corresponding entry, then go to Operation > Edit to check the configuration.
- If IPsec encryption is configured, you can also check the negotiation results in VPN > IPsec > IPsec SA.
- Go to Transmission > Routing Table to check if there are routes for GRE IP addresses and remote subnet routes.
هل تجد هذه الأسئلة مفيدة؟
مشاركتك تساعدنا في تحسين الموقع
1.0_normal_1609659027171k.png)
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.