Troubleshooting VPN Client on Wi-Fi Router Is Not Working
This Article Applies to:
All the Wi-Fi Routers that support VPN Client, such as Archer AX20, Archer AX21, Archer AX90, etc.
Issue Description/Phenomenon:
The Wi-Fi Routers that are being discussed here are the models that support VPN Client, which allows users to connect to a VPN server without the need to install VPN software on each device. If you are unable to connect to a VPN server when trying to configure the VPN client on the TP-Link router, this article provides some suggestions that may help you out.
However, if VPN server on TP-Link router is not working, please follow this thread for troubleshooting: VPN Server Doesn't Work Properly on TP-Link Wi-Fi Routers
Troubleshooting Suggestions & Solution:
Step 1
For OpenVPN, please follow this FAQ How to get configuration files from OpenVPN service providers to get correct configuration file and your VPN service credentials, which is the key to accessing the VPN service.
Step 2
Ensure you can successfully connect to the VPN server using a third-party VPN client software like OpenVPN Connect or OpenVPN or WireGuard App for WireGuard VPN on the local PC/Smartphone. This can ensure the .opvn or .conf file is configured and exported correctly.
For example, If you are trying to connect to NordVPN, please don't use NordVPN App since it doesn't require the .opvn at all.
Note: NordVPN service credentials are different from your NordVPN account credentials, namely your email address and your password. You'll need NordVPN service credentials to connect to the VPN using the manual OpenVPN configuration method in the router.
Step 3
If step 2 is confirmed good, but it still fails to connect to the VPN server when uploading the .opvn file into the TP-Link router, be sure the router's firmware is up-to-date. You can check for the updates on the Tether app or on the router web GUI, or you can download it from the local official website and then install it manually.
Step 4
If it still fails, please check the size of the VPN configuration profile you are trying to upload to the router, and how large that file is. You may download and install the Notepad+ application to delete the useless comment in the profile if that is too large, then try uploading it into the router again.
Step 5
It's also suggested to try TCP protocol on the VPN server if it's currently using UDP, then save the file and upload it into the TP-Link router again to check if that works.
If the VPN connection still fails, please comment below on this topic and be sure to provide the following information:
1. Model number, hardware, and firmware version of your TP-Link Router.
2. What kind of VPN server you are connecting to?
3. What kind of VPN type are you choosing on the TP-Link router, OpenVPN, or PPTP VPN?
4. What kind of VPN Client software you were using on the local PC or phone when it was connecting fine? Please test and make sure you can connect to the server with third-party software, such as OpenVPN Connect for OpenVPN and WireGuard App for WireGuard VPN.
5. Which step did you stuck in, any error message or screenshot?
6. Troubleshooting you've done before, and be sure the .opvn file for OpenVPN or .conf file for WireGuard is included when emailing to support.
Related Articles:
If you are not familiar with the VPN, visit Introduction and Configuration Guide of VPN Function on TP-Link Wireless Routers
If you want to check which model supports the VPN Client, visit Routers supporting the VPN Client.
If you are unable to connect CyberGhost OpenVPN Server, please try Manually create the unified format for OpenVPN profile(CyberGhost OpenVPN Server)
-------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@SteiniPe Sorry.. there is a private key and end private key.. Just FYI.. the .ovpn file works fine with the OpenVPN client on my laptop. It just doesn't work with the router.
- Copy Link
- Report Inappropriate Content
@MrHalfpint well if there is no <key> with a long encrypted line after a <cert> then im not sure how your .ovpn dile works.. there shud be a <csrt[ open and close tag with key after that.. if thete id a key mention but the key inside has no BEGIN line or an END its a fileformat setup the router cant understand..
- Copy Link
- Report Inappropriate Content
@SteiniPe Thanks for the response. I did open the .ovpn file and there is nothing related to "ENCRYPTED" or "PRIVATE KEY" or password.
- Copy Link
- Report Inappropriate Content
@MrHalfpint Did you check my recent comment about this, it happened to me, the router doesn't support "BEGIN ENCRYPTED PRIVATE KEY" if your .ovpn has that you need that .ovpn re-issued but with a "nopass" so it says "BEGIN PRIVATE KEY", after dealing with this for a while I told TP-Link they need to update these routers with firmwares that have some sort of feedback message, they claim to be working on doing something like that and update the guide here with a few scenarios but so you don't have to wait, check your .ovpn in notepad if it has the key as encrypted or not, if it is you need to ask them to give you a new .ovpn but with no password encryption.
