From 10.52 USD

3.27 USD mo.  + 3  Months Extra

10 devices 1 User

See All Plans

30-Day Money-Back Guarantee

Receive a full refund if ApexGuard doesn’t meet your expectations.

Special Offer | Save 60%
GET APEX
GET APEX
Getting Started
Setup guide Frequently asked questions
General Information
Configuration Troubleshooting
Account & Billing
Account Billing
Platforms
Windows macOS Android iOS Linux Extensions Router

Setting Up ApexGuard on TP-Link Routers

Learn how to use ApexGuard

Get started and stay protected

Prerequisites

  1. TP-Link Router that supports IPsec IKEv2 client connections (e.g., SafeStream or Omada router such as ER605, ER7206, etc. with recent firmware).
  2. ApexGuard IKEv2/IPsec Credentials:
    • Server address (e.g., ikev2.apexguard.com)
    • Pre-shared key (PSK)
    • (Optional) If ApexGuard also provides a username/password or certificate, you will adapt those steps accordingly.
  3. Local Network information (e.g., 192.168.0.0/24).

Note: These instructions assume a simple PSK-based configuration, which is the most common IKEv2 setup for small offices or advanced home users.

1. Log into the TP-Link Router

  1. Open a web browser and go to the router’s IP address (often 192.168.0.1 or 192.168.1.1).
  2. Enter your admin username and password.

2. Locate the IPsec (VPN) Section

  1. On the router’s management interface, navigate to VPNIPsec, or VPNIPsec VPN.
  2. Ensure the IPsec service is enabled if there’s an on/off toggle.

3. Create a New IPsec (IKEv2) Connection

  1. Click Add, Create, or New IPsec connection (wording may vary).
  2. In Connection Name, use something identifiable like ApexGuard_IKEv2.

4. Configure Basic Tunnel Settings

You’ll typically see prompts for Mode, Remote Gateway, and Local Subnet:

  • Mode / IKE Version: Choose IKEv2 (if the router offers a choice between IKEv1 and IKEv2).
  • Remote Gateway (Server): Enter ikev2.apexguard.com (or whichever address ApexGuard provides).
  • Local Subnet:
    • If you want to route all local traffic through ApexGuard, specify your LAN range (e.g., 192.168.0.0/24).
  • Remote Subnet:
    • Many providers use 0.0.0.0/0 for a “full-tunnel” setup, meaning all your traffic is routed via ApexGuard.
    • If your router requires a site-to-site style, just follow the recommended remote network settings from ApexGuard.

5. Authentication: Pre-Shared Key

  1. Authentication Method: Select PSK (Pre-Shared Key).
  2. Pre-Shared Key: Paste in the key from your ApexGuard account.

6. Phase 1 (IKE) & Phase 2 (ESP) Settings

Match ApexGuard’s recommended proposals. A typical approach:

  • Phase 1 (IKE):
    • Encryption Algorithm: AES-256
    • Authentication (Hash): SHA256
    • DH Group: Group 14 (2048-bit)
    • Lifetime: 28800 seconds
  • Phase 2 (ESP):
    • Encryption Algorithm: AES-256
    • Authentication (Hash): SHA256
    • Lifetime: 3600 seconds (or as recommended)

If your router only offers drop-downs for standard ciphers, pick something as close to ApexGuard’s published specs as possible.

7. Save and Enable the Tunnel

  1. Click Save or OK.
  2. You should see your new profile (ApexGuard_IKEv2) in the IPsec list.
  3. Enable or Connect the tunnel if there is a toggle or “connect” button.

8. Verify Connection Status

  1. Check the router’s VPN / IPsec status page.
  2. If successful, it should show Connected or Established next to the ApexGuard_IKEv2 tunnel.
  3. If it fails, review the logs for mismatch in PSK, wrong server name, or cipher mismatch.

9. Test Your Connection

  1. From a device on your LAN, visit “What is my IP?” or check the ApexGuard dashboard.
  2. If you see your traffic is coming from an ApexGuard location, the VPN is working.
  3. Optionally, run continuous pings or speed tests to confirm performance.

Was this article helpful?

Thank you, you're making us better!

Related articles

Configuring IPFire Firewall to Connect to ApexGuard EdgeRouter and Ubiquiti Setup with ApexGuard Setting Up ApexGuard on AsusWRT-Merlin Firmware Which Router Should I Use with ApexGuard?