@zombu2 I can understand it fully, especially if you already spent money but it is not fitting the expectations. You are quite right in saying that it is not a big deal to just upgrade kernel, one can see how such system can be published, distributed and deployed by openwrt, which has latest kernel. From that point of view, as long as you do not need central management, you can flash your devices with openwrt, considering you will not have issue with wireless drivers and you manage to setup 802.11r and whatever else you need, then you actually get what you want. So far, for private usage one has option to actually use another software and even compile the kernel and every single package in the way one individually wants. However, this does not apply to a company. There are many reasons why it does not apply, without to mention all, one is crucial which are licenses and I at least have no clue in which form they might be restricting themselves to old kernel 3, many devices in networking run with quite old kernels and updating kernel could and probably would cause issues, especially financial in form of additional spending, it is sometimes like completely redeveloping the product which companies often struggle to do, instead they bring new products out that is why I asked about 610-outdoor which I believe at least has same firmware version like other 6 series. Licenses are big issues as simple kernel change could lead to the requirement of some certification of something. This is why I said I do not expect in near future omada devices to use latest kernels, but with free omada sdn they should provide a repo where users using it for office or private users could actually maintenance their own firmware builds and distribution, where I doubt this is possible from tp-link's side, maybe with a daughter company as open source.

In my private home I did not use wireless until kids forced due to tablets, but I find omada doing quite well for the task of central management of wireless devices which are indeed good. You mention ubiquity, where one cant understand if you mean they are better or that they are having same issues as their soft is copied, whatever it was, in such discussions many forget to mention mikrotik for affordable price.

Maybe my good impression comes by late entry into omada where their soft is at least according to what I read less buggy then it was, but I personally have no big complains, actually none, I am more than satisfied, except of course I find it a little bit disappointing that there is no wireguard management in plan and even more disappointed to see kernel 3 because of wireguard and not really just because it is old, wireguard is not only good for small business, point is if I want to centraly manage a network then of course it is essential to be able to manage client's public keys, as example one could add public key and vpn ip field in dhcp reservation settings for presetting manually keys as well that every hostname gets its own public key where in the client list one can download per button a config for win/linux/mac/advanced, where advanced could include manually defined postup/downs etc.., there is so many ways how one can implement wireguard in centraly managed network that one must be possible in omada controller. I asked once where one could look up roadmap to check what is on priority, but I there is none publicly available keeping everybody interested in the dark.

@fae for a test, why not adding a code to omada that if wireguard exists, then in advanced options one can mark to enable wireguard which at least with kernel5 would have as a pre-requirement wireguard-tools package, as when enabled, then in services wireguard tab appears where one can add interface configuration (which is controler device) and peers. 

Then under superExtraFeatures or something adding a checkbox for "create a config for each client connected client", "randomize key" which is also available when one clicks on a client in client list under its config for the ability to say that this device should receive new public key on each connect, usefull for public wireless networks.

There is so much which can be done with wireguard and which people already do. Basic interface like luci's in openwrt would be sufficient too. My omada controler runs wireguard and I run it on latest kernel and there is no reason why omada should not be able to manage centraly not just my network but from all sites and all clients, saving ton of time and errors when one wants to change public keys and configs of 1000 clients and push it to clients. Only imagination limits us here, sorry, kernel 3 does limit us too ;)

  @btx 

There is a serius security issue with WireGuard, as known by now. This is one reason why some companies refuse to implement it until these issues are cleared and the standard/coding is fixed. However, for a while, this was not done by the WireGuard team, raising the question, whether these "backdoors" were left open intentionally.

Feel free to look up these issues on the net...

  @DaSmith thanks for reply, but it is a nosense to claim there is security issue just because some companies are too lazy (or incompetent) to do their own audit, which serious issues are there? Can you point to discussion/mailing list? Other known protocols like openconnect should not be used at all, but still, companies have no issues with implementing and investing more into their hardware. Feel free to explain me backdoors in wireguard, as well as like you say "on intention left"? When you say companies, what is again operating system most companies use? Isnt it operating system which has known confirmed backdoors and there are many not just one? Such argumentation for tp-link not to implement is taking decision for a customer, its not tp-links task, they should provide their users which those require and indeed, wireguard is very important, especially as, belive it or not, there are companies with a little bit more advanced IT departments hacking on and with wireguard.

There is also serious security issues with apple windows and most everything you work with nowadays does that mean you should not touch the machine ? No just do your homework and you be fine

Your reasoning is not valid since it applies to every toaster with wifi

TP-link needs to start putting the business into their omada business model otherwise they just gonna fade away into teh background

  @btx 

Here, one of the main VPN providers in EU: https://protonvpn.com/support/wireguard-privacy/
You claim small ones? :D Hahaha...
While implementing, they had to modify WireGuard to make it safer.

  @DaSmith I believe you do not have a clue what you are talking about, especially as what you mention actually has to do only with a trust to your vpn provider, which makes 0 sense in case of a company to run a vpn where the emloyee does not want his ip address to be known to the company because the company could store the information? I must disappoint you, companies do require that information and store it for years, that would be as first.

I had lol after you claimed protonvpn as leading big company :). As second, protonvpn is by far not a big company offering vpn services, they are in demo stage with their vpn services. All big brands offer since already almost 2 years and there are several solutions how different providers resolve ip storage in ram (as it is what you talk about).

Known issue which you call is not an issue at all and indeed could be problematic for small companies who do not run their own wireguard because they trust companies like tp-link which decided not to implement wireguard and therefore those take some questionable vpn providers who cant deal with the tech, is it maybe what you tried to explain?

As last, I will probably not explain you what wireguard is, I will not explain you how it works and I will not explain that there is no obfuscation of wireguard (as I believe you wouldnt understand it at all), there is online documentation and nobody should rely on such recommendation comming from "I've read excuse of small vpn company why they are scared to implement wireguard".

Probably reply from previous user is more understandable than my, if because of mentioned reasons wireguard has an "issue" by devs :) implementing it, then you probably should not use at all anything which has any interface on it, not only toasts have them, probably one shouldnt drive a car too and airplanes should not fly.

  @btx 

you are spot on it's not wireguard its the dumbasses that run it that is the problem

and now quit feeding the troll and let him get back under his bridge

  @zombu2 dont worry, trolls mostly know what they talk about, they are nasty. Here we have simply somebody who read warning/reasoning about wireguard which was issues by protonmail without to understand what this warning is about. What this user does not know is that this was only the issue for vpn providers who claim no log policy, as with wireguard ip address resides in ram and could be logged/checked until the machine is restarted (or ram) cleared. Some providers built their own solution, some did not and one has to trust them, but this specifical case is for sure not of any importance for tplink, as tplink has to enable wireguard for ability to run own vpn, not to connect to some 3rd party vpn (which one of course can do).

There was much, much bigger issue, its not a secret, was revelaed by one US vpn company and they reported it to other vpn companies (like those swedish for which I do not want to make any promotion) because they were affected and as thanks those companies ddosed and tried to harm the initial company which found the issue and reported about it, nice moral in vpn community :).