TP-Link TL-ER6120 Setup Instructions
  1. Manuals
  2. Brands
  3. TP-Link Manuals
  4. Network Hardware
  5. SafeStream TL-ER6120
  6. Setup instructions

TP-Link TL-ER6120 Setup Instructions

How to configure vpn function on tp-link routers
Hide thumbs Also See for TL-ER6120:

Advertisement

Table of Contents

See also: User Manual , Installation Manual
How to configure VPN function on TP-LINK Routers
1.
VPN Overview................................................................................................................ 2
2.
How to configure LAN-to-LAN IPsec VPN on TP-LINK Router........................................ 3
3.
4.
5.
6.
How to configure a PPTP Server on TP-LINK Router ................................................... 41
7.
How to configure a L2TP Server on TP-LINK Router.................................................... 53
1

Advertisement

Table of Contents
loading

Related Manuals for TP-Link TL-ER6120

Summary of Contents for TP-Link TL-ER6120

  • Page 1: Table Of Contents

    VPN Overview........................ 2 How to configure LAN-to-LAN IPsec VPN on TP-LINK Router........3 How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router....13 How to configure Shrew Soft VPN IPsec Client with TP-LINK Router......23 How to configure LAN-to-LAN L2TP/PPTP VPN on TP-LINK Router ......34 How to configure a PPTP Server on TP-LINK Router ...........

  • Page 2: Vpn Overview

    It is a connection secured by encrypting the data and using point-to-point authentication. As the packets are encapsulated and de-encapsulated in the Router, the tunneling topology implemented by encapsulating packets is transparent to users. The tunneling protocols supported by TP-LINK Routers are as below: Product Model Tunneling Protocol TL-ER6120 IPsec、PPTP、L2TP...

  • Page 3: How To Configure Lan-To-Lan Ipsec Vpn On Tp-Link Router

    2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router Suitable for: TL-ER6120, TL-ER6020, TL-ER604W, TL-R600VPN To setup an IPsec VPN tunnel on TP-LINK routers you need to perform the following steps: A. Connecting the devices together B. Verify the settings needed for IPsec VPN on router C.
  • Page 4 Router B’s Status page:...
  • Page 5 C. Configuring IPsec VPN settings on TL-ER6120 (Router A) Step 1 : On the management webpage, click on VPN then IKE Proposal. Under IKE Proposal, enter Proposal Name whatever you like, select Authentication, Encryption and DH Group, we use MD5,3DES, DH2 in this example.
  • Page 6 Step 3 : Click on IKE Policy, enter Policy Name whatever you like, select Exchange Mode, in this example we use Main, select IP Address as ID Type. Step 4 : Under IKE Proposal 1, we use test1 in this example. Enter Pre-shared Key and SA Lifetime you want, DPD is disabled.
  • Page 7 Step 7 : Click on Add. Step 8 : Click on IPsec Policy, enter Policy Name whatever you like, the Mode should be LAN- to-LAN. Enter Local Subnet and Remote Subnet. Step 9 : Select WAN you use and type in Remote Gateway. In this example, the Remote Gateway is Router B’s WAN IP address, 218.18.1.208.

  • Page 8: Step

    Step 13 : Look for PFS, we set NONE here, under SA Lifetime, enter “28800” or the period you want. Step 14 : Look for Status then select Activate Step 15 : Click on Add. Step 16 : Select Enable then click on Save.

  • Page 9: Step

    D. Configuring IPsec VPN settings on TL-R600VPN (Router B) Step 1 : Go to IPsec VPN -> IKE, click on Add New Step 2 : Enter Policy Name whatever you like, here we use test2. Exchange Mode, select Main. Step 3 : Authentication Algorithm and Encryption Algorithm are the same with Router A, we use MD5 and 3DES in this example.
  • Page 10 Step 4 : DH Group, select DH2, the same with Router A. Step 5 : Enter Pre-share Key and SA Lifetime, make sure that they are the same with Router Step 6 : Click on Save. Step 7 : Click on IPsec on left side, click on Add New. Step 8 : Enter Policy Name, we use ipsec2 in this example.
  • Page 11 Step 10 : Look for Exchange mode, please select IKE, and Security Protocol, we use ESP here. Step 11 : Authentication Algorithm and Encryption Algorithm are the same with Router A, we use MD5 and 3DES in this example. Step 12 : IKE Security Policy, we use test2 in this example. Step 13 : Look for PFS, we set NONE here, under Lifetime, enter “28800”...