- Copy Link
- Report Inappropriate Content
I have an AXE5400 TP-Link router.
Firmware Version:
1.1.9 Build 20231115 rel.37295(5553)
Hardware Version:
Archer AXE75 v1.0
I have been trying to connect to a VPN server (KeepSolid VPN) as OpenVpn and L2TP/IPsec. I get nothing but "Connecting".
The .opvn file is ony 7k in size.
The .opvn file works fine in the OpenVPN connect program on Windows 11.
I've tried the trouble shooting up to step 5. (modified the ovpn to TCP which worked with the OpenVpn software)
This used to work.
(I don't think this has anything to do with the problem but I am using Starlink)
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
thanks for the reply and help. A ticket with support engineer is now raised given nord vpn ovpn doesn't start with BEGIN ENCRYPTED PRIVATE KEY
Let's see how it turns out.
- Copy Link
- Report Inappropriate Content
Hi, upon consulting with our senior engineer, NordVPN usually doesn't use BEGIN ENCRYPTED PRIVATE KEY, so your case should be different from SteiniPe.
To assist you efficiently, I've forwarded your case to the TP-Link support engineers who will contact you with your registered email address later. Please pay attention to your email box for follow-up.
- Copy Link
- Report Inappropriate Content
Hi, thank you very much for the valuable update. Glad to hear that the issue has been resolved.
We've reported your feedback to our senior engineers and suggested to add related logs to the VPN client connection issues. We will inform the community users once there is any related update.
- Copy Link
- Report Inappropriate Content
Hi Sunshine, Kevin and anyone at TP-Link I have bought a few products from tp link and overall I like their functionality, I have a few Deco's X60 and I have two routers, the one I just had issues with and another one a slightly newer brand. It's just something I wanted to mention to TP-Link Support.
I am system administrator, I have noticed that with TP-Link products there is always this lack of verbosity or access for administrators, I have been told to replace all my TP Link with something else like Linksys etc, but I have so far been okay with TP-Link.
Out of those 3-4 things I have owned or currently own there is two things I can point out
1. If you have Deco's just remember that TP Link has no plans to allow you to switch channels, it's on the forum in different post that Deco knows best, while Zigbee disagrees and other things it may interfere with. I have come to accept that Deco is just how Deco is. Fair enough
however...
2. I am not okay with how little verbosity the router even has, think about this, If there was a "timeout message" in the System Log of the AX routers or any of your routers, you would be escaping a lot of the ticket replies here. You have ongoing tickets because your firmware doesn't fix these things. For example in my case it was "Connecting.." and it just never stops, when in reality I would like it to try then fail with "Disconnected.." and a message, If i were to goto the System > Log Id see something like "Could not connect to IP: X - Reason: Router does not support encrypted private keys (err: code)" or anything.
My 2. was resolved by Noah via Support email but as a system admin, I feel like this should have been addressed attempting to connect, instead the log showed no action, I got no action, no results, no output, nothing that would guide me "okay so encrypted private key is the culprit here, will generate a nopass one". You should be taking every client issue you see here, and put it into array of output error's and present to the end user, patch all your routers with these so that administrators have a bit more view of what is going on and how to resolve it.
If it weren't for this thread, or me posting in it, I wouldn't really know where to go. I understand 1. but I don't understand why there isn't firmware update on all your routers, addressing this ensuring "If connection fails, lets return an error message, something to go on, and maybe a link to what error 1013 means etc".
Just my two cents, otherwise im okay with these routers, they work great but just lack a bit of "Let the user know", stop the constant "Lets make it easiest for users, Router knows best, no need to let the end user know" and start informing your customers who want to see way more even a toggle switch "Verbose (for debugging purposes)".
Have a nice day :)
PS: Im leaving these thread comments to help anyone coming here stumbling on this thread with a private VPN server, so they KNOW what Noah did for me and can then help others, and also I wanted to give a bit of feedback on this, Im appreciative of Noah's help it 100% solved me.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 5
Views: 136124
Replies: 277
Voters 2
