Can't configure VPN on tp-link router using PSK

gstackoverflow

12/4/23, 8:44 PM

I've bought a VPS server and configured stronswan VPN. I was able to configure VPN on my Windows laptop(usinf certificate provided by Strongswan Web UI) and my android smartphon(configuration is provided by Strongswan Web UI) but I was not able to configure it on my router(TP-Link Archer AX55).

The dialog for configuring VPN looks like:

and I choose L2TP/IPSec. Then I see:

I have no idea what should I type in a field to IPSec Pre-Shared Key

First of all I want to know if problem on router side configuration or on VPN service configuration. I've read this topic but I had no luck so let me share my configs here:

/etc/ipsec.conf:

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

conn ikev2-vpn
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes

    dpdaction=clear
    dpddelay=300s
    rekey=no

    left=%any
    leftid=193.42.113.35
    leftcert=server-cert.pem
    leftsendcert=always
    #leftsendcert=never
    leftsubnet=0.0.0.0/0

    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightsourceip=10.123.0.0/24
    rightdns=8.8.8.8,9.9.9.9
    rightsendcert=never

    eap_identity=%identity

    ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha>
    esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!

/etc/ipsec.secrets:

: PSK "test"
: RSA "server-key.pem"
usr775 : EAP "my_password"

How can I can configure my router ?

300

1 + 1

vpn

debian

router

tp-link

strongswan

ecdsa

12/5/23, 9:30 AM

Note that your current strongSwan config is for IKEv2 with plain IPsec/ESP, while your router is only able to configure an L2TP/IPsec connection that is most likely created with IKEv1. So that requires a matching config on the server that works with IKEv1, PSK and L2TP and additionally requires setting up/configuring an L2TP daemon on the server (that's where the username/password will apply in this case).

Score:0

Server

vpnhelpcouk

12/5/23, 6:47 AM

The IPSec Pre-Shared Key (PSK) is a shared secret that is used to authenticate the VPN connection between the client and the server. In your configuration, the PSK is defined as "test" in the /etc/ipsec.secrets file. This means that you will need to enter "test" in the IPSec Pre-Shared Key field in the router's VPN configuration.

It is important to note that the PSK is case-sensitive, so you will need to enter it exactly as it appears in the /etc/ipsec.secrets file. If you are still unable to connect to the VPN, it is possible that the problem is with the router's configuration or with the VPN server itself. You may need to check the router's documentation or contact the manufacturer for assistance with troubleshooting the issue. Additionally, you may want to check the logs on the VPN server to see if there are any error messages that could provide further insight into the problem.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can't configure VPN on tp-link router using PSK

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.