DUDE! Thank you so much for this. I've been using the L2TP VPN config and found it unreliable, and I've always had concerns about the security of it. I was away for a couple of days with an hour to kill, so I thought I'd set up Wireguard. Your tutorial helped me do it super quickly, and I'm immediately impressed with how much quicker and easier using Wireguard over a traditional VPN is. Thanks again!
@@SPXLabs Yeah, L2TP always seemed to fall over after about 10 minutes. I didn’t ever go really in depth when troubleshooting it, but that’s by the by now I’m on the WireGuard train.
Thank you so much. I've watched like 10 different tutorials and none of them were helpful. This was perfect for me and my setup. By the way, these steps also apply when you are not using the omada controller (like I am not). These steps applied in my ER605 web interface. Thanks!
How do i create an ACL to limit the wireguard cobnection to only allow access to a certain device? My wireguard connection only needs to be able to connect to two computers but nit the whole network?
My ISP does not have a static IP. I need to use some VPS IP. Is it possible to install wireguard in the VPS and then use that info to connect the router and the remote machine to access the local devices of the routers ?
Thanks, this exactly what i was looking for. Do you have any download/upload speed metrics for Wireguard on the ER605? I read a lot of complaints about the VPN being really slow and the hardware is not suitable. Should I even bother with this or just buy a new VPN router?
Well there are a few variables; expectations, remote connection bandwidth, local bandwidth, # of services running on router, vpn software, # of users, and probably missing some. OpenVPN is the slowest. Wireguard allows more bandwidth. I do not have those. Try it first then decide what the best path forward is.
Very nice. Really love TP-Link products, they are amazing for home lab stuff and even for small to medium businesses. Currently debating if I should replace my custom OPNSense router with a ER7212PC but not really sure. I am still very invested in TP-Link but I probably will keep OPNSense and just add an OC-300 to my network to manage all the OMADA stuff I own.
I was getting pretty sour lately with TP-Link but the damn tech support came in with the clutch and absolved themselves. You could always run both. OPNSense probably has a much better firewall at the moment. Don't forget you can also have a Omada Software Controller container to manage all your Omada stuff. You don't need a hardware based controller.
@@SPXLabsThat is why I am hanging on to OPNSense, it is a very powerful router / firewall. At the moment I have an Omada controller running in a Docker container but when the price is right I may get an OC-300 just to have a hardware controller. I think the OC-300 is more than enough for a house. That way I could free some resources on my server. But yeah, it is very nice that there is the Software option! :) And I can always just import my config into a hardware OC-300 if I need to :)
I have a small query. Once we connect to the home VPN server we setup; does the internet usage(browsing etc) gets routed though the tunnel we created. In above case; the internet remains secure routing through your home router; rather than the mobile 4G LTE network? Am I right in my understanding? Thanks for your time :)
As far as I understand from other tutorials, if you have 0.0.0.0/0 in that line, this means all traffic goes through VPN. Otherwise you list there only subnets that you need access to, everything else does not go into VPN.
hi i have this situation, where i am currently living abroad and i want to connect back home. So i just bought 2X TP-Link ER605 and want to make one as a server at home, and the other as a end point here, so everything i connect to this one, would be like they were connected directly back home. Is that easy to configure, can you help?
Sorry can't help you, maybe write your local senator and get active in the political environment in your area so that ISPs won't do this to you. In your situation no matter what you do it cost, time and money.
i'm in the same situation. Using T-Mobile Home Internet service because my only other option is a slow 3 mbps DSL circuit. I've used ZeroTier. It's FREE and works well. I can access my local network remotely over ZeroTier.
i have a 5g router I take out so i don't have to use hotel etc free wifi it's got a VPN client in ( sadly not wireguard) and I run PiHole on my LAN at the office Omada ER605 router etc ) All traffic goes throught that so I have the ad protection etc would you think that could make an interesting little video for you to make for your viewers?
@@SPXLabs i thought about that ( I have a lenovo somewhere with a SIM Slot ) but like the ease of connection for multiple devices, router is a ZTE MC888 - very portable, very slick ) Originally had a PiHole on a Pi with it - then found the VPN Client
@@SPXLabs It was the lack of notification. YT can;t handle all of the notifications from everyone so there's lag sometimes. I wish they had a status page to show how much they were gettign hammered so you could better schedule releases to get out notifications.
@@ShinyTechThingsNotifications are so bad right now. Even comments don't appear in studio but show up on the bell. It's ridiculous. That's a neat idea!
I've seen this issue as well when I first set it up. My recommendation would be to double triple check your configuration. It could also be a firewall issue on the client side, so keep that in mind.
@@SPXLabs sure, thanks for the light, will check everything once again. By the way I am using android app client with port 51821. And I configured the port forwarding for that particular port.
