Troubleshooting VPN Client on Wi-Fi Router Is Not Working
This Article Applies to:
All the Wi-Fi Routers that support VPN Client, such as Archer AX20, Archer AX21, Archer AX90, etc.
Issue Description/Phenomenon:
The Wi-Fi Routers that are being discussed here are the models that support VPN Client, which allows users to connect to a VPN server without the need to install VPN software on each device. If you are unable to connect to a VPN server when trying to configure the VPN client on the TP-Link router, this article provides some suggestions that may help you out.
However, if VPN server on TP-Link router is not working, please follow this thread for troubleshooting: VPN Server Doesn't Work Properly on TP-Link Wi-Fi Routers
Troubleshooting Suggestions & Solution:
Step 1
For OpenVPN, please follow this FAQ How to get configuration files from OpenVPN service providers to get correct configuration file and your VPN service credentials, which is the key to accessing the VPN service.
Step 2
Ensure you can successfully connect to the VPN server using a third-party VPN client software like OpenVPN Connect or OpenVPN or WireGuard App for WireGuard VPN on the local PC/Smartphone. This can ensure the .opvn or .conf file is configured and exported correctly.
For example, If you are trying to connect to NordVPN, please don't use NordVPN App since it doesn't require the .opvn at all.
Note: NordVPN service credentials are different from your NordVPN account credentials, namely your email address and your password. You'll need NordVPN service credentials to connect to the VPN using the manual OpenVPN configuration method in the router.
Step 3
If step 2 is confirmed good, but it still fails to connect to the VPN server when uploading the .opvn file into the TP-Link router, be sure the router's firmware is up-to-date. You can check for the updates on the Tether app or on the router web GUI, or you can download it from the local official website and then install it manually.
Step 4
If it still fails, please check the size of the VPN configuration profile you are trying to upload to the router, and how large that file is. You may download and install the Notepad+ application to delete the useless comment in the profile if that is too large, then try uploading it into the router again.
Step 5
It's also suggested to try TCP protocol on the VPN server if it's currently using UDP, then save the file and upload it into the TP-Link router again to check if that works.
If the VPN connection still fails, please comment below on this topic and be sure to provide the following information:
1. Model number, hardware, and firmware version of your TP-Link Router.
2. What kind of VPN server you are connecting to?
3. What kind of VPN type are you choosing on the TP-Link router, OpenVPN, or PPTP VPN?
4. What kind of VPN Client software you were using on the local PC or phone when it was connecting fine? Please test and make sure you can connect to the server with third-party software, such as OpenVPN Connect for OpenVPN and WireGuard App for WireGuard VPN.
5. Which step did you stuck in, any error message or screenshot?
6. Troubleshooting you've done before, and be sure the .opvn file for OpenVPN or .conf file for WireGuard is included when emailing to support.
Related Articles:
If you are not familiar with the VPN, visit Introduction and Configuration Guide of VPN Function on TP-Link Wireless Routers
If you want to check which model supports the VPN Client, visit Routers supporting the VPN Client.
If you are unable to connect CyberGhost OpenVPN Server, please try Manually create the unified format for OpenVPN profile(CyberGhost OpenVPN Server)
-------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
WayneHu wrote
Kevin_Z wrote
Kevin_Z: Can I know what kind of VPN server are you using on the AX90? And what is the working mode of the AX90 when you mentioning TAP mode (i.e. Bridge-mode), does it refer to Access Point mode? Some advanced features are not available when the router is working in AP mode, I guess VPN server would be one of them. VPN server can only be configured on the gateway router.
Hi Kevin,
As it is mentioned, the current AX90 FW's OpenVPN server does not have this TAP option when AX90 is configured as router mode. But it works with the DD-WRT FW in my experience. With OpenVPN server's TAP mode, the VPN client's IP is assigned with the LAN subnet's. I used to run DD-WRT's OpenVPN server with this mode.
Kevin_Z: Are you requesting the same feature as asked by tekniking in the following thread?
https://community.tp-link.com/en/home/forum/topic/544528
If yes, that is not supported at this moment.
Another curious design is about the "Access Control" on the "Guest network". I am surprised why it is also included. To me it makes more sense without any needing to set the MAC address in this table just for my different guests to use my WiFi network to access the internet while my home network is still only accessed with my home devices. It is the same for the company's office environment. It can be achieved with my another Buffalo AC1750DHP router running the DD-WRT FW.
Kevin_Z: Does it mean there is no internet access when connecting to the guest network and when Access Control is enabled? If yes, this has been brought up with the team and they will evaluate the feasibility to optimize the Access Control feature in the future.
Any device not described in the [Access Control] [White List] does not even have any chance to establish the connection to AX90's Guest WiFi network. For security consideration, this option is useful in case to disallow some standalone devices to touch home LAN. But it is not really useful for occasionally visited guests case. Maybe an additional Guest Network SSID with the option to enable / disable the Access Control is more flexible. :p
Kevin_Z: Good idea, we would see how to improve this in the future.
Thank you for the reply!
Best Regards,
Wayne
- Copy Link
- Report Inappropriate Content
Kevin_Z: Are you requesting the same feature as asked by tekniking in the following thread?
https://community.tp-link.com/en/home/forum/topic/544528
If yes, that is not supported at this moment.
Yes, some features like that. With OpenVPN TUN mode, it makes the things more complex because the VPN client is not at the same subnet of Home LAN. Even if it can do the routing between Home LAN and VPN client(s) with AX90 FW's OpenVPN service, in the remote OpenVPN client setting, it still needs to add additional routing setting to forward Home LAN device's IP packets to the VPN tunnel interface. So it is not as convenient as TAP mode, which works as L2 Ethernet bridge --- although it is with some security issues and broadcast packet overhead.
