TP-Link OC200 Omada Controller Software 4.1.5Windows/Linux User Guide - Page 117

Chapter 4 Configure the Network with Omada SDN Controller There are many variations of virtual private networks, with the majority based on two main models: ■■ Site-to-Site VPN A Site-to-Site VPN creates a connection between two networks at different geographic locations. Typically, headquarters set up Site-to-Site VPN with the subsidiary to provide the branch office with access to the headquarters' network. Site-to-Site VPN Branch Office Internet Headquarters Omada managed gateway supports two types of Site-to-Site VPNs: • Auto IPsec The controller automatically creates an IPsec VPN tunnel between two sites on the same controller. The VPN connection is bidirectional. That is, creating an Auto IPsec VPN from site A to site B also provides connectivity from site B to site A, and nothing is needed to be configured on site B. • Manual IPsec You create an IPsec VPN tunnel between two peer routers over internet manually, from a local router to a remote router that supports IPsec. Omada managed gateway on this site is the local peer router. ■■ Client-to-Site VPN A Client-to-Site VPN creates a connection to the LAN from a remote host. It is useful for teleworkers and business travelers to access their central LAN from a remote location without compromising privacy and security. The first step to build a Client-to-Site VPN connection is to determine the role of the gateways and which VPN tunneling protocol to use: • VPN Server The gateway on the central LAN works as a VPN server to provide a remote host with access to the local network. The gateway which functions as a VPN server can use L2TP, PPTP, IPsec, or OpenVPN as the tunneling protocol. • VPN Client Either the remote user's gateway or the remote user's laptop or PC works as the VPN client. 115