VPN Client on Wi-Fi Router Is Not Working

VPN Client on Wi-Fi Router Is Not Working

186 Reply
Re:VPN Client is not working
2022-04-21 19:14:01

  @oosman5 @Kevin_Z 

 

Update: I was able to get the VPN Client working after correcting the opvn config file. It looks like you do have to put the username and password for it to work when using CyberGhost VPN.

 

  3  
  3  
#88
Options
Re:VPN Client is not working
2022-04-22 09:55:39

WayneHu wrote

Kevin_Z wrote

Kevin_Z: Can I know what kind of VPN server are you using on the AX90? And what is the working mode of the AX90 when you mentioning TAP mode (i.e. Bridge-mode), does it refer to Access Point mode? Some advanced features are not available when the router is working in AP mode, I guess VPN server would be one of them. VPN server can only be configured on the gateway router.

 

Hi Kevin,

 

As it is mentioned, the current AX90 FW's OpenVPN server does not have this TAP option when AX90 is configured as router mode. But it works with the DD-WRT FW in my experience. With OpenVPN server's TAP mode, the VPN client's IP is assigned with the LAN subnet's. I used to run DD-WRT's OpenVPN server with this mode.

@WayneHu 

Kevin_Z: Are you requesting the same feature as asked by tekniking in the following thread?

https://community.tp-link.com/en/home/forum/topic/544528

If yes, that is not supported at this moment.laugh

 

Another curious design is about the "Access Control" on the "Guest network". I am surprised why it is also included. To me it makes more sense without any needing to set the MAC address in this table just for my different guests to use my WiFi network to access the internet while my home network is still only accessed with my home devices. It is the same for the company's office environment. It can be achieved with my another Buffalo AC1750DHP router running the DD-WRT FW.

Kevin_Z: Does it mean there is no internet access when connecting to the guest network and when Access Control is enabled? If yes, this has been brought up with the team and they will evaluate the feasibility to optimize the Access Control feature in the future.

 

Any device not described in the [Access Control] [White List] does not even have any chance to establish the connection to AX90's Guest WiFi network. For security consideration,  this option is useful in case to disallow some standalone devices to touch home LAN. But it is not really useful for occasionally visited guests case. Maybe an additional Guest Network SSID with the option to enable / disable the Access Control is more flexible. :p

 

Kevin_Z: Good idea, we would see how to improve this in the future.

 

Thank you for the reply!

 

Best Regards,

Wayne

 

  0  
  0  
#89
Options
Re:VPN Client is not working
2022-04-23 06:56:12 - last edited 2022-04-23 07:18:07

  @Kevin_Z 

 

Kevin_Z: Are you requesting the same feature as asked by tekniking in the following thread?

 

https://community.tp-link.com/en/home/forum/topic/544528

 

If yes, that is not supported at this moment.

 

Yes, some features like that. With OpenVPN TUN mode, it makes the things more complex because the VPN client is not at the same subnet of Home LAN. Even if it can do the routing between Home LAN and VPN client(s) with AX90 FW's OpenVPN service, in the remote OpenVPN client setting, it still needs to add additional routing setting to forward Home LAN device's IP packets to the VPN tunnel interface. So it is not as convenient as TAP mode, which works as L2 Ethernet bridge --- although it is with some security issues and broadcast packet overhead.

 

The alternate idea is to support the virtual server for AX90's VPN server gateway. It is more secure just to expose some Home LAN device's particular ports to VPN clients. But it might be more complex to support more than 1 Home LAN's SMB file sharing service.

 

With DD-WRT FW, the SSH + tunnel method by non-root user is my preferred one used for more than 10 years because it does not need very complex setup. It is also actually faster than OpenVPN's tunnel. It just needs to use PuTTY with enforced key authentication login method to create the tunnel to access VNC / RDP services in my Home LAN. Even the SSH user's login private key is exposed, this non-root user cannot modify any router setting or run any administration command.

 

 

Today I just tested AX90's USB storage's [Samba for Windows] file sharing service with Google's Chromecast TV + VLC player. It works fine with low bit rate audio streaming playback. But the VLC's playback is always stopped on playing the H.265 + DTS-HD/MA or TrueHD video files (15 ~ 20 Mbps) in few seconds. The files are put on a USB 3.0 SD Card reader + Samsung EVO+ 512GB MicroSD card formatted as ExFAT. It was previously put on my DD-WRT FW's 802.11ac router and the playback was always very stable with 1 second buffering setting in VLC player.  So I am a little bit surprised it does not work well with this more powerful router HW. :p

 

  0  
  0  
#90
Options
[Solved] Re:VPN Client is not working
2022-05-12 21:03:58 - last edited 2022-05-13 19:45:57

  @Kevin_Z 

 

** This issue was solved and the answer is in post #95 below **

 

Having some problems with the VPN Client with OpenVPN. 

