Troubleshooting VPN Issues on Deco

Released On: 2023-06-15 09:15:40Last update time: 2024-07-18 02:23:34

 

 

 

Case 1. Work as a VPN Passthrough router

The term "VPN Passthrough" on Deco means that it works neither as a VPN server nor a VPN client but as a tunnel in between that allows traffic from these endpoints to "pass through". All Deco supports VPN passthrough for IPSec/PPTP/L2TP and is intended to work without modification.  So clients connected to Deco could directly make a VPN dial-up connection on themselves to the remote VPN server.
 

Q1. What should I do if the client failed to connect to the remote VPN server?
1. Ensure the same client could connect to the VPN server on another Wi-Fi network.
2. (Optional)If there is another DHCP router connected ahead of Deco, please change Deco to Access Point mode.
3. (Optional)If Deco is the only router, please unplug Deco and connect a computer via an Ethernet cable to the ISP modem and make VPN dial-up connection again.

 

 

Case 2. Work as the VPN Client.

>>Deco VPN Server/Client Supported List.


Q1. How to set up VPN Client on Deco?

Deco VPN Configuration Guide


Q2. VPN Client status showed connected, but the selected clients had no internet, or VPN Client status showed connecting all the time.

1. Ensure you could successfully make a VPN dial-up connection on the clients themselves via the same OpenVPN config file(Please remember that many OpenVPN providers require users to log into their management interface to find VPN service credentials first for a third-party OpenVPN configuration).

2. If possible, It's also suggested to try TCP protocol on the VPN server if it's currently using UDP, then save the file and upload it into Deco again to check if that works.

3. Confirm the current firmware is up-to-date.

4. Change the WAN DNS to 8.8.8.8/8.8.4.4 per link-How to change DNS server settings on Deco 

 

 

If your issue cannot be fixed by the above suggestions, please comment below with the following information:

  • What kind of VPN server you are connecting to, like NordVPN, ExpressVPN and SurfsharkVPN?
  • What kind of VPN Client software you were using on the local PC or phone when it is connecting fine, like OpenVPN Connect or GlobalProtect APPs?
  • Which step did you fail to get through, any error message or screenshot on the Deco APP?

 

 

 

Case 3. Work as a VPN Server.

 

Q1. How to set up VPN Server on Deco?

Deco VPN Configuration Guide


Q2. What should I do if I cannot connect to my VPN Server?

1. Ensure there is a public WAN IP address under Deco APP>More>Internet connection>IPV4. A private internet address under CG-NAT network would cause some issues.
2. Set up DDNS on Deco if the WAN IP is dynamic.

 

 

 


Case 4: Use PPTP/L2TP VPN as the internet connection type.

Some ISPs provide internet service based on PPTP/L2TP protocol. Please refer to this link to set up PPTP/L2TP internet connection on Deco: 

How to Configure PPTP/L2TP Internet Connection on the Deco

0
Comment

so this works for some of my devices but most seem to be denied internet access.  They connect fine but can't get out to the internet.  Another wonderful non-functioning part of DECO routers...

@JimmyB-Deco 

Hi, May I know the model number of your Deco?

I would highly appreciate it if you could start a new thread here with more details about what current issue you are experiencing with VPN on Deco.

Wait for your reply and best regards.

​​​​​​​

Hi, Wi-Fi connection problems. Internet connection is Australian NBN FTTP, provider is Aussie Broadband with a dedicated IP address. My router is a TPL Archer AX73 set up as a wireless gateway, the wired network works just fine. I have 4 TPL Deco Mesh 9+ wired in series with the main one wired to a Lan port on the router. All Deco are set as Access Points and it used to work just fine. I have subscribe to a VPN [Private Access VPN - PIA] which might be the culprit but I am not sure as the WiFi connection problem occurs with the VPN connected or not. For some unknown to me reasons my IP range for some connected devices IPads and iPhones the network change to another set of IP address and sub and those devices DHCP Auto are not connected to the network. The tether app shows everything works fine and the Deco app as well says that all is working fine. What am I missing? Do I have to make some settings change because of the VPN? Is it that mac ios new version is playing havoc, with the new trend that wants to make everything automatic nothing is really working anymore. I might be from the old guard but I want to do things myself and the way I like. Many thanks for any help and guiding, regards, John

I have a Deco AX55

My WAN IP is a public ipv4 IP NOT CGNAT


I am trying to use VPN Client with OpenVPN

I have set my Wan DNS to 8.8.8.8 8.8.4.4

I have tried OpenVPN on both TCP and UDP

The OpenVPN connection works from other systems/clients but never connects from the AX55

Any other ideas?