  • Page 13: How To Configure Greenbow Ipsec Vpn Client With A Tp-Link Vpn Router

    (http://www.thegreenbow.com/vpn/vpn-client.html?utm_expid=333874- 5.xSdTaggCQhu28X37j2BKrw.1&utm_referrer=http%3A%2F%2Fwww.thegreenbow.com%2F services.html To setup an IPsec VPN tunnel between the GreenBow IPsec VPN Client and the TP-LINK VPN Router you need to perform the following steps: A. Make sure PCs of two sides can access to Internet B. Configuring the TP-LINK VPN Router C.
  • Page 14 Step 2: On the management webpage, click on VPN then IKE Proposal. Under IKE Proposal, enter Proposal Name whatever you like, select Authentication, Encryption and DH Group, we use MD5, 3DES, DH2 in this example. Step 3: Click on IKE Policy, enter Policy Name whatever you like, select Exchange Mode, in this example we use Main, select FQDN as ID Type and enter Local ID and Remote ID whatever you like, here we enter “1234”...
  • Page 15 NOTE: No matter on Main mode or Aggressive mode, once the client PC is behind a NAT device, we have to select FQDN as ID Type and the NAT device must support VPN passthrough, otherwise the VPN tunnel can’t be established. Step 4: Under IKE Proposal 1, we select 1 in this example.
  • Page 16 Step 6: Click on IPsec Policy, enter Policy Name whatever you like, the Mode should be Client-to- LAN. Enter Local Subnet and select WAN port. Step 7: Look for Policy Mode and select IKE. Under IKE Policy, we select 123 which is used. Under IPsec Proposal, we use 123 in this example.
  • Page 17 Step 8: Look for PFS, we set NONE here, under SA Lifetime, enter “28800” or the period you want. Look for Status then select Activate. Step 9: Enable IPsec and then click on Save. C. Configuring the GreenBow VPN Client Step 1: Right click on VPN Configuration and click on New Phrase 1.
  • Page 18 Under Remote Gateway, enter the router’s WAN IP address, the Pre-shared Key should be the same with router’s, it is “123456”.on IKE section, the Encryption, Authentication and Key Group are the same with router’s, we use 3DES, MD5and DH2 here. Step 3: Go to Advanced tab, select DNS as Type of ID, and then enter “4321”...
  • Page 19 Step 4: Right click on Phase 1, add a new phrase 2.
  • Page 20 Step 5: Enter remote LAN address and Subnet mask, in the example, the IP address is 192.168.0.0, Subnet mask is 255.255.255.0. Encryption and Authentication are the same with routers; we use 3DES and MD5 here. The Mode should be Tunnel.
  • Page 21 Step 6: Click Save and Apply and then right click on Phrase 2(Tunnel), click on Open Tunnel.
  • Page 22 Step 7: If the client connect to the VPN Server successfully, you can see IPsec SA on the list.

  • Page 23: How To Configure Shrew Soft Vpn Ipsec Client With Tp-Link Router

    4. How to configure Shrew Soft VPN IPsec Client with TP-LINK Router Suitable for: TL-ER6120, TL-ER6020, TL-ER604W Shrew Soft VPN IPsec Client is an VPN Client software developed by Shrew Soft Inc. It can be downloaded from official website of Shrew Soft (https://www.shrew.net/download/vpn).
  • Page 24 Step 2: On the management webpage, click on VPN then IKE Proposal. Under IKE Proposal, enter Proposal Name whatever you like, select Authentication, Encryption and DH Group, we use MD5, 3EDS, DH2 in this example. Click on Add. Step 3: Click on IKE Policy, enter Policy Name whatever you like, we select Aggressive for Exchange Mode, select FQDN as ID Type and enter Local ID whatever you like, here we enter “123”...
  • Page 25 NOTE: No matter on Main mode or Aggressive mode, once the client PC is behind a NAT device, we have to select FQDN as ID Type and the NAT device must support VPN passthrough, otherwise the VPN tunnel can’t be established. Step 4: Under IKE Proposal 1, we select test in this example.
  • Page 26 Step 6: Click on IPsec Policy, enter Policy Name whatever you like, the Mode should be Client-to-LAN. Enter Local Subnet and select WAN port.
  • Page 27 Step 9: Enable IPsec and then click on Add. C. Configuring the Shrew VPN Client Step 1: Click on Add. Under Host Name or IP Address, enter the TL-ER6120’s WAN IP address, select disable for Auto Configuration. Under Address Method, we select Using an existing adapter and current address.
  • Page 28 Step 3: Click on Authentication on the top menu, select Mutual PSK as Authentication. Under Identification Type, select Fully Qualified Domain Name and enter “321” for FQDN String. Step 4: Click on Remote Identity, select Fully Qualified Domain Name as Identification Type and enter “123”...
  • Page 29 Step 5: Click on Credentials, the Pre Shared Key, should be the same as the Pre-shared Key on the TL-ER6120, it’s “123456789”.
  • Page 30 Cipher Algorithm, and Hash Algorithm are the same with TL-ER6120’s, we use aggressive, group 2, 3des, md5 here. Step 7: Click on Phase 2, under the Proposal Parameters, the Transform Algorithm, HMAC Algorithm are the same with TL-ER6120’s we use esp-3des, md5 here. PFS Exchange and Compress Algorithm are disabled.
  • Page 31 Step 8: Click on Policy, don’t tick Obtain Topology Automatically or Tunnel All. Then click on Add. Step 9: Select Include as Type, enter the TL-ER6120’s LAN Subnet Address and Subnet Mask, it’s 192.168.1.0, 255.255.255.0. Then click on OK and Save.
  • Page 32 Step 10: Click on Connect. Step 11: Click on Connect. Step 12: After Shrew Soft VPN show tunnel enabled as the followings, you need ping TL- ER6120 LAN IP.
  • Page 33 Step 13: If client connect to the VPN Server successfully, you can see IPsec SA on the list.