That’s all that needs to be forwarded for everything to work. Other issues might include ACLs. But assuming our setups are similar and you followed to the T. It will allow for LAN access across any VLAN.
My VPN (Wireguard and OpenVPN) works fine, but what about mapping the network shares in Explorer with the name of the server and not the IP adres? With IP adres mapped its working, but with the server name it doesn't recognized my server. Do you or anyone else have a solution?
You will need a DNS on your local network. Once you have one you can point your wireguard configuration to it and you should be able to resolve by hostname afterwards
There's something in my config that causes the entire vpn router to crash anytime I try to connect lol. It maybe something to do with the allowed ip addresses (from other google searches) but still can't pin point it. My vpn router is far away and I'm having to need family members to constantly restart it so will avoid this setup until I'm home and can be in front of it. Pretty crappy design to just cause the entire thing to crash instead of having basics checks/validation.
Don't worry, those IPs are aleady public you can totally find it at spxlabs.com
Wow, this is the only tutorial out of 12 that I've watched that actually works, and explains things very well.
Thanks so much!
Great to hear!
Same. So infuriating how much the others left out that you covered in half the time. Thank you very much
@notbhavn I try to find that happy median between explanation, thorough-ness, length, and simplicity. Sometimes it works out
I'm new to Omada system and this took me literally 15 minutes to set up, have running, and connect to from an outside network. Great video, thanks!
how did he open the wireguard?
Scary "Systems Admin" Costume though ... Well done!
Costume? It’s how I dress for work in the dungeon.
DUDE! Thank you so much for this. I've been using the L2TP VPN config and found it unreliable, and I've always had concerns about the security of it. I was away for a couple of days with an hour to kill, so I thought I'd set up Wireguard. Your tutorial helped me do it super quickly, and I'm immediately impressed with how much quicker and easier using Wireguard over a traditional VPN is.
Thanks again!
Interesting that it wasn't reliable. No matter what though, I always felt L2TP was a bit clunky. Definitely happier with Wireguard though.
@@SPXLabs Yeah, L2TP always seemed to fall over after about 10 minutes. I didn’t ever go really in depth when troubleshooting it, but that’s by the by now I’m on the WireGuard train.
Thank you so much. I've watched like 10 different tutorials and none of them were helpful. This was perfect for me and my setup. By the way, these steps also apply when you are not using the omada controller (like I am not). These steps applied in my ER605 web interface. Thanks!
I was having such a hard trime trying to make it work. This video was the help I was looking for. Thanks a lot!!
love the video, i was able to follow it and connect and make my tunnel word i have a er605, thanks soo much
Nice work
Thanks a lot for the really nice tutorial! I tried several others and only with this one I succeeded!
Hell yeah
How do i create an ACL to limit the wireguard cobnection to only allow access to a certain device? My wireguard connection only needs to be able to connect to two computers but nit the whole network?
I have the exact same question!
Thanks mate you helped me out big time!
My ISP does not have a static IP. I need to use some VPS IP. Is it possible to install wireguard in the VPS and then use that info to connect the router and the remote machine to access the local devices of the routers ?
Thanks, this exactly what i was looking for. Do you have any download/upload speed metrics for Wireguard on the ER605? I read a lot of complaints about the VPN being really slow and the hardware is not suitable. Should I even bother with this or just buy a new VPN router?
Well there are a few variables; expectations, remote connection bandwidth, local bandwidth, # of services running on router, vpn software, # of users, and probably missing some. OpenVPN is the slowest. Wireguard allows more bandwidth.
I do not have those. Try it first then decide what the best path forward is.
Specs says you can have encrypted vpn 100-200 mbit max. Depending the type of vpn
Hii, should I upgrade my ER605 to ER7206 just for DPI and IDS/IPS. Do you think ER605 would support DPI in future?
For home. Probably not. For business, definitely.
I don’t have that kind of insider information unfortunately.
Very nice. Really love TP-Link products, they are amazing for home lab stuff and even for small to medium businesses. Currently debating if I should replace my custom OPNSense router with a ER7212PC but not really sure. I am still very invested in TP-Link but I probably will keep OPNSense and just add an OC-300 to my network to manage all the OMADA stuff I own.
I was getting pretty sour lately with TP-Link but the damn tech support came in with the clutch and absolved themselves. You could always run both. OPNSense probably has a much better firewall at the moment. Don't forget you can also have a Omada Software Controller container to manage all your Omada stuff. You don't need a hardware based controller.
