Can we connect through ipsec VPN Mikrotik RouterBoard hEX to TP-LINK TL-R605 omada

xperiments2021 · April 27, 2021, 8:21am

Hello to everyone. I have the obligation to mention that I am inexperienced in Mikrotik products.

Can anyone try to connect through IPsec VPN Mikrotik Routerboard hEX router to TP-LINK TL-R605 omada router. I will give a try for this. If anyone has more info about it, could you please support us! Thanks

Here is my topology

Here is my configuration of TL-LINK TL-R605

*on remote gateway I set the public IP address of network 2

Here is my configuration of Mikrotik

on address I set the public IP address of network 1

xperiments2021 · April 29, 2021, 11:41am

I make some changes:
Mikrotik Configurations

TP-LINK Configuration

I see in some video tutorials for mikrotik that phase 1 is configuration of profiles and phase 2 is proposals.
Also as you can see for tplink configuration i convert lifetime in seconds
08:00:00 is 28800 seconds
1d is 86400 seconds
And VPN dont WORK. Any advice??
Thanks a lot in advance

xperiments2021 · May 5, 2021, 12:18pm

Any advice someone???

rextended · May 5, 2021, 12:24pm

I’m sorry I can’t help you,
but I wanted to thank you because you are one of the few people who put up a chart to make people understand the problem.

I hope someone who knows TP-Link can help you.

Thank you.

felixka · July 30, 2021, 10:43pm

I, too, have been unable to make this work between a TL-R605 and an RB4011 running ROSv6.46. The Mikrotik router tries to establish a Phase 2 tunnel but never receives a reply from the TP-Link.
This Omada stuff seems to be very early stage right now.

felixka · August 2, 2021, 9:25am

Got it to work for my setup where the Omada device is on a static IP and the Mikrotik RB4011 is on a dynamic IP, initiating the IPSec tunnel from it’s side.

TL-R605 Firmware: 1.1.0
RB4011 Firmware: 6.49beta46

Here are my settings:
Mikrotik side:

/ip ipsec profile
add dh-group=ecp521 enc-algorithm=aes-256 lifetime=8h name=omada
/ip ipsec peer
add address=<static WAN IP of Omada Device> exchange-mode=ike2 name=omada profile=omada
/ip ipsec proposal
add enc-algorithms=aes-256-cbc lifetime=8h name=omada pfs-group=modp1536
/ip ipsec identity
add my-id=fqdn:remote.example.com peer=omada secret=<your PSK>
/ip ipsec policy
add dst-address=192.168.0.0/24 peer=omada proposal=omada src-address=10.0.0.0/24 tunnel=yes

Omada Settings:

yabdali · November 3, 2022, 7:21pm

kygeld:

Got it to work for my setup where the Omada device is on a static IP and the Mikrotik RB4011 is on a dynamic IP, initiating the IPSec tunnel from it’s side.

TL-R605 Firmware: 1.1.0
RB4011 Firmware: 6.49beta46

Here are my settings:
Mikrotik side:
/ip ipsec profile
add dh-group=ecp521 enc-algorithm=aes-256 lifetime=8h name=omada
/ip ipsec peer
add address=<static WAN IP of Omada Device> exchange-mode=ike2 name=omada profile=omada
/ip ipsec proposal
add enc-algorithms=aes-256-cbc lifetime=8h name=omada pfs-group=modp1536
/ip ipsec identity
add my-id=fqdn:remote.example.com peer=omada secret=<your PSK>
/ip ipsec policy
add dst-address=192.168.0.0/24 peer=omada proposal=omada src-address=10.0.0.0/24 tunnel=yes
Omada Settings:
omada_mikrotik_vpn_settings.png

Hi,
Would it be possible to share further details about firewall/port forwarding configuration on both ends? Thanks in advance