I have a Deco BE85

 


I am trying to use VPN Client with IPSec

VPN connection doesn't works from Deco. Status showing Connecting all time. 
 

Help please. This VPN server is using from another Deco X60 and Archer 6000. All works fine. 

Hi, i recently bought Deco XE 75 Pro and tried setting up the VPN server/client but failed to do so.

I have tried OpenVPN, PPTP and L2TP. 

but all 3 are always showing the Connecting message.

I have tired exporting the .ovpn file to openvpn client software and tried connecting through it but was unable to connect and timeout after 2 minutes. 

 

my internet connection type is dynamic and i have register and gotten the DDNS from TP Link and the same domain name is appearing on all 3 connections. 

operation mode of Deco is set to Wi-Fi router.

Can anyone kindly advise what am i doing wrong? 

I have a Deco X55 which I configured as a Client VPN with NordVPN. The Client VPN is working and I configured for all devices to be covered with VPN.

 

Unfortunately, all devices (cell phones, laptop, Roku, Fire Stick, cameras) are all operating at only 8-10 Mbps download. I can stream, view camera footage etc,, Do I have a config file I need to tweek to get better performance. I chose NordVPN because many people recommended it over other VPNs for best streaming performance.

 

If I disable the Deco Client VPN and VPN from my laptop I can get 300-400Mbps. Can the Deco X55 handle VPN streaming, do I try SurfShark, or am I missing a key config parameter to make it work?

 

I appreciate any help you can Provide. Thank you.

I've tried setting up a VPN client using multiple different VPN providers to no avail. My connection is stuck in "Connecting". I've updated my DNS to 8.8.8.8, tried UDP and TCP. Tried different servers on my provider's end. Verified that the openvpn config files do work outside of the deco app. No luck no

Update: I finally got the VPN Client functionality working, by setting up a VPN manually (i.e., putting in username and password and uploading a UDP config file, vs. using the "NordVPN" pre-defined option which only asks for a token and a config file). But, now I get the same issue as @Jshea -- my speed has gone from around 500 MB to 12 MB, which cannot be used.

 

 

I also have the issue where the VPN Client gets stuck in "Connecting" status. Any insight or recommendations would be welcome. Thank you.

 

Info you requested:

  • VPN Server: NordVPN
  • VPN Client software that works: NordVPN on Android phone; NordVPN Extension in Chrome (on PC)
  • Steps that failed: In Deco app:
    • Credentials (token) get accepted fine
    • Upload of OpenVPN configuration file seems to work fine
    • But then the app just says "Connecting" in green forever.
    • Any clients that were specified as going through the VPN then fail to connect to the Internet, until the "VPN Client" option is  disabled again in the Deco app
  • Error messages: See log entries below, captured from the Deco web interface

 