@@SPXLabsThat is why I am hanging on to OPNSense, it is a very powerful router / firewall. At the moment I have an Omada controller running in a Docker container but when the price is right I may get an OC-300 just to have a hardware controller. I think the OC-300 is more than enough for a house. That way I could free some resources on my server. But yeah, it is very nice that there is the Software option! :) And I can always just import my config into a hardware OC-300 if I need to :)
OC-200 should be plenty for most home applications. Up to 100 Omada access points, 20 JetStream switches, and 10 Omada routers.@@ptessier73
Second this
@@ptessier73oc200 is more than enoug hfor a house and cheaper than the oc300
I have a small query. Once we connect to the home VPN server we setup; does the internet usage(browsing etc) gets routed though the tunnel we created. In above case; the internet remains secure routing through your home router; rather than the mobile 4G LTE network? Am I right in my understanding? Thanks for your time :)
As far as I understand from other tutorials, if you have 0.0.0.0/0 in that line, this means all traffic goes through VPN. Otherwise you list there only subnets that you need access to, everything else does not go into VPN.
Thanks! Nice video!
hi
i have this situation, where i am currently living abroad and i want to connect back home. So i just bought 2X TP-Link ER605 and want to make one as a server at home, and the other as a end point here, so everything i connect to this one, would be like they were connected directly back home. Is that easy to configure, can you help?
I have never tried but this may be helpful.
th-cam.com/video/NyymE3L6BR4/w-d-xo.htmlsi=MEcmoLQkTyFr4r56
How did you get your local domain to work? when I try mine I get an error One or more endpoint domains could not be resolved.
I have an A Record pointing the domain name to my IP, not really much else to it beyond that. If it's not working I have no idea how to help.
@ ok...is the A record external like Cloudflare A record to your public or internal ip or is it strictly internal like using something like Pihole?
To my wan ip
If my router sits behind a cgnat isp provider, is there anything that I could do to make it work that wouldn't involve a 3rd party pay wall ?
Sorry can't help you, maybe write your local senator and get active in the political environment in your area so that ISPs won't do this to you. In your situation no matter what you do it cost, time and money.
i'm in the same situation. Using T-Mobile Home Internet service because my only other option is a slow 3 mbps DSL circuit. I've used ZeroTier. It's FREE and works well. I can access my local network remotely over ZeroTier.
i have a 5g router I take out so i don't have to use hotel etc free wifi
it's got a VPN client in ( sadly not wireguard) and I run PiHole on my LAN at the office Omada ER605 router etc )
All traffic goes throught that so I have the ad protection etc
would you think that could make an interesting little video for you to make for your viewers?
Yeah that stuff is awesome. I can’t believe laptops dropped the wireless WAN feature decades ago. It would be awesome for a come back.
Yeah probably
@@SPXLabs i thought about that ( I have a lenovo somewhere with a SIM Slot ) but like the ease of connection for multiple devices, router is a ZTE MC888 - very portable, very slick )
Originally had a PiHole on a Pi with it - then found the VPN Client
Yeah I think your way is superior for the additional services and device support
May the force be with y..
Not enough midichlorians to be blessed by the force
Second!
Some times you can do everything right and still be second.
@@SPXLabs It was the lack of notification. YT can;t handle all of the notifications from everyone so there's lag sometimes. I wish they had a status page to show how much they were gettign hammered so you could better schedule releases to get out notifications.
@@ShinyTechThingsNotifications are so bad right now. Even comments don't appear in studio but show up on the bell. It's ridiculous. That's a neat idea!
Hi, i tried this Setup. Wireguard connects and i can use the internet, but i couldn't connect to my other servers. Im a noob in this omada scene.
I've seen this issue as well when I first set it up. My recommendation would be to double triple check your configuration. It could also be a firewall issue on the client side, so keep that in mind.
@@SPXLabs sure, thanks for the light, will check everything once again. By the way I am using android app client with port 51821. And I configured the port forwarding for that particular port.
That’s all that needs to be forwarded for everything to work. Other issues might include ACLs. But assuming our setups are similar and you followed to the T. It will allow for LAN access across any VLAN.
i have the same Issue , i still cant access any of my internal ports
Do you have video for omadacontroller hosting sir ? I want to host an eaps; i want to make it business
My VPN (Wireguard and OpenVPN) works fine, but what about mapping the network shares in Explorer with the name of the server and not the IP adres? With IP adres mapped its working, but with the server name it doesn't recognized my server. Do you or anyone else have a solution?
You will need a DNS on your local network. Once you have one you can point your wireguard configuration to it and you should be able to resolve by hostname afterwards
thaks
There's something in my config that causes the entire vpn router to crash anytime I try to connect lol. It maybe something to do with the allowed ip addresses (from other google searches) but still can't pin point it. My vpn router is far away and I'm having to need family members to constantly restart it so will avoid this setup until I'm home and can be in front of it. Pretty crappy design to just cause the entire thing to crash instead of having basics checks/validation.
Followed everything down to a -T- and cannot get a handshake.
Probably u forgot port forwarding. Not covered in this video
Me first !
You got to be first if you want to quench your thirst. No I will not sell you feet pics before you ask again.