Search icon Choose location
 
Search icon

Configuring an Omada Gateway as a PPTP/L2TP VPN Client to Enable VPN Server as Proxy Gateway for Backend Clients

Configuration Guide
Updated 02-16-2024 20:30:20 PM 6564
This Article Applies to: 

Application Scenario:

Using the following network topology as an example, we will configure Router B as a PPTP/L2TP VPN Client and connect to the PPTP/L2TP VPN Server (Router A).

Configuration Overview:

  1. Configure Router A as PPTP/L2TP VPN Server.
  2. Configure Router B as PPTP/L2TP VPN Client.

 

Case 1: All backend clients want to access the Internet via the VPN Server.

Case 2: Specific backend clients want to access the Internet via the VPN Server, requiring configuration of Policy Routing on Router B (PPTP/L2TP VPN Client) for specific devices.

Configuration Steps:

  1. Configure Router A as PPTP/L2TP VPN Server.

 

NOTE: For detailed configuration instructions, please refer to the following articles:

How to establish an L2TP Server by Omada Gateway in Standalone mode

How to establish a PPTP Server by Omada Gateway in Standalone mode

  1. Configure Router B as PPTP/L2TP VPN Client.

 

Case 1: If you want all the backend clients to access the Internet via the VPN Server, please refer to the following article:

How to set up PPTP & L2TP VPN client with Omada Gateway in standalone mode

Note: A Remote Subnet set to 0.0.0.0/0 will allow all backend clients Internet access via the VPN Server by default.

Case 2: If you want specific backend clients to access the Internet via VPN Server, please refer to the following article before proceeding:

How to set up PPTP & L2TP VPN client with Omada Gateway in standalone mode

After completing the configuration, please refer to the steps below:

  1. Configure Policy Routing on Router B (PPTP/L2TP VPN Client) for specific devices.

 

NOTE: (In this scenario we use L2TP VPN Server and L2TP VPN Client as an example. The configuration is the same for PPTP VPN Server and PPTP VPN Client.)

 

  1. Go to “Preferences → IP Group” to configure corresponding IP group and IP address range settings for the specific devices that will access the Internet via the PPTP/L2TP VPN Server as a Proxy Gateway.

  1. Next, go to “Transmission → Routing → Policy Routing” to create a rule for the devices.

 

In this example we select “test1” under “Source IP”. This would be the IP group name you configured in the previous step.

Then, select “L2TP” next to “WAN“. This will route the relevant traffic of the clients in the IP Group via the L2TP VPN tunnel.

Note: Here we select “IPGROUP_ANY” next to “Destination IP”. This means the routing rule will forward all the traffic of the clients in the selected IP Group.

  1. Verification.

 

(1) By default, without Policy Routing, the devices would access the Internet via their default gateway (e.g., 192.168.10.1). This can be verified using Traceroute via Command Prompt (e.g., “tracert 8.8.8.8”)

(2) With Policy Routing enabled, the devices access the Internet by using the VPN Server 192.168.0.1, as a Proxy Gateway. This too can be verified using Traceroute via Command Prompt (e.g., “tracert 8.8.8.8”)

 

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Livechat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Facebook

_fbp

Crazy Egg

cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs

Hotjar

OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or