Home

Forums

Stories

Knowledge Base

Home Network Community > Wi-Fi Routers > VPN Client on Wi-Fi Router Is Not Working

< Wi-Fi Routers

Troubleshooting VPN Client on Wi-Fi Router Is Not Working

TroubleshootingVPN Client on Wi-Fi Router Is Not Working

Kevin_Z

2021-07-14 06:41:11 - last edited 2024-12-20 02:03:48

Posts: 22780

Helpful: 6014

Solutions: 2698

Stories: 21

Registered: 2018-12-24

VPN Client on Wi-Fi Router Is Not Working

2021-07-14 06:41:11 - last edited 2024-12-20 02:03:48

Tags: #VPN #Highlighted Thread #Official #WireGuard

This Article Applies to:

All the Wi-Fi Routers that support VPN Client, such as Archer AX20, Archer AX21, Archer AX90, etc.

Issue Description/Phenomenon:

The Wi-Fi Routers that are being discussed here are the models that support VPN Client, which allows users to connect to a VPN server without the need to install VPN software on each device. If you are unable to connect to a VPN server when trying to configure the VPN client on the TP-Link router, this article provides some suggestions that may help you out.

However, if VPN server on TP-Link router is not working, please follow this thread for troubleshooting: VPN Server Doesn't Work Properly on TP-Link Wi-Fi Routers

Troubleshooting Suggestions & Solution:

Step 1

For OpenVPN, please follow this FAQ How to get configuration files from OpenVPN service providers to get correct configuration file and your VPN service credentials, which is the key to accessing the VPN service.

Step 2
Ensure you can successfully connect to the VPN server using a third-party VPN client software like OpenVPN Connect or OpenVPN or WireGuard App for WireGuard VPN on the local PC/Smartphone. This can ensure the .opvn or .conf file is configured and exported correctly.
For example, If you are trying to connect to NordVPN, please don't use NordVPN App since it doesn't require the .opvn at all.

Note: NordVPN service credentials are different from your NordVPN account credentials, namely your email address and your password. You'll need NordVPN service credentials to connect to the VPN using the manual OpenVPN configuration method in the router.

Step 3
If step 2 is confirmed good, but it still fails to connect to the VPN server when uploading the .opvn file into the TP-Link router, be sure the router's firmware is up-to-date. You can check for the updates on the Tether app or on the router web GUI, or you can download it from the local official website and then install it manually.

Step 4
If it still fails, please check the size of the VPN configuration profile you are trying to upload to the router, and how large that file is. You may download and install the Notepad+ application to delete the useless comment in the profile if that is too large, then try uploading it into the router again.

Step 5
It's also suggested to try TCP protocol on the VPN server if it's currently using UDP, then save the file and upload it into the TP-Link router again to check if that works.

If the VPN connection still fails, please comment below on this topic and be sure to provide the following information:
1. Model number, hardware, and firmware version of your TP-Link Router.
2. What kind of VPN server you are connecting to?
3. What kind of VPN type are you choosing on the TP-Link router, OpenVPN, or PPTP VPN?
4. What kind of VPN Client software you were using on the local PC or phone when it was connecting fine? Please test and make sure you can connect to the server with third-party software, such as OpenVPN Connect for OpenVPN and WireGuard App for WireGuard VPN.
5. Which step did you stuck in, any error message or screenshot?
6. Troubleshooting you've done before, and be sure the .opvn file for OpenVPN or .conf file for WireGuard is included when emailing to support.

If you are not familiar with the VPN, visit Introduction and Configuration Guide of VPN Function on TP-Link Wireless Routers
If you want to check which model supports the VPN Client, visit Routers supporting the VPN Client.

If you are unable to connect CyberGhost OpenVPN Server, please try Manually create the unified format for OpenVPN profile(CyberGhost OpenVPN Server)

-------------------------------------------------

Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Introducing AI QoS: Elevate Your Gaming Experience on the Archer GE800 Gaming Router! Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.