  • Page 34: How To Configure Lan-To-Lan L2Tp/Pptp Vpn On Tp-Link Router

    NOTE: We give the guide to configure LAN-to-LAN PPTP VPN in this example, the way to configure LAN-to-LAN L2TP VPN is similar. If the TP-LINK Router configured as PPTP Server is behind a NAT device, Virtual Server or DMZ should be configured on the NAT device, otherwise the VPN tunnel can’t be established.
  • Page 35 Router B’s Status Page:...
  • Page 36 C. Configuring a PPTP Server on TP-LINK router Step 1 : Access Router A’s management page, click on VPN->L2TP/PPTP->IP Address Pool, enter Pool Name and IP Address Range, and then click on Add. Enter pool name Click NOTE: 1) The IP addresses in the IP Address Pool can only be in the same subnet with the VPN router’s LAN port in the latest firmware, and in the earlier version firmware, IP Address pool...
  • Page 37  In the Different Subnet 1) Configure the IP Address Pool of access router A as step 1. Enter pool name Click 2) Choose the menu Advanced→NAT→Multi-Nets NAT to enter the Subnet/Mask and select the Status Activate.
  • Page 38 Enter subnet and mask Click 3) Keep using the default gateway on remote network on clients. Step 2 : Go to L2TP/PPTP Tunnel, look for protocol, select PPTP; the Mode should be Server. DNS setting is not necessary, it can be kept as default Click Save Click...
  • Page 39 1) If the IP addresses in the IP Address Pool is not in the same subnet with the Router A’s LAN port, the IP address Pool here should choose PPTP2_Dialup_User. 2) In the latest firmware of TP-LINK router, the Enable VPN-to-Internet button is removed and the VPN feature is enabled by default.
  • Page 40 Step 4 : Under Remote Subnet, enter Router B’s local subnet, we enter “192.168.1.0/24” in this example. Step 5 : Look for Status, select Active. Step 6 : Click on Add and then click on Save. Step 7: If the PPTP tunnel is established successfully, you can check it on List of Tunnel. Also, PC within the local subnet of Router B, can ping Router A’s LAN IP (192.168.0.1).