 

AX21 V2.0 with 2.1.5 Build 20211231

 

Basically it does not seem to be able to digest my .ovpn files. I can select the config file and I get the progress bar going to 100% but then it is just stuck there. If I click Save, it tells me the field is required (the config file, obviously). This is with  (PIA) VPN files, which I have not had any trouble with on numerous platforms. I have tried OpenVPN 2.3 and older config files, including adding the cert and crl files in the main file, as well as the integrated OpenVPN 2.4 and above config files. Same result. To save time, I am going to post the beginning of the file:

 

-----------------------------------------------------------------------

client
dev tun
proto udp
remote <site> 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server

auth-user-pass
compress
verb 1
reneg-sec 0
 

 

Thanks in advance!

 

-----------------------------------------------------------------------------------------------------------------------

 

  0  
  0  
#91
Options
Re:VPN Client is not working
2022-05-13 01:18:53

 As a follow up, I even tried the .ovpn file that the AX21 generated for use with it's server and it will not successfully read it in. The ovpn file works fine with a computer to connect to the AX21 server. I have now tried just about every combination of config files for several OpenVPN servers and they ALL get stuck at the 100%! What am I missing?!

  0  
  0  
#92
Options
Re:VPN Client is not working
2022-05-13 06:39:13

Hello @Speedy777 

 

Are you saying you use two AX21, one is working as the OpenVPN server and the other is the VPN Client? 

 

How do you connect to the OpenVPN server on the computer, via VPN software?

  0  
  0  
#93
Options
Re:VPN Client is not working
2022-05-13 13:47:38

Kevin_Z wrote

Hello @Speedy777 

 

Are you saying you use two AX21, one is working as the OpenVPN server and the other is the VPN Client? 

 

How do you connect to the OpenVPN server on the computer, via VPN software?

  @Kevin_Z 

 

No, I am trying to use the AX21 client to connect to a regular VPN service. Because I couldn't get ANY .ovpn config file to load properly, I tried to see if it would even load it's own .ovpn file it generated for it's OpenVPN server. 

 

Normally, I connect to the OpenVPN server using Tunnelblick software on OSX, and OpenVPN app on iphones and ipad. Neither of these clients have any problem with the PIA config files that I use. As mentioned in the earlier post, on the AX21 I can select the config file, it appears to load, with the progress bar going to 100%, but then it doesn't seem to complete and is stuck at 100%. I can send you an actual config file to try, if that helps. 

  0  
  0  
#94
Options
Re:VPN Client is not working
2022-05-13 15:38:47 - last edited 2022-05-13 19:49:50

  @Kevin_Z 

 

Ok, I figured out the problem. The issue I had of the OpenVPN config file not loading correctly only occurs if I load it while logged in via the WAN interface. It works correctly if you are logged in via the LAN/Wireless interface. It just so happens that in my test environment, it was more convenient to manage the AX21 via the WAN interface, which appears to be identical to the LAN interface, so I had no reason to suspect anything. 

 

So, all my config files load fine when loaded via the LAN interface and the VPNs all come up correctly. In summary:

 

Logged in via WAN interface: OVPN config file does not complete loading

Logged in via AX21 VPN Server and accessing local interface: OVPN config files does not complete loading

Logged in via LAN or Wireless interface: OVPN config file loads completely and you can save the config

 

Kevin, you  might want to add this fact to your pinned post, or have the software guys fix it such that it can load from any interface.

  3  
  3  
#95
Options
Re:VPN Client is not working
2022-05-16 07:50:34

 

Speedy777 wrote

  @Kevin_Z 

 

Ok, I figured out the problem. The issue I had of the OpenVPN config file not loading correctly only occurs if I load it while logged in via the WAN interface. It works correctly if you are logged in via the LAN/Wireless interface. It just so happens that in my test environment, it was more convenient to manage the AX21 via the WAN interface, which appears to be identical to the LAN interface, so I had no reason to suspect anything. 

 

So, all my config files load fine when loaded via the LAN interface and the VPNs all come up correctly. In summary:

 

Logged in via WAN interface: OVPN config file does not complete loading

Logged in via AX21 VPN Server and accessing local interface: OVPN config files does not complete loading

Logged in via LAN or Wireless interface: OVPN config file loads completely and you can save the config

 

Kevin, you  might want to add this fact to your pinned post, or have the software guys fix it such that it can load from any interface.

 

@Speedy777 That's what we've missed in the guide really, while I guess most of us will login to the AX21 via LAN or wireless when they configure the VPN Client feature. We will record this kind of request and ask the engineers to evaluate if there is feasibility.

  0  
  0  
#96
Options
Re:VPN Client is not working
2022-05-16 11:18:29
Have you solved the problem? Because I can not
  0  
  0  
#97
Options