273 Reply

WayneHu

LV1

2022-04-23 06:56:12 - last edited 2022-04-23 07:18:07

Posts: 7

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2022-04-18

Re:VPN Client is not working

2022-04-23 06:56:12 - last edited 2022-04-23 07:18:07

@Kevin_Z

Kevin_Z: Are you requesting the same feature as asked by tekniking in the following thread?

https://community.tp-link.com/en/home/forum/topic/544528

If yes, that is not supported at this moment.

Yes, some features like that. With OpenVPN TUN mode, it makes the things more complex because the VPN client is not at the same subnet of Home LAN. Even if it can do the routing between Home LAN and VPN client(s) with AX90 FW's OpenVPN service, in the remote OpenVPN client setting, it still needs to add additional routing setting to forward Home LAN device's IP packets to the VPN tunnel interface. So it is not as convenient as TAP mode, which works as L2 Ethernet bridge --- although it is with some security issues and broadcast packet overhead.

The alternate idea is to support the virtual server for AX90's VPN server gateway. It is more secure just to expose some Home LAN device's particular ports to VPN clients. But it might be more complex to support more than 1 Home LAN's SMB file sharing service.

With DD-WRT FW, the SSH + tunnel method by non-root user is my preferred one used for more than 10 years because it does not need very complex setup. It is also actually faster than OpenVPN's tunnel. It just needs to use PuTTY with enforced key authentication login method to create the tunnel to access VNC / RDP services in my Home LAN. Even the SSH user's login private key is exposed, this non-root user cannot modify any router setting or run any administration command.

Today I just tested AX90's USB storage's [Samba for Windows] file sharing service with Google's Chromecast TV + VLC player. It works fine with low bit rate audio streaming playback. But the VLC's playback is always stopped on playing the H.265 + DTS-HD/MA or TrueHD video files (15 ~ 20 Mbps) in few seconds. The files are put on a USB 3.0 SD Card reader + Samsung EVO+ 512GB MicroSD card formatted as ExFAT. It was previously put on my DD-WRT FW's 802.11ac router and the playback was always very stable with 1 second buffering setting in VLC player. So I am a little bit surprised it does not work well with this more powerful router HW. :p

#90

Kevin_Z

2022-04-22 09:55:39

Posts: 22780

Helpful: 6014

Solutions: 2698

Stories: 21

Registered: 2018-12-24

Re:VPN Client is not working

2022-04-22 09:55:39

WayneHu wrote

Kevin_Z wrote

Kevin_Z: Can I know what kind of VPN server are you using on the AX90? And what is the working mode of the AX90 when you mentioning TAP mode (i.e. Bridge-mode), does it refer to Access Point mode? Some advanced features are not available when the router is working in AP mode, I guess VPN server would be one of them. VPN server can only be configured on the gateway router.

Hi Kevin,

As it is mentioned, the current AX90 FW's OpenVPN server does not have this TAP option when AX90 is configured as router mode. But it works with the DD-WRT FW in my experience. With OpenVPN server's TAP mode, the VPN client's IP is assigned with the LAN subnet's. I used to run DD-WRT's OpenVPN server with this mode.

@WayneHu

Kevin_Z: Are you requesting the same feature as asked by tekniking in the following thread?

https://community.tp-link.com/en/home/forum/topic/544528

If yes, that is not supported at this moment.

Another curious design is about the "Access Control" on the "Guest network". I am surprised why it is also included. To me it makes more sense without any needing to set the MAC address in this table just for my different guests to use my WiFi network to access the internet while my home network is still only accessed with my home devices. It is the same for the company's office environment. It can be achieved with my another Buffalo AC1750DHP router running the DD-WRT FW.

Kevin_Z: Does it mean there is no internet access when connecting to the guest network and when Access Control is enabled? If yes, this has been brought up with the team and they will evaluate the feasibility to optimize the Access Control feature in the future.

Any device not described in the [Access Control] [White List] does not even have any chance to establish the connection to AX90's Guest WiFi network. For security consideration, this option is useful in case to disallow some standalone devices to touch home LAN. But it is not really useful for occasionally visited guests case. Maybe an additional Guest Network SSID with the option to enable / disable the Access Control is more flexible. :p

Kevin_Z: Good idea, we would see how to improve this in the future.

