How to Configure a TP-Link Omada Gateway as an OpenVPN Server in Controller Mode
Application scenario
Some Omada Gateways support OpenVPN Server functionality in Controller Mode operation. In this guide, the ER7206 is used as an example to explain how to establish an OpenVPN server on an Omada Gateway in Controller Mode. The connection topology is as follows:
To set up the Omada gateway as an OpenVPN server, please follow the steps below.
Note: If the gateway is behind a NAT device, to establish a VPN tunnel successfully, first make sure that TCP/UDP port 1194 (default OpenVPN port) is open on the NAT device in front of the Omada Gateway.
Configuration
Step 1. Create a new VPN policy.
Go to VPN → Open VPN and click Add to create a new VPN policy.
In this example, we will use the following settings:
Name: test
Status: Enabled
Purpose: Client-to-site VPN
VPN type: VPN Server-OpenVPN
Account password: Enabled
Tunnel mode: Split
Protocol: TUP/UDP
Service port: 1194
Authentication mode: Local
Local network type: Network
IP pool: 192.168.1.1/24
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
Note:
Currently, only the ER7206 with firmware 1.2.3 Build 20221104 or above, and ER605 V2 with firmware 2.1.1 Build 20230115 or above, support the AccountPWD feature. Other models will support this feature in subsequent updates.
Full mode: If enabled, all traffic of the VPN client will go through the VPN. If not, only client traffic accessing the specified server network will go through the VPN tunnel, and other traffic will go through their local gateway.
Step 2. Create an OpenVPN user profile.
Note: If the router does not support the account and password feature, or it is disabled, please skip Step 2, and go to Step 3.
Go to VPN User and click Add. In this example we create the Account Name admin, and Password 12345678. Then, we select Protocol as OpenVPN, Server as the OpenVPN Server we created in Step 1, then click Apply.
Step 3. Export the OpenVPN file
Go to the OpenVPN Policy List and click in the Action column to export the OpenVPN file that ends in .ovpn, which is to be used by the remote client. The exported OpenVPN file contains the certificate and configuration information.
Now that we have finished the configuration of the OpenVPN Server on the Omada Gateway in Controller Mode we can establish connectivity with the remote client.
Step 4. Configure OpenVPN Connection on Your Remote Device
1. Visit http://openvpn.net/index.php/download/community-downloads.html to download the OpenVPN software, and install it on your device where you want to run the OpenVPN client utility.
2. After the installation, copy the file exported from your router to the OpenVPN client utility’s “config” folder (for example, C:\Program Files\OpenVPN\config on Windows). The path depends on where the OpenVPN client utility is installed.
3. Run the OpenVPN client utility and connect it to the OpenVPN Server.
Step 5. Verify the VPN connection.
Go to Insight → VPN status → OpenVPN/PPTP/L2TP to verify whether a tunnel is established.
Note: If there is a tunnel listed, the VPN has been established successfully.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.