Chapter 12 IPSec VPN
VPN (Virtual Private Networking) allows you to access your home network in a secured way through the internet when you are out of the house. The router offers IPSec (Internet Protocol Security) VPN to set up VPN connection.
IPSec (IP Security) is a set of services and protocols defined by IETF (Internet Engineering Task Force) to provide high security for IP packets and prevent attacks.
IPSec VPN is used to create a VPN connection between local and remote networks. To use IPSec VPN, you should check that both local and remote routers support IPSec VPN feature. Then, follow the steps below to set up an IPSec VPN connection.
1.The typical VPN topology is here. Site A refers to local network, and Site B refers to the remote network that is to be connected. Record Site A and Site B’s LAN and WAN IP addresses before you start configuration.
2.Configuration on Site A (local network).
1 )Visit http://tplinkmodem.net, and log in with the account you set for the router.
2 )Go to Advanced > VPN > IPSec VPN, and click Add.
3 )In the IPSec Connection Name column, specify a name.
4 )In the Remote IPSec Gateway (URL) column, Enter Site B’s WAN IP address.
5 )Configure Site A’s LAN.
In the Tunnel access from local IP addresses column, we take Subnet Address as an example. Input the LAN IP range of Site A in the IP Address for VPN column, and input Subnet Mask of Site A.
6 )Configure Site B’s LAN.
In the Tunnel access from remote IP addresses column, we take Subnet Address as an example. Input the LAN IP range of Site B in the IP Address for VPN column, and input Subnet Mask of Site B.
7 )Select the Key Exchange Method for the policy. We select Auto(IKE) here.
8 )Enter the Pre-Shared Key for IKE authentication. Then keep Perfect Forward Secrecy enabled.
Note: Make sure Site A and Site B use the same key.
9 )Leave the Advanced Settings as default value. Then click Save.
Note: The Status column is Down after the configuration, and it will change to UP only when Site A and Site B are communicating via the VPN connection.
3.Configuration on Site B (remote network). Refer to step 2 configuration on Site A and make sure that Site A and Site B use the same pre-shared keys and Perfect Forward Secrecy settings.
4.Check the VPN connection. You can ping site B’ LAN IP from your computer in site A to verify that the IPSec VPN connection is set up correctly.
Tips: To check the VPN connection, you can do the following.
1.On the host in Site A, press [Windows Logo] + [R] to open Run dialog. Input “cmd” and hit OK.
2.In the CLI window, type in “ping 192.168.2.x” (“192.168.2.x” can be IP address of any host in Site B). Then press [Enter].
3.If Ping proceeds successfully (gets replies from host in Site B), the IPSec connection is working properly now.
5.Now IPSec VPN is implemented to establish a connection.
1.The product supports a maximum of ten simultaneous connections.
2.If one of the sites has been offline for a while, for example, if Site A has been disconnected, on Site B you need to click Disable and then click Enable after Site A back on line in order to re-establish the IPSec tunnel.
Thank you for your feedback.
Sorry, something went wrong!