Thank you for the reply!

Best Regards,

Wayne

#89

oosman5

LV1

2022-04-21 19:14:01

Posts: 4

Helpful: 3

Solutions: 0

Stories: 0

Registered: 2022-04-15

Re:VPN Client is not working

2022-04-21 19:14:01

@oosman5 @Kevin_Z

Update: I was able to get the VPN Client working after correcting the opvn config file. It looks like you do have to put the username and password for it to work when using CyberGhost VPN.

#88

WayneHu

LV1

2022-04-19 02:06:23 - last edited 2022-04-19 06:27:40

Posts: 7

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2022-04-18

Re:VPN Client is not working

2022-04-19 02:06:23 - last edited 2022-04-19 06:27:40

Kevin_Z wrote

Kevin_Z: Can I know what kind of VPN server are you using on the AX90? And what is the working mode of the AX90 when you mentioning TAP mode (i.e. Bridge-mode), does it refer to Access Point mode? Some advanced features are not available when the router is working in AP mode, I guess VPN server would be one of them. VPN server can only be configured on the gateway router.

Hi Kevin,

As it is mentioned, the current AX90 FW's OpenVPN server does not have this TAP option when AX90 is configured as router mode. But it works with the DD-WRT FW in my experience. With OpenVPN server's TAP mode, the VPN client's IP is assigned with the LAN subnet's. I used to run DD-WRT's OpenVPN server with this mode.

Another curious design is about the "Access Control" on the "Guest network". I am surprised why it is also included. To me it makes more sense without any needing to set the MAC address in this table just for my different guests to use my WiFi network to access the internet while my home network is still only accessed with my home devices. It is the same for the company's office environment. It can be achieved with my another Buffalo AC1750DHP router running the DD-WRT FW.

Kevin_Z: Does it mean there is no internet access when connecting to the guest network and when Access Control is enabled? If yes, this has been brought up with the team and they will evaluate the feasibility to optimize the Access Control feature in the future.

Any device not described in the [Access Control] [White List] does not even have any chance to establish the connection to AX90's Guest WiFi network. For security consideration, this option is useful in case to disallow some standalone devices to touch home LAN. But it is not really useful for occasionally visited guests case. Maybe an additional Guest Network SSID with the option to enable / disable the Access Control is more flexible. :p

Thank you for the reply!

Best Regards,

Wayne

#87

oosman5

LV1

2022-04-18 12:10:52

Posts: 4

Helpful: 3

Solutions: 0

Stories: 0

Registered: 2022-04-15

Re:VPN Client is not working

2022-04-18 12:10:52

Hi Kevin, Yes the VPN works fine on my laptop directly - just an issue connecting via the router it seems. I have sent an email with the vpn config file for you to review. Thanks Omer

#86

Kevin_Z

2022-04-18 06:50:50

Posts: 22780

Helpful: 6014

Solutions: 2698

Stories: 21

Registered: 2018-12-24

Re:VPN Client is not working

2022-04-18 06:50:50

@WayneHu

WayneHu wrote

@Kevin_Z

Hi Kevin,

I need the OpenVPN server option operated with TAP mode (i.e. Bridge-mode) instead of TUN mode (i.e. Router-mode) provided by Archer AX90 FW. Can you help to ask if this option can be provided just like DD-WRT FW's OpenVPN server? Otherwise I don't know how to allow the remote VPN client to access the home LAN subnet's file sharing / RDP / VNC servers directly.

With the following AX90 FW version, the OpenVPN connection can be successfully established. But it is the same situation regarding Ronald's question.

Kevin_Z: Can I know what kind of VPN server are you using on the AX90? And what is the working mode of the AX90 when you mentioning TAP mode (i.e. Bridge-mode), does it refer to Access Point mode? Some advanced features are not available when the router is working in AP mode, I guess VPN server would be one of them. VPN server can only be configured on the gateway router.

