Troubleshooting VPN Client on Wi-Fi Router Is Not Working
This Article Applies to:
All the Wi-Fi Routers that support VPN Client, such as Archer AX20, Archer AX21, Archer AX90, etc.
Issue Description/Phenomenon:
The Wi-Fi Routers that are being discussed here are the models that support VPN Client, which allows users to connect to a VPN server without the need to install VPN software on each device. If you are unable to connect to a VPN server when trying to configure the VPN client on the TP-Link router, this article provides some suggestions that may help you out.
However, if VPN server on TP-Link router is not working, please follow this thread for troubleshooting: VPN Server Doesn't Work Properly on TP-Link Wi-Fi Routers
Troubleshooting Suggestions & Solution:
Step 1
For OpenVPN, please follow this FAQ How to get configuration files from OpenVPN service providers to get correct configuration file and your VPN service credentials, which is the key to accessing the VPN service.
Step 2
Ensure you can successfully connect to the VPN server using a third-party VPN client software like OpenVPN Connect or OpenVPN or WireGuard App for WireGuard VPN on the local PC/Smartphone. This can ensure the .opvn or .conf file is configured and exported correctly.
For example, If you are trying to connect to NordVPN, please don't use NordVPN App since it doesn't require the .opvn at all.
Note: NordVPN service credentials are different from your NordVPN account credentials, namely your email address and your password. You'll need NordVPN service credentials to connect to the VPN using the manual OpenVPN configuration method in the router.
Step 3
If step 2 is confirmed good, but it still fails to connect to the VPN server when uploading the .opvn file into the TP-Link router, be sure the router's firmware is up-to-date. You can check for the updates on the Tether app or on the router web GUI, or you can download it from the local official website and then install it manually.
Step 4
If it still fails, please check the size of the VPN configuration profile you are trying to upload to the router, and how large that file is. You may download and install the Notepad+ application to delete the useless comment in the profile if that is too large, then try uploading it into the router again.
Step 5
It's also suggested to try TCP protocol on the VPN server if it's currently using UDP, then save the file and upload it into the TP-Link router again to check if that works.
If the VPN connection still fails, please comment below on this topic and be sure to provide the following information:
1. Model number, hardware, and firmware version of your TP-Link Router.
2. What kind of VPN server you are connecting to?
3. What kind of VPN type are you choosing on the TP-Link router, OpenVPN, or PPTP VPN?
4. What kind of VPN Client software you were using on the local PC or phone when it was connecting fine? Please test and make sure you can connect to the server with third-party software, such as OpenVPN Connect for OpenVPN and WireGuard App for WireGuard VPN.
5. Which step did you stuck in, any error message or screenshot?
6. Troubleshooting you've done before, and be sure the .opvn file for OpenVPN or .conf file for WireGuard is included when emailing to support.
Related Articles:
If you are not familiar with the VPN, visit Introduction and Configuration Guide of VPN Function on TP-Link Wireless Routers
If you want to check which model supports the VPN Client, visit Routers supporting the VPN Client.
If you are unable to connect CyberGhost OpenVPN Server, please try Manually create the unified format for OpenVPN profile(CyberGhost OpenVPN Server)
-------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
yes done all that. Got and filled "service" credentials and not the account credentials. Tried ovpn files for different servers. Tried tcp as well as udp. The express vpn connects but not the nord vpn?????????
tried uploading ovpn from laptop as well as mobile. No luck. Did the same to try express vpn. That works fine. Odd????
- Copy Link
- Report Inappropriate Content
You mean the NordVPN doesn't connect either if you use OpenVPN Connect software/application on laptop/mobile directly?
If so, please contact the VPN proider Nord for help.
- Copy Link
- Report Inappropriate Content
open vpn for Nord vpn on other devices works fine. It's only when I set up vpn client on Tp-link AXE75 following all the instructions for Nord vpn, the connection status is stuck at "connecting" without success. This is frustrating.
- Copy Link
- Report Inappropriate Content
I just got a reply from a similar issue in a support ticket, it turns out that the .ovpn file cant have a
BEGIN ENCRYPTED PRIVATE KEY
if the .ovpn file was generated with an encrypted private key the router doesnt support it.
