Quick Start Guide for OpenVPN WAN with special firmware 8.1.0s024
NOTE:
The OpenVPN WAN is available as a standard feature (*with optional license) started from firmware 8.1.1GA, you may download the latest GA from the firmware download page.
Step 1: Prior to the configuration, please upgrade the device with the special firmware 8.1.0s024, this firmware version specifically includes our new OpenVPN WAN feature. Next, please visit Store (or via other purchase channels) to acquire the OpenVPN WAN License.
Step 2: Once the license obtained, you can choose to let InControl2 push the license key to the device automatically provided that the device is connected/online in IC2. Or, if you opt to enter the feature activation key manually, please go to System > Feature Add-ons to paste the license key, then click the [Activate] button.
Step 4: The new WAN (default name “OpenVPN WAN 1”) will appear after the device rebooted (firmware 8.1.0s024). Click on that WAN to continue with configuration.
Step 5: Follow the highlighted instructions for the mandatory parameters, you may leave other settings on default. Click [Save] once you are finished filling in the highlighted settings. Click on the [Apply Changes] button to save your settings and to activate the OpenVPN WAN.
Step 6: The router will attempt to contact the OpenVPN server and negotiate to establish the connection. Once negotiation is successful, it will be connected (as shown below). The router is now connected to OpenVPN WAN.
If I bind the OpenVPN to a certain uplink, e.g. Wi-Fi WAN on 2.4Ghz, then both (WiFi WAN on 2.4 GHz, and OpenVPN WAN 1) will be active in the connection status – how can I be sure that all traffic using this uplink is going through the VPN and not directly through the WiFi WAN on 2.4 GHz?
I realize this is a 2021 post, but I wonder if these instructions are current in 2024 with firmware 8.4.1 build 5274 ?
I have a Balance 305 with the a/m firmware. I don’t have an “openVPN license”, or at least I never bought it or installed it (unless something came with the Balance?).
However, going to Advance-OpenVPN I can still setup the openvpn by ingesting the .opvn file generated by my openVPN server (router in another country).
When I then go to Status-OpenVPN, it says “Connected” in green, even if no “OpenVPN WAN” ever appears among the WAN’s or in the dashboard.
Why is it allowing me to do this, and differently from the instructions of this original post?
In any case things are not working properly: when OpenVPN is connected this way, all the devices in the LAN, regardless to which physical WAN they are connected, see the public IP of the openVPN server, with consequent ping delays, no matter what I do with the outbound policy (as I don’t have an "openVPN WAN to route through?).
Also, VPN appears to leak: dnsleaktest.com shows several servers of the various physical WAN’s in different countries.
I am confused, which is the right approach with Balance 305 in 2024 to run openVPN and make sure it does not leak?
I bought this license key, but unfortunately it appears that it was a waste of $20. Can not get it to connect no matter what I do in the settings… It either shows “Uplink Not Ready” or “Disconnected”. MAX BR1 MINI CORE (Firmware version 8.5.1 Build 5203)
After some further messing around with this today I was able to get the WAN OPENVPN to connect.
But the whole reason I bought the $20 WAN OPEN VPN license is because I can NOT ping any devices that are behind the Peplink and I thought this license was the solution to the pinging problem but it seems to have not resolved the issue.
I can ping devices on the OPENVPN SERVER end of the VPN connection (outgoing from the Peplink device side), but I can NOT ping any devices that are plugged into the Peplink BR1 (client side incoming from the VPN Server side).
I am banging my head against a wall in frustration as to why ping is only one way.
Any suggestions?
Look…
At your openvpn gateway server… you need to have a route to your peplink lan address.
So… sample…
1 - when your peplink connect at ovpn gw, get a ip x.x.x.10 at ovpn virtual interface.
2 - this ovpn gw, need to have a route to 192.168.50.0/24 to this ip x.x.x.10 ovpn virtual address…
3 - very, very important!!! You cannot have at wan address the same ip network address of your lan address
MarceloBarros,
Not sure why you start your responses with “Look…” Are you upset? It ‘reads’ that way.
Sorry for delay, I am currently out of town with work and do not have the equipment with me and will not be home until late tonight. But first chance I get when I return home I will take another look at the settings. In the meantime though I am a little confused by your instructions though and not sure I fully understand what you want me to do. Can you maybe reword your instructions or explain more in detail so more clear on exactly what I need to do?
Thank you so much,
Doug
Hi.
Because you want to use ovpn and also need an access to your peplink internet network, you need to route (network route) your connection between all points. You need to check about this capability at your ovpn gw server. Do you know how ipsec works? lan to lan (l2l)? Do you know how to route networks?
I am not a network guru, nor do I claim to be. I have a general understanding of ipsec ad basic networking, so assume I know little to nothing. I am having trouble understanding exactly how to go about setting this up so I have a route to my peplink lan address from the OpenVpn server.
On a side note there was already an area to configure OPENVPN connections in the Peplink, but after purchasing the OPENVPN client license I now have this added WAN OPENVPN in the WAN connection section. I thought everything would be in one location and now has two separate locations and they both will accept an .ovpn file for OPENVPN connection. Confusing.
If you are willing to walk me through it in detail that would be awesome and greatly appreciated.
I am working with a Peplink MAX BR1 MINI CORE HW3 (the OpenVpn Client) (Cellular connection is Dynamic IP address non public routable ip, not static, not sure if that makes any difference) and a Synology RT2600AC router (the OpenVpn Server).
Let me know if there is any information you need in order to help me. Thank you.
P.S. Not sure if this screenshot is helpful, it is network ip settings in the VPN network section of my Synology router, originally OpenVpn was 172.xxx.xxx.xxx IP address but I changed it to 192.168.50.0/24 trying to get this to work because I thought it needed to be on the same network as the Peplink.
Hi…
Sorry… I cannot help you with Synology RT2600AC router. I don’t know this device .
But… looking at the picture… look OpenVPN subnet… you must change this to another network… you can not have at your remote device (peplink) a WAN and a LAN at the same network ip address. (192.168.50/0/24)
Let’s say… you change this address to 192.168.55.0/24. okay?
when you peplink connect to this ovpn server gw, it will get at peplink ovpn connection 192.168.55.123 / 24. so…
You need to add a route in your synolgy device that 192.168.50.0/24 ( peplink lan ip network ) will be behind 192.168.55.123
Sample (I don’t know the cli of your Synology)
route add 192.168.50.0 netmask 255.255.255.0 192.168.55.123
Very important… you need to check at your Synology… that every new connection made by the same peplink always will get the same IP from Synology (192.168.55.123 )
and remember… disable nat for opvn in your peplink.