Another curious design is about the "Access Control" on the "Guest network". I am surprised why it is also included. To me it makes more sense without any needing to set the MAC address in this table just for my different guests to use my WiFi network to access the internet while my home network is still only accessed with my home devices. It is the same for the company's office environment. It can be achieved with my another Buffalo AC1750DHP router running the DD-WRT FW.

Kevin_Z: Does it mean there is no internet access when connecting to the guest network and when Access Control is enabled? If yes, this has been brought up with the team and they will evaluate the feasibility to optimize the Access Control feature in the future.

Thank you for any help!

Best regards,

Wayne

#85

Kevin_Z

2022-04-18 06:10:52

Posts: 22780

Helpful: 6014

Solutions: 2698

Stories: 21

Registered: 2018-12-24

Re:VPN Client is not working

2022-04-18 06:10:52

oosman5 wrote

Hi Kevin You are right the CyberGhost file was split so I followed the instructions and manually created the unified format file. Still the same thing - stuck on 'connecting'. Any other ideas? Thanks Omer

@oosman5 I see. If that is the case, can you please check and determine if you can connect to the CyberGhost VPN server or PrivateInternetAccess VPN server when running the VPN Client on a local device directly, such as a Windows computer or phone? If that works, we would like to have the vpn config file that you imported on the AX20 then, you can email it to support.forum@tp-link.com.

#84

WayneHu

LV1

2022-04-18 01:27:07

Posts: 7

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2022-04-18

Re:VPN Client is not working

2022-04-18 01:27:07

@Kevin_Z

Hi Kevin,

I need the OpenVPN server option operated with TAP mode (i.e. Bridge-mode) instead of TUN mode (i.e. Router-mode) provided by Archer AX90 FW. Can you help to ask if this option can be provided just like DD-WRT FW's OpenVPN server? Otherwise I don't know how to allow the remote VPN client to access the home LAN subnet's file sharing / RDP / VNC servers directly.

With the following AX90 FW version, the OpenVPN connection can be successfully established. But it is the same situation regarding Ronald's question.

Another curious design is about the "Access Control" on the "Guest network". I am surprised why it is also included. To me it makes more sense without any needing to set the MAC address in this table just for my different guests to use my WiFi network to access the internet while my home network is still only accessed with my home devices. It is the same for the company's office environment. It can be achieved with my another Buffalo AC1750DHP router running the DD-WRT FW.

Thank you for any help!

Best regards,

Wayne

#83

oosman5

LV1

2022-04-15 09:53:15

Posts: 4

Helpful: 3

Solutions: 0

Stories: 0

Registered: 2022-04-15

Re:VPN Client is not working

2022-04-15 09:53:15

Hi Kevin You are right the CyberGhost file was split so I followed the instructions and manually created the unified format file. Still the same thing - stuck on 'connecting'. Any other ideas? Thanks Omer

#82

Kevin_Z

2022-04-15 00:57:54

Posts: 22780

Helpful: 6014

Solutions: 2698

Stories: 21

Registered: 2018-12-24

Re:VPN Client is not working

2022-04-15 00:57:54

oosman5 wrote

@Kevin_Z

Hi Kevin

I have an Archer AX20 v2.0 and the firmware is up to date: 2.1.6 Build 20220128 rel.15823(4555).

I have tried to connect to CyberGhost VPN and PrivateInternetAccess VPN via OpenVPN and it is just stuck on "connecting". I have followed all of the steps outlined in your original post (size of config file is fine etc.)

Can you help at all?

Thanks

@oosman5

Have you found this guide to manually creating the unified format for the OpenVPN profile when connecting to the CyberGhost OpenVPN Server? You can also try that when connecting to PrivateInternetAccess VPN if that works for CyberGhost. Please let me know if it works.

#81

Troubleshooting VPN Client on Wi-Fi Router Is Not Working

Troubleshooting VPN Client on Wi-Fi Router Is Not Working

This Article Applies to:

Issue Description/Phenomenon:

Troubleshooting Suggestions & Solution:

Related Articles:

-------------------------------------------------

Have other off-topic issues to report? Welcome to > Start a New Thread < and elaborate on the issue for assistance.

Information

Voters 2

Tags

Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.