TP-Link TL-R600VPN v2.0 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of TP-Link TL-R600VPN v2.0, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of TP-Link TL-R600VPN v2.0 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of TP-Link TL-R600VPN v2.0. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of TP-Link TL-R600VPN v2.0 should contain:
- informations concerning technical data of TP-Link TL-R600VPN v2.0
- name of the manufacturer and a year of construction of the TP-Link TL-R600VPN v2.0 item
- rules of operation, control and maintenance of the TP-Link TL-R600VPN v2.0 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of TP-Link TL-R600VPN v2.0 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of TP-Link TL-R600VPN v2.0, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the TP-Link service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of TP-Link TL-R600VPN v2.0.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the TP-Link TL-R600VPN v2.0 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    1 How to conf igure VP N fun ction on TP- LINK Router s 1. VPN Overview ... ... ... ... ... ... .. ... ... ... ... .. ... ... ... .. ... ... ... ... ... .. .. .... ... .. ... ... ... ... ... .. ... ... ... .. ... ... . 2 2. How to configure LAN-to-L AN IPsec VPN on TP-L INK Router ..... ... ... .. ... ... ... ... ... ... . .... .. 3 3. How to confi[...]

  • Page 2

    2 1. VPN Ov erv iew VPN (Virtual Private Network) is a private networ k esta blished via the public net work, generally via th e Internet. However, t he private net work is a logical network witho ut any physical network lines, so it is called Virtual Pr ivate Networ k. With the wide application of t he Internet, more an d more data are n eeded to [...]

  • Page 3

    3 2. How t o conf igure LAN-to -LAN IPsec VPN o n T P-LINK Ro uter Suitable for: TL-E R 6120, TL-ER6020, TL-ER604 W, TL-R600VPN To set up an IPsec VPN tunn el on TP-L INK routers you need to perfo rm the followi ng steps: A. Connecting the devi ces together B. Verify the s ettings needed for IPs ec VPN on r outer C. Configuring IP sec VPN settings [...]

  • Page 4

    4 Router B’s Status p age:[...]

  • Page 5

    5 C. Configuring IPsec VPN settings on TL- ER6120 (Router A) Step 1 : On the management webp age, click on VPN then IKE Proposal. Under IKE Proposal, enter Prop osal Name whatever yo u like, select Authen tication, Encrypt ion and DH Group, we use MD5,3 DES, DH2 in this example. Step 2 : Cli ck on Add.[...]

  • Page 6

    6 Step 3 : Cli ck on IKE Policy, ent er Policy Name whatever you like, select E xchange Mo de, in this example we use Main, select IP Address as ID Type . Step 4 : Under IKE Propo sal 1, we use test1 in t his example. Ent er Pre-shared Key and SA Lifetime you want, DPD is d isable d. Step 5 : Cli ck on Add. Step 6 : Cli ck on IPsec on t he left men[...]

  • Page 7

    7 Step 7 : Cli ck on Add. Step 8 : Cli ck on IPsec Policy, enter Policy Name whatever you like, the M ode should be LAN- to-LAN. Ent er Local Subnet and Remote Subnet . Step 9 : Select WAN you u se and type in Remote Gateway . In this examp le, the Remote Gateway is Rout er B’s WAN IP address, 218 .18.1.208. Step 1 0 : Look for Policy Mode and se[...]

  • Page 8

    8 Step 1 3 : Look for PFS, we set NONE here, under SA Lifetime, enter “2 8800” or the period you want. Step 1 4 : Look for Status then select Activate Step 1 5 : Click on Add. Step 1 6 : Select Enable t hen cli ck on Save.[...]

  • Page 9

    9 D. Configuring IPsec VP N settings on TL -R600VPN (Router B) Step 1 : Go to IPsec VPN -> IKE, click on Add New Step 2 : Enter Policy Name whatever you li ke, here we use test 2. Exchan ge Mode, select Main. Step 3 : Authenticat ion Algori thm and Encryption Algorithm are the same with Router A, we use MD5 and 3DE S in this example.[...]

  • Page 10

    10 Step 4 : DH Group, select DH2, the same with Router A. Step 5 : Enter Pre-share Key and SA Lifetime, make sure t hat they are t he same with Ro uter A. Step 6 : Cli ck on Save. Step 7 : Cli ck on IPsec on left side, click on Add New. Step 8 : Enter Policy Name, we use ipsec2 in th is example. Step 9 : Enter Local Subnet and Remote Subnet, and th[...]

