How to Configure a TP-Link Omada Gateway as an OpenVPN Server in Controller Mode

Configuration Guide
Updated 01-29-2024 22:12:00 PM FAQ view icon66071
This Article Applies to: 

Application scenario

Some Omada Gateways support OpenVPN Server functionality in Controller Mode operation. In this guide, the ER7206 is used as an example to explain how to establish an OpenVPN server on an Omada Gateway in Controller Mode. The connection topology is as follows:

To set up the Omada gateway as an OpenVPN server, please follow the steps below.

 

Note: If the gateway is behind a NAT device, to establish a VPN tunnel successfully, first make sure that TCP/UDP port 1194 (default OpenVPN port) is open on the NAT device in front of the Omada Gateway.

 

Configuration

 

Step 1. Create a new VPN policy.

 

Go to VPN → Open VPN and click Add to create a new VPN policy.

 

In this example, we will use the following settings:

Name: test

Status: Enabled

Purpose: Client-to-site VPN

VPN type: VPN Server-OpenVPN

Account password: Enabled

Tunnel mode: Split

Protocol: TUP/UDP

Service port: 1194

Authentication mode: Local

Local network type: Network

IP pool: 192.168.1.1/24

Primary DNS: 8.8.8.8

Secondary DNS: 8.8.4.4

 

Note:

Currently, only the ER7206 with firmware 1.2.3 Build 20221104 or above, and ER605 V2 with firmware 2.1.1 Build 20230115 or above, support the AccountPWD feature. Other models will support this feature in subsequent updates.

Full mode: If enabled, all traffic of the VPN client will go through the VPN. If not, only client traffic accessing the specified server network will go through the VPN tunnel, and other traffic will go through their local gateway.

Step 2. Create an OpenVPN user profile.

Note: If the router does not support the account and password feature, or it is disabled, please skip Step 2, and go to Step 3.

Go to VPN User and click Add. In this example we create the Account Name admin, and Password 12345678. Then, we select Protocol as OpenVPN, Server as the OpenVPN Server we created in Step 1, then click Apply.

Step 3. Export the OpenVPN file

Go to the OpenVPN Policy List and click  in the Action column to export the OpenVPN file that ends in .ovpn, which is to be used by the remote client. The exported OpenVPN file contains the certificate and configuration information.

Now that we have finished the configuration of the OpenVPN Server on the Omada Gateway in Controller Mode we can establish connectivity with the remote client.

Step 4. Configure OpenVPN Connection on Your Remote Device

 

1. Visit http://openvpn.net/index.php/download/community-downloads.html to download the OpenVPN software, and install it on your device where you want to run the OpenVPN client utility.

2. After the installation, copy the file exported from your router to the OpenVPN client utility’s “config” folder (for example, C:\Program Files\OpenVPN\config on Windows). The path depends on where the OpenVPN client utility is installed.

3. Run the OpenVPN client utility and connect it to the OpenVPN Server.

Step 5. Verify the VPN connection.

 

Go to Insight → VPN status → OpenVPN/PPTP/L2TP to verify whether a tunnel is established.

Note: If there is a tunnel listed, the VPN has been established successfully.

 

 

Related FAQs

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >