@RaRu 

when I read the log it look like the problem is tp-link, OpenVPN on tp-link is very outdated and problably full of security hole. this is from the log on my client, what this exactly meen I don know.

I'm not sure what that means, but I googled a bit here and it looks like tp-link uses an outdated command for compression that the client can't read

[jan. 28, 2024, 20:32:32] EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled.  Server may send compressed data.  This may be a potential security issue.' trans=TO_DISCONNECTED

I think I find the problem.

in tp-link config there is a line like this

comp-lzo no

modify the config file so it look like this

comp-lzo

remove no at the end.

tested ok.

BUT!!!

this appears in the log after changes, so I dont know but it work now.

[jan. 28, 2024, 20:32:32] EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled.  Server may send compressed data.  This may be a potential security issue.' trans=TO_DISCONNECTED

​

  @MR.S 

I saw that message in logs as well. But didn't know how to overcome it. Good to know, thanks! 

Guess OpenVPN creators won't be willing to change their approach so we have to wait for TP-LINK. 

Is there any option to mention their support in here or something? 

Thank you all. Now I know at least I'm not the only one with this problem and it looks like tp-link is the cause for it.

Can we open an offical ticket for this issue? I'm not sure if tp-link is aware of this problem.

another question: Anyone tried wireguard instead? Is wireguard working with dynDNS like NO-IP?

  @MR.S I can confirm that I am seeing this in the logs:

[Jan 28, 2024, 14:47:29] EVENT:

COMPRESSION_ENABLED

info='Asymmetric compression enabled.

Server may send compressed data.

This may be a potential security issue.

trans=TO_DISCONNECTED

This is insecure, and unacceptable. 

  @Pras71 ER605 V1 does not support Wiregaurd currently or I would be using that.

  @Pras71 

Wire guard works with dyndns for sure. I did it a week ago with duckdns. 

But I don't know if your router supports it. ER706W does for sure. 

  @RaRu 

I originally bought a ER605 v1 from Amazon. I also subscribe to Nord VPN and wanted an always on VPN for my Guest network. On the ER605 v1 OpenVPN Server did not allow you to use a username and password, which Nord VPN requires. ER605 v2 and higher had a firmware upgrade that updated OpenVPN to use a username and password, but the ER605 v1 did not have a new firmware available. I have noticed when I buy TP-Link products from Amazon I always get a v1 product. I reached out to TP-Link support and voiced my concern. They said because my ER605 v1 was still under warranty they would RMA it and send me an ER605 v2. I just had to send the ER605 v1 back to them within 15 days or they would charge me for the new one. Ever since I got the ER605 v2 I have not had OpenVPN issues. I have Server side setup so I can VPN into my home network. My Windows laptop uses the OpenVPN Connect (3.3.3) application. I also have the client side setup with an always on VPN connection to NordVPN. Both works as expected.

Also, there is a lot of talk going on in the OpenVPN forum about Android 14. You might find more answers there.

  @HellBent it still doesn't change the fact that a legacy option leading to weakened security is enabled by default without the ability to disable it.

When I chose TP-Link over ubiquity it was mainly a cost decision, so I assumed this comes with some disadvantages. But this kind of software/firmware support is an absolute disaster. If I have to make any HW decision in a professional environment, TP-Link would be off the table immediately. For me as a home user it was often the first choice, but right now I would pay the mark up and go to ubiquity.