  • Page 41: How To Configure A Pptp Server On Tp-Link Router

    B. Configuring a PPTP Server on TP-LINK router C. Configuring PPTP client on remote PC (Windows 7) NOTE: If the TP-LINK Router is behind a NAT device, Virtual Server or DMZ should be configured on the NAT device, otherwise the VPN tunnel can’t be established.
  • Page 42 Step 2: Click on VPN->L2TP/PPTP->IP Address Pool, enter Pool Name and IP Address Range, and then click on Add. NOTE: 1) The IP addresses in the IP Address Pool can only be in the same subnet with the VPN router’s LAN port in the latest firmware, and in the earlier version firmware, IP Address pool must be in the different subnet with the VPN router’s LAN IP address range.
  • Page 43 2) If the IP addresses in the IP Address Pool is in the same subnet with the VPN router’s LAN port, the remote VPN clients can directly access the Internet. It’s recommended that the IP address range in the IP Address Pool do not overlap with the one in the local DHCP IP address pool.
  • Page 44 Click 2) Choose the menu Advanced→NAT→Multi-Nets NAT to enter the Subnet/Mask and select the Status Activate. Enter subnet and mask Click 3) Keep using the default gateway on remote network on clients. Step 3: Look for protocol, select PPTP; the Mode should be Server.
  • Page 45 DNS setting is not necessary, it can be kept as default Click on Save Click on Enter Account Name Password Step 4: Enter Account Name and Password whatever you like, here we use “client” as account name, password is “123456”. Step 5: Under Tunnel, select Client-to-LAN.
  • Page 46 1) If the IP addresses in the IP Address Pool is not in the same subnet with the VPN router’s LAN port, the IP address Pool here should choose PPTP2_Dialup_User. 2) In the latest firmware of TP-LINK router, the Enable VPN-to-Internet button is removed and the VPN feature is enabled by default.
  • Page 47 Step 3: Choose Connect to a workplace, and then click on Next.
  • Page 48 Step 4: Select Use my Internet connection (VPN) Step 5: Under Internet address field, enter router’s WAN IP address, and then click on Next.
  • Page 49 Step 6: Enter User name and Password, and then click on Create.
  • Page 50 Step 7: The VPN connection is created and ready to use, click on Close. Step 8: Go to Network and Sharing Center and click on Change adapter settings on the left menu. Step 9: Right Click on VPN Connection and select Connect.
  • Page 51 Step 10: Enter User name and Password and then click on Connect. Step 11:...
  • Page 52 If the PPTP tunnel is established successfully, you can check it on List of Tunnel.

  • Page 53: How To Configure A L2Tp Server On Tp-Link Router

    B. Configuring a L2TP Server on TP-LINK router C. Configuring L2TP client on remote PC (Windows 7) NOTE: If the TP-LINK Router is behind a NAT device, Virtual Server or DMZ should be configured on the NAT device, otherwise the VPN tunnel can’t be established.
  • Page 54 Step 2: Click on VPN->L2TP/PPTP->IP Address Pool, enter Pool Name and IP Address Range, and then click on Add. NOTE: 1) The IP addresses in the IP Address Pool can only be in the same subnet with the VPN router’s LAN port in the latest firmware, and in the earlier version firmware, IP Address pool must be in the different subnet with the VPN router’s LAN IP address range.
  • Page 55 Only in this way, the remote VPN clients can access the Internet via the VPN router in the headquarters. The following contents will respectively introduce the two situations.  In the Same Subnet 1) Configure the IP Address Pool of access router A as step 2. 2) Keep using the default gateway on remote network on clients, as the steps in the following picture.
  • Page 56 Enter subnet and mask Click 3) Keep using the default gateway on remote network on clients. Step 3: Look for protocol, select L2TP; the Mode should be Server. DNS setting is not necessary, it can be kept as default Click on Save Click on Enter...
  • Page 57 1) If the IP addresses in the IP Address Pool is not in the same subnet with the VPN router’s LAN port, the IP address Pool here should choose PPTP2_Dialup_User. 2) In the latest firmware of TP-LINK router, the Enable VPN-to-Internet button is removed and the VPN feature is enabled by default.
  • Page 58 C. Configuring L2TP client on remote PC (Windows 7) NOTE: For remote PC to connect to L2TP server, it can use Windows built-in L2TP software or Third-party L2TP software. Step 1: Click on Start->Control Panel->Network and Internet->Network and Sharing Center. Step 2: Click on Set up a new connection or network.
  • Page 59 Step 3: Choose Connect to a workplace, and then click on Next. Step 4: Select Use my Internet connection (VPN)
  • Page 60 Step 5: Under Internet address field, enter router’s WAN IP address, and then click on Next.
  • Page 61 Step 6: Enter User name and Password, and then click on Create. Step 7: The VPN connection is created and ready to use, click on Close.
  • Page 62 Step 8: Go to Network and Sharing Center and click on Change adapter settings on the left menu. Step 9: Right Click on VPN Connection and select Properties. On the Security tab, Select Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec), under Data encryption, select Require encryption (disconnect if server declines).
  • Page 63 Step 10: Click on Advanced settings, pick Use preshared key for authentication, and then enter the key, here is “5678”.
  • Page 64 Step 11: Double click on VPN Connection, enter User name and Password and then click on Connect.

This manual is also suitable for:

Tl-er6020Tl-er604wTl-r600vpn

Table of Contents