How to configure PPTP/L2TP/OpenVPN Client to access peer server through site-to-site VPN using business router

Configuration Guide
Updated 06-24-2022 06:25:36 AM 3531
This Article Applies to: 

User’s Application Scenario

Suppose a client is connected to Router A via VPN (PPTP/L2TP/OpenVPN), and Router A and Router B are connected via Site-to-Site VPN. Now the VPN Client wants to access a Server inside Router B through two of these two VPN tunnels.

1. The VPN Client uses PPTP/L2TP VPN

The method of PPTP or L2TP configuration is similar, here L2TP is used as an example

Configuration

Step 1. Create an L2TP VPN Server on Router A.

For a detailed configuration process, please refer to: How to establish an L2TP Server by Omada Gateway in Standalone mode?

Please note that the VPN IP Pool and the LAN IP of Router A need to be set in the same network segment, namely 192.168.0.1/24.

Note: The latest firmware of the router already supports VPN IP and LAN IP in the same network segment.

Step 2. Create an IPsec Site-to-Site VPN between Router A and Router B.

For a detailed configuration process, please refer to How to Set up Site-to-Site Manual IPsec VPN Tunnels on Omada Gateway in Controller Mode?

Here, we have established a VPN Tunnel between router A and router B.

Step 3. Connect to the L2TP Server.

Here, we used a PC connect to the L2TP Server. The IP address of 192.168.0.2 is assigned from the server.

For a detailed configuration process, please refer to: How to configure PPTP/L2TP client on remote PC?

Note: “Use default gateway on remote network” is need to be enabled.

Go to Control Panel –> Network and Internet –> Network and Sharing Center –> Change Adapter Settings, then you will find the L2TP VPN adapters. Right-click the adapter –> Properties –> Networking, Double-click “Internet Protocol Version 4” –> Advanced, then you will find the Advanced TCP/IP settings for the VPN.

Step 4. Verification process

The L2TP Client can access the server behind Router B through Site-to-Site VPN.

2. The VPN Client uses OpenVPN

Configuration

Step 1. Create an OpenVPN Server on Router A.

Go to VPN-->OpenVPN-->OpenVPN Server, create a new OpenVPN Server. Please note that the IP address range entered in Local Network should include all the LAN IP address ranges of Router A and Router B. For example, the range of 192.168.0.1/16 includes 192.168.0.1/24 and 192.168.20.1/24

Because the OpenVPN client will generate a new routing table based on the address range entered here after the connection is successfully established, it is necessary to ensure that the subnet of Router B is within this range before data can enter the OpenVPN Tunnel.

At the same time, set the VPN IP Pool and the LAN IP of Router A in the same network segment.

After the OpenVPN Server is created, wait a few minutes and export the OpenVPN configuration file and sent to clients that need to connect.

Step 2. Create an IPsec Site-to-Site VPN between Router A and Router B.

This step is the same as the above process and will not be repeated here.

Step 3. Connect to the OpenVPN Server.

Here, we used the OpenVPN GUI on the PC to connect to the OpenVPN Server. Import the OpenVPN configuration file into the OpenVPN GUI and connect. The IP address of 192.168.0.10 is assigned from the server side.

By querying the routing table on the PC, it can be found that a route to 192.168.0.1/16 is generated, and the interface is the virtual IP address of OpenVPN.

Step 4. Verification process

The OpenVPN Client can access the server behind Router B through Site-to-Site VPN.

Note: When the VPN Client uses PPTP/L2TP, Router A can be implemented in both Controller mode and Standalone mode. When the VPN Client uses OpenVPN, Router A can only implement this application scenario in Standalone mode.

To get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Related FAQs

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Sign up for news & offersTP-Link takes your privacy seriously. For further details on TP-Link's privacy practices, see TP-Link's Privacy Policy
Please contact our Live Chat service for immediate support, or ask questions on our Community / email support. Our hotline service will have longer than normal holds times or be unavailable at times because of the recent world events.

From United States?

Get products, events and services for your region.