  • Page 11

    11 Step 1 0 : Look for Exch ange mode, please select IKE, a nd Secu rity Protocol, we u se ESP here. Step 1 1 : Authent ica tion Algorithm and E ncryption Algorithm are the same with Rout er A, we use MD 5 and 3DE S in this example. Step 1 2 : IKE Sec urity Policy, we use test2 in this example. Step 1 3 : Look for PFS, we set NONE here, under Lifet[...]

  • Page 12

    12[...]

  • Page 13

    13 3. How t o conf igure Gree nBow IPse c VPN Client with a TP-LINK VPN Router Suitable for: TL-E R 6120, TL-ER6020, TL-ER604 W GreenBow IPsec VPN C lient is an IPsec VPN client software d eveloped by T heGreenBow company. It c an be d ownloaded from download page for TL -ER6120 ( http://www.tp- link. com /en/support/download/?mode l=TL-E R6120&[...]

  • Page 14

    14 Step 2 : On t he management webpage, c lick on VPN then IKE P roposal. Under IKE Proposal, enter Proposal Name whatever you like, select Authenticat ion, E ncryption and DH Group, we use MD5 , 3DES, D H2 in this example. Step 3 : Click on IKE Policy, enter Policy Name whatever you like, select Exc hange Mode, in this example we use Main, select [...]

  • Page 15

    15 NOTE: No matter on Main mode or Aggressive mode, once t he cli ent PC is behind a NAT device, we have t o select FQDN as ID Type an d the NAT device must su pport VPN passthrou gh, otherwise the VPN t unnel can’ t be establi shed. Step 4 : Under IKE Proposal 1 , we select 1 in this example. Enter Pre-shared Key and SA L ifetime you want, DPD i[...]

  • Page 16

    16 Step 6 : Click on IPsec Policy, enter Policy Name whatever yo u like, the Mo de should be Client-to- LAN. Enter L ocal Subnet and select WAN por t. Step 7 : Look for Policy Mode and select IKE. Under IKE Policy, we select 12 3 which is used. Under IPsec Proposal, we use 123 in this example.[...]

  • Page 17

    17 Step 8 : Look for PFS, we set NONE here, under SA Lifetime, enter “28800” or the period you want. Look for Status then select Activate. Step 9 : Enable IPsec and then c lick on Save. C. Configuring the GreenBow VPN Clie nt Step 1 : Right click on VPN Config uration and click on New Phrase 1. Step 2 :[...]

  • Page 18

    18 Under Remote Gat eway, enter the rout er’s WAN IP address, the Pre-shared Key sh ould be the same with router’ s, it is “123456”.on IKE sec tion, the Encrypt ion, Authentication and Key Group are the same with router’s, we use 3DES, MD5and DH2 h ere. Step 3 : Go to Advanced tab, select DNS as T ype of ID, and then enter “4321” for [...]

  • Page 19

    19 Step 4 : Right click on Phase 1, add a new phrase 2 .[...]

  • Page 20

    20 Step 5 : Enter remote LAN address and Subnet mask, in the example, the IP address is 192.168 .0.0, Subnet mask is 255.255 .255.0. Encryption an d Authentication are th e same with rout ers; we use 3DE S and MD5 here. T he Mode should be Tunnel.[...]

  • Page 21

    21 Step 6 : Click Save and Apply and then right click on Phrase 2(Tunnel), click on Op en Tunnel.[...]

  • Page 22

    22 Step 7 : If the c lie nt c onnect to t he VPN Server succ essfully, you can see IPsec SA on the list.[...]

  • Page 23

    23 4. How t o conf igure Shrew S oft VPN IPsec Cl ient with TP-LIN K Router Suitable for: TL-E R 6120, TL-ER6020, TL-ER604 W Shrew Soft VPN IPsec Clie nt is an VPN Client software d eveloped by Shrew Soft Inc. It c an be downloaded from official website of Shrew So ft( htt ps://www.shrew.net/download/ vpn ). To set up an IPsec VPN t unnel, you need[...]

  • Page 24

    24 Step 2 : On the management webpage, c lick on VPN then IKE Proposal. Under IKE Proposal, enter Propo sal Name whatever you like, select Authent ication, Encryption and DH Group , we use MD 5, 3ED S, DH2 in this example. Click on Add. Step 3 : Click on IKE Policy, enter Policy Name whatever you like , we select Aggressive for Exchan ge Mode, sele[...]

  • Page 25

    25 NOTE: No matter on Main mode or Aggressive mode, once the client PC is behind a NAT device, we have t o select FQDN as ID Type an d the NAT device must su pport VPN passthrou gh, otherwise the VPN t unnel can’ t be establi shed. Step 4 : Under IKE Proposal 1, we select test in this example . Enter Pre-shared Key and SA Lifetime you want, DPD i[...]

