I am using OpenWrt 19.07.4 on TP-Link Archer MR200, the version from my mobile operator. The main reason for installing OpenWrt was that I wasn't able to make VPN work.
All I mean by the "VPN" is that I want to be able to connect from my notebook to my company servers. There is a software GlobalProtect running on my notebook, that usually seamlessly handles this. It simply works on every other router, but not on that MR200.
Installing OpenWrt wasn't straightforward, I bricked it, had to buy Paspberry PI and to debrick it. But thanks to the instructions from this site I made it.
But, guess what, I am still not able to connect through VPN. I have tried methods from every thread I found, but to no avail. It actually connects, but no data goes through. Sometimes it even works for short period and I can connect to company sites, but it doesn't last long.
I am really stuck here, because I am new to OpenWrt and I don't know how to debug this situation or what to look for. Maybe you could give me some advice?
Honestly, I can buy some other router that will work with default settings, but now it is matter of principle for me to manage it
The problem is that my router is version from my mobile operator, O2, and it differs from TP-Link's version. Probably not by hardware, but the version is hardcoded somewhere, so I cannot use the original software directly. Maybe I can somehow make it work by using O2's bootloader with TP-Link's software, but I don't want to use such old software and I prefer OpenWrt anyways.
Choose the SSL connection options for the GlobalProtect app. You can opt to enforce SSL connections only, disallow SSL connections, or allow the user to choose SSL or IPSec (default) depending on geo-location and network performance to provide the best user experience.
In the App Configuration area, choose the Connect with SSL Only
options you want to allow.
There are some settings on the portal's side of GlobalProtect, that affects the protocol, but I have no control over them. It appears that there is "Automatically Use SSL When IPSec Is Unreliable (hours)" set and that's why it miraculously starts working after some time.
So yes, the problem si narrowed down to not functional IPSec on the router. Can I fix it somehow?
IPsec setup is significantly more complicated than WireGuard or OpenVPN.
I would not recommend it unless your networking skills are high enough to set up OpenVPN site-to-site connection with closed eyes.