The alternate idea is to support the virtual server for AX90's VPN server gateway. It is more secure just to expose some Home LAN device's particular ports to VPN clients. But it might be more complex to support more than 1 Home LAN's SMB file sharing service.
With DD-WRT FW, the SSH + tunnel method by non-root user is my preferred one used for more than 10 years because it does not need very complex setup. It is also actually faster than OpenVPN's tunnel. It just needs to use PuTTY with enforced key authentication login method to create the tunnel to access VNC / RDP services in my Home LAN. Even the SSH user's login private key is exposed, this non-root user cannot modify any router setting or run any administration command.
Today I just tested AX90's USB storage's [Samba for Windows] file sharing service with Google's Chromecast TV + VLC player. It works fine with low bit rate audio streaming playback. But the VLC's playback is always stopped on playing the H.265 + DTS-HD/MA or TrueHD video files (15 ~ 20 Mbps) in few seconds. The files are put on a USB 3.0 SD Card reader + Samsung EVO+ 512GB MicroSD card formatted as ExFAT. It was previously put on my DD-WRT FW's 802.11ac router and the playback was always very stable with 1 second buffering setting in VLC player. So I am a little bit surprised it does not work well with this more powerful router HW. :p
- Copy Link
- Report Inappropriate Content
** This issue was solved and the answer is in post #95 below **
Having some problems with the VPN Client with OpenVPN.
AX21 V2.0 with 2.1.5 Build 20211231
Basically it does not seem to be able to digest my .ovpn files. I can select the config file and I get the progress bar going to 100% but then it is just stuck there. If I click Save, it tells me the field is required (the config file, obviously). This is with (PIA) VPN files, which I have not had any trouble with on numerous platforms. I have tried OpenVPN 2.3 and older config files, including adding the cert and crl files in the main file, as well as the integrated OpenVPN 2.4 and above config files. Same result. To save time, I am going to post the beginning of the file:
-----------------------------------------------------------------------
client
dev tun
proto udp
remote <site> 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
compress
verb 1
reneg-sec 0
Thanks in advance!
-----------------------------------------------------------------------------------------------------------------------
- Copy Link
- Report Inappropriate Content
As a follow up, I even tried the .ovpn file that the AX21 generated for use with it's server and it will not successfully read it in. The ovpn file works fine with a computer to connect to the AX21 server. I have now tried just about every combination of config files for several OpenVPN servers and they ALL get stuck at the 100%! What am I missing?!
- Copy Link
- Report Inappropriate Content
Hello @Speedy777
Are you saying you use two AX21, one is working as the OpenVPN server and the other is the VPN Client?
How do you connect to the OpenVPN server on the computer, via VPN software?
- Copy Link
- Report Inappropriate Content
Kevin_Z wrote
Hello @Speedy777
Are you saying you use two AX21, one is working as the OpenVPN server and the other is the VPN Client?
How do you connect to the OpenVPN server on the computer, via VPN software?
No, I am trying to use the AX21 client to connect to a regular VPN service. Because I couldn't get ANY .ovpn config file to load properly, I tried to see if it would even load it's own .ovpn file it generated for it's OpenVPN server.
Normally, I connect to the OpenVPN server using Tunnelblick software on OSX, and OpenVPN app on iphones and ipad. Neither of these clients have any problem with the PIA config files that I use. As mentioned in the earlier post, on the AX21 I can select the config file, it appears to load, with the progress bar going to 100%, but then it doesn't seem to complete and is stuck at 100%. I can send you an actual config file to try, if that helps.
- Copy Link
- Report Inappropriate Content
Ok, I figured out the problem. The issue I had of the OpenVPN config file not loading correctly only occurs if I load it while logged in via the WAN interface. It works correctly if you are logged in via the LAN/Wireless interface. It just so happens that in my test environment, it was more convenient to manage the AX21 via the WAN interface, which appears to be identical to the LAN interface, so I had no reason to suspect anything.
So, all my config files load fine when loaded via the LAN interface and the VPNs all come up correctly. In summary:
Logged in via WAN interface: OVPN config file does not complete loading
Logged in via AX21 VPN Server and accessing local interface: OVPN config files does not complete loading
Logged in via LAN or Wireless interface: OVPN config file loads completely and you can save the config
Kevin, you might want to add this fact to your pinned post, or have the software guys fix it such that it can load from any interface.
- Copy Link
- Report Inappropriate Content
Speedy777 wrote
Ok, I figured out the problem. The issue I had of the OpenVPN config file not loading correctly only occurs if I load it while logged in via the WAN interface. It works correctly if you are logged in via the LAN/Wireless interface. It just so happens that in my test environment, it was more convenient to manage the AX21 via the WAN interface, which appears to be identical to the LAN interface, so I had no reason to suspect anything.
So, all my config files load fine when loaded via the LAN interface and the VPNs all come up correctly. In summary:
Logged in via WAN interface: OVPN config file does not complete loading
Logged in via AX21 VPN Server and accessing local interface: OVPN config files does not complete loading
Logged in via LAN or Wireless interface: OVPN config file loads completely and you can save the config
Kevin, you might want to add this fact to your pinned post, or have the software guys fix it such that it can load from any interface.
@Speedy777 That's what we've missed in the guide really, while I guess most of us will login to the AX21 via LAN or wireless when they configure the VPN Client feature. We will record this kind of request and ask the engineers to evaluate if there is feasibility.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 8
Views: 67029
Replies: 241