Mon Nov 11 09:19:54 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:19:54 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:20:08 2024 authpriv.warn dropbear[22628]: Login attempt for nonexistent user from 192.168.68.51:54102
Mon Nov 11 09:20:08 2024 authpriv.notice dropbear[22628]: Password auth succeeded from 192.168.68.51:54102
Mon Nov 11 09:20:27 2024 daemon.notice netifd: Interface 'vpn' is setting up now
Mon Nov 11 09:20:27 2024 daemon.notice netifd: proto_shell_handler Interface 'vpn' cmd: 0
Mon Nov 11 09:20:27 2024 daemon.notice netifd: proto_shell_script_cb Interface 'vpn'
Mon Nov 11 09:20:27 2024 daemon.notice netifd: proto_shell_task_finish Interface 'vpn' state: 1
Mon Nov 11 09:20:27 2024 user.notice : [openvpn]: OpenVPN 2.4.11 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Nov 11 09:20:27 2024 user.notice : [openvpn]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.06
Mon Nov 11 09:20:27 2024 user.err : [openvpn]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Mon Nov 11 09:20:27 2024 user.notice : [openvpn]: Exiting due to fatal error
Mon Nov 11 09:20:31 2024 daemon.err client_mgmt: client([MAC address redacted]) not found in arp table disconnect_counter=0
Mon Nov 11 09:20:39 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.90.90 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:39 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.250 is Local Network Control Block
Mon Nov 11 09:20:39 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.251 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:39 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:20:39 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:20:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.90.90 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.250 is Local Network Control Block
Mon Nov 11 09:20:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.251 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:20:43 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:20:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:20:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:20:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:21:09 2024 daemon.notice nrd[11834]: ar_apinfo_collect[line 1113]: AP sync timer expires!
Mon Nov 11 09:21:34 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:21:34 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:21:54 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:21:55 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:05 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:05 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:07 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:08 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:12 2024 user.emerg : tp290,4[26881]: vpn
Mon Nov 11 09:22:12 2024 daemon.notice netifd: proto_shell_handler Interface 'vpn' cmd: 1
Mon Nov 11 09:22:12 2024 daemon.notice netifd: vpn (26894): cat: can't open '/var/run/openvpn-client.pid': No such file or directory
Mon Nov 11 09:22:12 2024 daemon.notice netifd: vpn (26894): kill: you need to specify whom to kill
Mon Nov 11 09:22:12 2024 daemon.notice netifd: proto_shell_script_cb Interface 'vpn'
Mon Nov 11 09:22:12 2024 daemon.notice netifd: proto_shell_task_finish Interface 'vpn' state: 3
Mon Nov 11 09:22:12 2024 daemon.notice netifd: interface_proto_cb Interface 'vpn' state: 2
Mon Nov 11 09:22:12 2024 daemon.notice netifd: interface_proto_cb Interface 'vpn' is now down
Mon Nov 11 09:22:17 2024 user.notice root: [camera_security_block] verify
Mon Nov 11 09:22:17 2024 user.notice root: [camera_security_block] verify: end
Mon Nov 11 09:22:17 2024 user.notice root: [camera_security_sched] has_config
Mon Nov 11 09:22:17 2024 user.notice root: [camera_security_sched] has_config: no config
Mon Nov 11 09:22:21 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:22 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:41 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:22:42 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.90.90 belongs to IPv4 Local Scope.
Mon Nov 11 09:22:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.250 is Local Network Control Block
Mon Nov 11 09:22:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.251 belongs to IPv4 Local Scope.
Mon Nov 11 09:22:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:22:44 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:46 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:46 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:22:49 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.90.90 belongs to IPv4 Local Scope.
Mon Nov 11 09:22:49 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.250 is Local Network Control Block
Mon Nov 11 09:22:49 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.251 belongs to IPv4 Local Scope.
Mon Nov 11 09:22:49 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@245]: Group address 224.0.0.251 is Local Network Control Block
Mon Nov 11 09:22:49 2024 user.notice IMPROXY: INFO[imp_verify_multicast_addr@258]: Group address 239.255.255.250 belongs to IPv4 Local Scope.
Mon Nov 11 09:23:13 2024 daemon.notice nrd[11834]: ar_apinfo_collect[line 1113]: AP sync timer expires!
Mon Nov 11 09:23:41 2024 daemon.err udhcpd[25340]: my ntp server ip:23 150 41 123 c67c5964
Mon Nov 11 09:23:41 2024 daemon.err udhcpd[25340]: dhcp offer: add ntp server option
Mon Nov 11 09:23:41 2024 daemon.err udhcpd[25340]: Sending ACK to 192.168.68.52
Mon Nov 11 09:23:41 2024 daemon.err udhcpd[25340]: clear ip 3444a8c0
Mon Nov 11 09:24:17 2024 user.notice root: [camera_security_block] verify
Mon Nov 11 09:24:17 2024 user.notice root: [camera_security_block] verify: end
Mon Nov 11 09:24:17 2024 user.notice root: [camera_security_sched] has_config
Mon Nov 11 09:24:17 2024 user.notice root: [camera_security_sched] has_config: no config
Mon Nov 11 09:24:35 2024 daemon.err uhttpd[7823]: Failed to execute call dispatcher target for entry '/admin/web'.
Mon Nov 11 09:24:35 2024 daemon.err uhttpd[7823]: The called action terminated with an exception:
Mon Nov 11 09:24:35 2024 daemon.err uhttpd[7823]: bad argument #1 to 'pairs' (table expected, got nil)
Mon Nov 11 09:24:35 2024 daemon.err uhttpd[7823]: stack traceback:
Mon Nov 11 09:24:35 2024 daemon.err uhttpd[7823]:     [C]: in function 'assert'
Mon Nov 11 09:24:35 2024 daemon.err uhttpd[7823]:     ?: in function 'dispatch'
Mon Nov 11 09:24:35 2024 daemon.err uhttpd[7823]:     ?: in function <?:218>
Mon Nov 11 09:24:36 2024 daemon.err uhttpd[7823]: uci: Entry not found
Mon Nov 11 09:24:36 2024 daemon.err uhttpd[7823]: uci: Entry not found
Mon Nov 11 09:24:41 2024 daemon.err uhttpd[7823]: uci: Entry not found
Mon Nov 11 09:24:41 2024 daemon.err uhttpd[7823]: uci: Entry not found

 

Same issues as you guys with BE85 - latest firmware, DNS updated and two VPN providers / approx 20 servers tried in UDP and TCP.

 

Any help or suggestions appreciated!

12
upload
    upload