  • Page 26

    26 Step 6 : Click on IPsec Po li cy, en ter Policy Name whatev er you like, th e Mode should be Client-to-LAN. E nter L ocal Subnet and select WAN port .[...]

  • Page 27

    27 Step 7 : Look for Policy Mode and select IKE. Under IKE Poli cy, we select ike which is used. Under IPsec Proposal, we use test in this example. Step 8 : Look for PFS, we set NONE here, under SA Lifeti me, enter “2880 0” or the period you want. Loo k for Status then select Act ivate. Step 9 : Enable IPsec and then click on Add. C. Configurin[...]

  • Page 28

    28 Step 3 : Click on Auth entication on the t op menu, select Mutu al PSK as Authentication. Under Identification Type, select F ully Qualified Domain Na me and ent er “321” for FQDN S tring. Step 4 : Click on Remot e Identity, select Full y Qualified Domain Name as Identif ication Type and ent er “123” for FQDN St ring.[...]

  • Page 29

    29 Step 5 : Click on Credentials, t he Pre Shared Key, should be the same as the Pre-shared Key on t he TL-ER6120, it’s “12 3456789”.[...]

  • Page 30

    30 Step 6 : Click on Phase 1, under the Propo sal Parameters, the Exch ange Type, DH Exc hange, Cipher Algorithm, and Hash Algorithm are th e same with TL -ER6120’s, we use aggressive, group 2, 3des, md5 h ere. Step 7 : Click on Phase 2, under the Propo sal Parameters, th e Transform Algori thm, HMA C Alg or ithm are the same with TL -ER6120’ s[...]

  • Page 31

    31 Step 8 : Click on Policy, don’t tick Obtain Topo logy Autom atically or Tunnel All. Then click on Add. Step 9 : Select Include as Type, enter t he TL-ER6120’s LAN Subnet Address and Subn et Mask, it’s 19 2.168.1.0, 255.255.25 5.0. Then click on OK and Save.[...]

  • Page 32

    32 Step 1 0: Cli ck on Connect. Step 1 1: Cli ck on Connect. Step 1 2: After Shr ew Soft VPN show t unnel enabled as the followings, you need ping TL- ER612 0 LAN IP.[...]

  • Page 33

    33 Step 1 3: If client con nect to the VPN Server succ essfully, you can see IPsec SA on the li st.[...]

  • Page 34

    34 5. How t o conf igure LAN-to -LAN L2T P/PPTP VP N on TP-LINK Router Suitable for: TL-E R 6120, TL-ER6020, TL-ER604 W LAN-to-LAN L2 TP/PPTP VPN connec tion is established between two VPN rou ters. To configure LAN-to-L AN L2TP/PPTP VPN on TL-LINK Rou ters, p lease foll ow the instruct ions below: A. Connecting the devices together B. Verify the s[...]

  • Page 35

    35 Router B’s Status Page:[...]

  • Page 36

    36 C. Configuring a PPTP Server on TP- LINK router Step 1 : Access Router A’s management page, click on VPN->L2TP/PPTP->IP Addre ss Poo l, enter Pool Name and IP Address Range, and then c lick on Add. NOTE: IP Address pool must be different range from LAN IP address range. Step 2 : Go to L2T P/PPTP Tunnel, look fo r protocol, select PPTP; t[...]

  • Page 37

    37 Step 4 : Under Tunn el, select LAN-to-LAN. Step 5 : Under IP Address Pool, select “VPN” we have ad ded before. Step 6 : Under Remote Su bnet, enter Router B’s local subnet, we enter “192 .168.1. 0/24” in this example. Step 7 : Look for Status, select Active. Step 8 : Cli ck on Add and t hen click on Save. D. Configuring a PP TP client [...]

  • Page 38

    38 Step 6 : Cli ck on Add and t hen click on Save. Step 7 : If the PPTP t unnel is established successfu ll y, you can check it on List of Tunnel. Also, PC within the local sub net of Router B, c an ping Router A’s L AN IP (192.168.0.1).[...]

  • Page 39

    39 6. How t o conf igure a PPTP S erve r on TP-LINK Route r Suitable for: TL-E R 6120, TL-ER6020, TL-ER604 W PPTP (Point to Point T unneling Protoc ol) Server is used to create a VPN c onnection for remote clients. To configure PPTP Server on TP-L INK router, please follow the instruc tions below: A. Make sure PCs of two s ides can access to Intern[...]

