I've forced my client to upgrade! their two branch offices to TP-Link full Omada SDN solution with ER7206's, OC-200s, SG3428s and EAP610s. After easy installation, found out it's not that easy to gain some basic musts for a business network like secure authentication, VPN (except IPSEC thankfully!) and other basic routing capabilities. If you are selling those products under "Business level devices" category, you have to give customers what they truly need, not only easy installation. Those are not targeted to home users, we chose them for business network, to manage local network and servers, set secure connections between clients locally or remote. 
1) OpenVPN is working with a basic certificate which is useless for a company network. We need client authentication; companies have their own domain controllers, user policies; it's very very basic to allow or deny a client trying to connect with a group policy. With a single OpenVPN config file; anyone can gain access to this network; what a vulnerability! People come and leave companies, we manage users from domain controllers so that keeps everything in place and secure. Whenever someone leaves the company, you have to change everyone's OpenVPN config file in the company to prevent unwanted access. LDAP implementation shouldn't be that hard while it's almost basic for every device called "router". 

2) L2TP is also useless because your products are pushing 8.8.8.8 as DNS servers to the clients! What a shame for your developers. Can you use google dns servers to serve your internal network addresses? Also, it has almost nothing to configure; very easy yes but worth nothing too! Clients get NO GATEWAY addres, so stuck looking for local servers in the internet, not in the internal network. And also users have to be created on router, again, no basic authentication for company use!

3) PPTP is out of question, not supported by many devices and probably have the same issues beside security weakness.

4) Logging is sooo low level. For a company network, they have many obligations to governments like keeping client activities over the internet but even your controller can not save logs on a usb flash or network share; only limited to small internal storage :/

5) IPSEC is working yes, thankfully. But only from one site local network to other site's. If you connect with VPN to a site, you can not reach to other! So, should we move our some servers to the same site? Or should we force them to settle in the same city, so no need to create two sites and everyone can connect from single VPN config!

Really regret about choosing your products. Just central management impressed me but they have many missing basic options and configurations.

If you won't be able to solve those problems, probably you will loose many customers too!