How to Establish a VPN Connection on TP-Link Wireless 4G LTE Router (new logo)

Configuration Guide
Updated 06-27-2022 03:03:36 AM 23072

Case 1: Establish an IPSec VPN tunnel to connect two LANs via internet

For example, I am the network administrator of a regional office, I need to let my office staff to visit the headquarters’ servers and resources, and vice versa. I know that the router in my office and the device in headquarters both support IPSec VPN feature, so I decide to set up a VPN connection with the headquarter office.

The following diagram is a typical VPN topology. Here Site A refers to regional office’s network (local network). And Site B refers to the headquarters’ network (remote network) which I want to connect to.

https://static.tp-link.com/image001_1495510575794t.png

How can I do that?

Here takes Archer MR200 as demonstration.

1. Make sure of the topology you want to build and record site A (local network) and site B (remote network)’s LAN IP and WAN IP.

2. Configuration on site A (local network).

1) Please refer to How to log into the web-based management interface of TP-Link Wireless Dual Band 4G LTE Router? (new logo)

2) Go to Advanced > VPN > IPSec VPN to open the configuration page. Click Add to set up a VPN tunnel.

https://static.tp-link.com/image002_1495510595635t.png

3) In the IPSec Connection Name column, specify a name.

4) In the Remote IPSec Gateway (URL) column, Enter Site B’s WAN IP address.

5) To configure Site A’s LAN:

In the Tunnel access from local IP addresses column, here we take Subnet Address as an example. Then input the LAN IP range of Site A in the IP Address for VPN column, and input Subnet Mask of Site A.

6) To configure Site B’s LAN:

In the Tunnel access from remote IP addresses column, here we take Subnet Address as an example. Then input the LAN IP range of Site B in the IP Address for VPN column, and input Subnet Mask of Site B.

7) Select the Key Exchange Method for the policy. We select Auto (IKE) here.

8) Enter the Pre-Shared Key for IKE authentication. Then keep Perfect Forward Secrecy enabled.

Note: Make sure Site A and Site B use the same key.

9) Leave the Advanced Settings as default value. Then click OK to save.

3. Configuration on Site B (remote network). Refer to step 2 configuration on Site A and make sure that Site A and Site B use the same pre-shared keys and Perfect Forward Secrecy settings.

4. The Status column will change to Up if the VPN connection has been set up successfully.

5. Check the VPN connection. You can ping site B’ LAN IP from your computer to verify that the IPSec VPN connection is set up correctly.

Tips: To check the VPN connection, you can do the following.

a. On the host in Site A, press [Windows Logo] + [R] to open Run dialog. Input “cmd” and hit OK.

https://static.tp-link.com/image003_1495510607076h.png

b. In the CLI window, type in “ping 192.168.2.x” (“192.168.2.x” can be IP address of any host in Site B). Then press [Enter].

https://static.tp-link.com/image004_1495510783354u.png

c. If Ping proceeds successfully (gets replies from host in Site B), the IPSec connection is working properly now.

Now IPSec VPN is implemented to establish a connection.

Note:

1. The product supports a maximum of ten simultaneous connections.

2. If one of the site has been off line for a while, for example, if Site A has been disconnected, on Site B you need to click Disable and then click Enable after Site A back on line in order to re-establish the IPSec tunnel.

Case 2. Working as a PPTP VPN Server

PPTP VPN Server is used to create a VPN connection for remote device. To use the VPN feature, you should enable PPTP VPN Server on your router, and configure the PPTP connection on the remote device. Please follow the steps below to set up a PPTP VPN connection.

Step 1. Set up PPTP VPN Server on Your Router

1. Please refer to How to log into the web-based management interface of TP-Link Wireless Dual Band 4G LTE Router? (new logo)

2. Go to Advanced > VPN Server > PPTP VPN, and select Enable VPN Server.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/PPTP_VPN-1.png

Note: Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for router’s WAN port and synchronize your System Time with internet.

3. In the Client IP Address filed, enter the range of IP addresses (up to 10) that can be leased to the devices by the PPTP VPN server.

4. In the Username/Password filed, enter the username and password to authenticate clients to the PPTP VPN server.

5. Click Save.

Step 2. Configure PPTP VPN Connection on Your Remote Device

The remote device can use the Windows built-in PPTP software or a third-party PPTP software to connect to PPTP Server. Here we use the Windows built-in PPTP software as an example.

1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center.

2. Select Set up a new connection or network.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/PPTP_VPN-2.png

3. Select Connect to a workplace and click Next.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/PPTP_VPN-3.png

4. Select Use my Internet connection (VPN).

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/PPTP_VPN-4.png

5. Enter the internet IP address of the router (for example: 218.18.1.73) in the Internet address field. Click Next.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/PPTP_VPN-5.png

6. Enter the User name and Password you have set for the PPTP VPN server on your router, and click Connect.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/PPTP_VPN-6.png

7. The PPTP VPN connection is created and ready to use.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/PPTP_VPN-7.png

Case 3. Working as an OpenVPN Server

In the OpenVPN connection, the home network can act as a server, and the remote device can access the server through the router which acts as an OpenVPN Server gateway. To use the VPN feature, you should enable OpenVPN Server on your router, and install and run VPN client software on the remote device. Please follow the steps below to set up an OpenVPN connection.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/OpenVPN-1.png

Step1. Set up OpenVPN Server on Your Router

1. Please refer to How to log into the web-based management interface of TP-Link Wireless Dual Band 4G LTE Router? (new logo)

2. Go to Advanced > VPN Server > OpenVPN, and select Enable VPN Server.

https://www.tp-link.com/us/user-guides/archer-mr600_v1/Chapter_11_Specify_Your_Network_Settings-web-resources/image/OpenVPN-2.png

Note:

•Before you enable VPN Server, we recommend you configure Dynamic DNS Service (recommended) or assign a static IP address for router’s WAN port and synchronize your System Time with internet.

•The first time you configure the OpenVPN Server, you may need to Generate a certificate before you enable the VPN Server.

3. Select the Service Type (communication protocol) for OpenVPN Server: UDP, TCP.

4. Enter a VPN Service Port to which a VPN device connects, and the port number should be between 1024 and 65535.

5. In the VPN Subnet/Netmask fields, enter the range of IP addresses that can be leased to the device by the OpenVPN server.

6. Select your Client Access type. Select Home Network Only if you only want the remote device to access your home network; select Internet and Home Network if you also want the remote device to access internet through the VPN Server.

7. Click Save.

8. Click Generate to get a new certificate.

Note: If you have already generated one, please skip this step, or click Generate to update the certificate.

9. Click Export to save the OpenVPN configuration file which will be used by the remote device to access your router.

Step 2. Configure OpenVPN Connection on Your Remote Device

1.Visit http://openvpn.net/index.php/download/community-downloads.html to download the OpenVPN software, and install it on your device where you want to run the OpenVPN client utility.

Note: You need to install the OpenVPN client utility on each device that you plan to apply the VPN function to access your router. Mobile devices should download a third-party app from Google Play or Apple App Store.

2. After the installation, copy the file exported from your router to the OpenVPN client utility’s “config” folder (for example, C:\Program Files\OpenVPN\config on Windows). The path depends on where the OpenVPN client utility is installed.

3. Run the OpenVPN client utility and connect it to OpenVPN Server.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Related FAQs

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Setup Videos

How to Set up OpenVPN on TP-Link Routers Windows

How to setup PPTP VPN on TP Link routers Windows

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.