How to set up PPTP & L2TP VPN Server with Omada Gateway in Controller Mode
ER7206 , ER605
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device and check either the Datasheet or the firmware section for the latest improvements added to your product.
Note: For Omada SDN Controller v 4.3 and above
Application Scenario
When a remote user wants to access the LAN, it is recommended to establish a client-to-site VPN tunnel in which the Omada gateway serves as a VPN server. This kind of VPN tunnel is useful and practical for business travelers to access the network in headquarter from a remote location without compromising security and privacy.
To set up the Omada gateway as PPTP/L2TP server and establish a VPN tunnel, follow the steps below.
Note: If the Omada gateway is behind a NAT device, make sure that UDP port 1701 for L2TP traffic, UDP port 500/4500 for L2TP over IPsec VPN are open on the NAT device in front of the Omada gateway.
Configuration
Step 1. Create a new VPN policy
Go to Settings > VPN and click + Create New VPN Policy.
Step 2. Configure the parameters to set up a PPTP/L2TP server
1) For PPTP Server: enter a name to identify the VPN policy, select the purpose for the new entry as Client-to-Site VPN, and the VPN Type as VPN Server-PPTP. Then configure the corresponding parameters, and click Create.
Status |
Check the box to enable the VPN tunnel. |
MPPE Encryption |
Select Encrypted to enable MPPE (Microsoft Point-to-Point Encryption) for the VPN tunnel for security purpose. |
Local Networks |
Select the networks in headquarter. The VPN policy will be applied to the selected networks and the remote users can access the network with the created VPN tunnel. |
WAN |
Select the WAN port on which the VPN tunnel will be established. Each WAN port supports only one PPTP VPN tunnel when the gateway works as a PPTP server. |
IP Pool |
Specify the IP address and subnet, and the gateway will assign IP address from the pool to the remote users for them to access the local networks. |
2) For L2TP Server: enter a name to identify the VPN policy, select the purpose for the new entry as Client-to-Site VPN, and the VPN Type as VPN Server-L2TP. Then configure the corresponding parameters, and click Create.
Status |
Check the box to enable the VPN tunnel. |
IPsec Encryption |
Select Encrypted to encrypt the VPN tunnel by IPsec for security purpose. |
Local Networks |
Select the networks in headquarter. The VPN policy will be applied to the selected networks and the remote users can access the network with the created VPN tunnel. |
Pre-Shared Key |
Specify the Pre-Shared Key (PSK) for IPsec encryption. Both the gateway in headquarter and the remote user should use the same PSK for authentication. |
WAN |
Select the WAN port on which the VPN tunnel will be established. Each WAN port supports only one L2TP VPN tunnel when the gateway works as a L2TP server. |
IP Pool |
Specify the IP address and subnet, and the gateway will assign IP address from the pool to the remote users for them to access the local networks. |
Step 3. Create a VPN user entry for the remote user
Go to Settings > VPN > VPN User. Click +Create New VPN User to add a new entry.
Step 4. Configure the parameters for the VPN user
Specify the username and password that the user will use for validation, and select the VPN server that has been created in Step 2.
Then, select Client as the Mode, and specify the maximum VPN connections that can use the specified username simultaneously. If you want to use a gateway as a PPTP/L2TP client, select Network Extension Mode as the Mode. Click Create.
Step 5. Configuring the PC/laptop of the remote user
On the remote PC/laptop, you can use the Windows built-in PPTP/L2TP software or software from the third party to connect to the PPTP/L2TP server. For detailed information, please refer to:
https://www.tp-link.com/support/faq/1629/
Verification of the L2TP/PPTP VPN Tunnel
Go to Insight > VPN Status > VPN Tunnel and check the entries. When a corresponding entry is displayed in the table, the VPN tunnel is successfully established.
Looking for More
Is this faq useful?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
We'd love to get your feedback, please let us know how we can improve this content.
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.
Recommend Products
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.
We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .
We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Livechat
__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au
Meta Pixel
_fbp
Crazy Egg
cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs
Hotjar
OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>
lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or