  • Page 40

    40 Step 2 : Click on VPN->L2TP/PPTP->IP Address Pool, enter Poo l Name and IP Address Ran ge, and then c lick on Add. NOTE: IP Address pool must be different range from LAN IP address range. Step 3 : Look for protocol, select PPTP; th e Mode should be Server.[...]

  • Page 41

    41 Step 4 : Enter Accou nt Name and Password whatever you like, here we use “client” as account name, password is “1 23456”. Step 5 : Under Tunnel, select Client-to-LAN. Step 6 : The t unnel support s up to 10 connec tions, we enter 5 in this example. Step 7 : Under IP Address Poo l, select “group” we h ave added before. Step 8 : Look f[...]

  • Page 42

    42 Step 9 : Click on Add and then c lick on Save. C. Configuring PPTP client on remote PC (Windows 7) NOTE: For remote PC to connect to PPTP server, it can use Windows built-in PPTP software or Th ird-party PPTP soft ware. Step 1 : Click on Start->Cont rol Panel->Network and Internet ->Network and Sharing Center. Step 2 : Click on Set up a[...]

  • Page 43

    43 Choose Connect to a workplace, and then click on Next. Step 4 : Select Use my Internet conn ection (VPN)[...]

  • Page 44

    44 Step 5 : Under Internet ad dress field, enter router’s WAN IP address, an d then click on Next. Step 6 : Enter User name and Password, and then c lick on Create.[...]

  • Page 45

    45 Step 7 : The VPN c onnect ion is created and ready to u se , c li ck on Close.[...]

  • Page 46

    46 Step 8 : Go to Network an d Sharing C enter and click on Change adapter set tings on the left menu. Step 9 : Right Click on VPN Connection and select Connect. Step 1 0: Enter User name and Password and th en click on Connect.[...]

  • Page 47

    47 Step 1 1: If the PPTP t unnel is established succ essfully, you can check it on List of Tunnel.[...]

  • Page 48

    48 7. How t o conf igure a L2T P Server on T P-LINK Router Suitable for: TL-E R 6120, TL-ER6020, TL-ER604 W L2TP (Layer 2 Tunneling Protoc ol) Server is used t o create a VPN c onnection for remote clients. To c onfigure L2T P Server on TP-LINK rout er, please follow the instruc tions below: A. Make sure PCs of two s ides can access to Internet B. [...]

  • Page 49

    49 Step 2 : Click on VPN->L2TP/PPTP->IP Address Pool, enter Poo l Name and IP Address Ran ge, and then c lick on Add. NOTE: IP Address pool must be different range from LAN IP address range. Step 3 : Look for protocol, select L2TP; the Mod e should be Server.[...]

  • Page 50

    50 Step 4 : Enter Account Name and Password whatever you like, here we use “ tplinktest” as account name, password is “123 4”. Step 5 : Under Tunnel, select Client-to-LAN. Step 6 : The t unnel support s up to 10 connec tions, we enter 10 in this example. Step 7 : Under Enc ryption, select Enable, and then enter “5678” as Pre-shared Key.[...]

  • Page 51

    51 Step 9 : Look for Status, select Active. Step 1 0: Click on Add. Step 1 1: As we enabled Enc ryption, we need t o go to VPN->IP sec , enable IPsec an d then click on Save. C. Configuring L2TP client on remote PC ( Windows 7) NOTE: For remote PC to connect to L2TP server, it can use Windows built-in L2TP software or Th ird-party L2TP so ftware[...]

  • Page 52

    52 Step 3 : Choose Connect to a workplace, and then click on Next.[...]

  • Page 53

    53 Step 4 : Select Use my Internet conn ection (VPN)[...]

  • Page 54

    54 Step 5 : Under Internet ad dress field, enter router’s WAN IP address, and then click on Next. Step 6 : Enter User name and Password, and then c lick on Create.[...]

  • Page 55

    55 Step 7 : The VPN c onnect ion is created and ready to u se , c li ck on Close.[...]

  • Page 56

    56 Step 8 : Go to Network an d Sharing C enter and click on Change adapter set tings on the left menu. Step 9 : Right Click on VPN Connection and select Properties. On the Secu rity tab, Sele ct Layer 2 Tunneling Protoc ol with IPsec (L2T P/IPsec), under Data encryption, select Require encryption (disconnect if server declines).[...]

  • Page 57

    57 Step 1 0: Click on Advanced settings, pick Use preshared key for authentication, and then enter t he key, here is “5 678” . Step 1 1: Double click o n VPN Connection, enter User name and Password and t hen c lick on Connect.[...]

  • Page 58

    58[...]