./easyrsa build-client-full (user) nopass
Will generate an .ovpn which has no pass and is thus BEGIN PRIVATE KEY and it will fly through 🙏
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
thanks. As a complete novice to programming etc. how can I change the ovpn file? What software or program to use on a Mac. I shall appreciate if someone can provide step by step guide. Thanks.
- Copy Link
- Report Inappropriate Content
So, there are only two ways to do this, first thing first
1. If this is your own .ovpn, meaning you run your own OpenVPN server, using the normal methods to create your users you would have to execute
/path/to/easyrsa build-client-full <username> nopass
The issue with making not a "nopass" is that it asks you to set a password, when you set a password for the .ovpn you end up with BEGIN ENCRYPTED PRIVATE KEY whilst with a nopass, this is just BEGIN PRIVATE KEY and I only find this out because TP Link support inspected my .ovpn to tell me that their routers do not work with Encrypted Private keys.
2. You don't have your own server, you are using NordVPN, ExpressVPN, or any other VPN service, you can open the .ovpn you get provided in Notepad, and check the <key> section, is it ENCRYPTED or not, if it says BEGIN ENCRYPTED PRIVATE KEY you are out of luck and the only way to resolve your case is to contact the support team for that VPN service and ask if they can generate a .ovpn file for your account which does not have ENCRYPTED PRIVATE KEY or a nopass, and if they can you are in luck. If they brush it off, then unfortunately that VPN service is not supported by the router.
I think TP Link should add this to the FAQ because i spent days trying everything between heaven and earth inside the router, inside the server, network, multiple checks.
- Copy Link
- Report Inappropriate Content
Hi Sunshine, Kevin and anyone at TP-Link I have bought a few products from tp link and overall I like their functionality, I have a few Deco's X60 and I have two routers, the one I just had issues with and another one a slightly newer brand. It's just something I wanted to mention to TP-Link Support.
I am system administrator, I have noticed that with TP-Link products there is always this lack of verbosity or access for administrators, I have been told to replace all my TP Link with something else like Linksys etc, but I have so far been okay with TP-Link.
Out of those 3-4 things I have owned or currently own there is two things I can point out
1. If you have Deco's just remember that TP Link has no plans to allow you to switch channels, it's on the forum in different post that Deco knows best, while Zigbee disagrees and other things it may interfere with. I have come to accept that Deco is just how Deco is. Fair enough
however...
2. I am not okay with how little verbosity the router even has, think about this, If there was a "timeout message" in the System Log of the AX routers or any of your routers, you would be escaping a lot of the ticket replies here. You have ongoing tickets because your firmware doesn't fix these things. For example in my case it was "Connecting.." and it just never stops, when in reality I would like it to try then fail with "Disconnected.." and a message, If i were to goto the System > Log Id see something like "Could not connect to IP: X - Reason: Router does not support encrypted private keys (err: code)" or anything.
My 2. was resolved by Noah via Support email but as a system admin, I feel like this should have been addressed attempting to connect, instead the log showed no action, I got no action, no results, no output, nothing that would guide me "okay so encrypted private key is the culprit here, will generate a nopass one". You should be taking every client issue you see here, and put it into array of output error's and present to the end user, patch all your routers with these so that administrators have a bit more view of what is going on and how to resolve it.
If it weren't for this thread, or me posting in it, I wouldn't really know where to go. I understand 1. but I don't understand why there isn't firmware update on all your routers, addressing this ensuring "If connection fails, lets return an error message, something to go on, and maybe a link to what error 1013 means etc".
Just my two cents, otherwise im okay with these routers, they work great but just lack a bit of "Let the user know", stop the constant "Lets make it easiest for users, Router knows best, no need to let the end user know" and start informing your customers who want to see way more even a toggle switch "Verbose (for debugging purposes)".
Have a nice day :)
PS: Im leaving these thread comments to help anyone coming here stumbling on this thread with a private VPN server, so they KNOW what Noah did for me and can then help others, and also I wanted to give a bit of feedback on this, Im appreciative of Noah's help it 100% solved me.
- Copy Link
- Report Inappropriate Content
Hi, thank you very much for the valuable update. Glad to hear that the issue has been resolved.
We've reported your feedback to our senior engineers and suggested to add related logs to the VPN client connection issues. We will inform the community users once there is any related update.
- Copy Link
- Report Inappropriate Content
Hi, upon consulting with our senior engineer, NordVPN usually doesn't use BEGIN ENCRYPTED PRIVATE KEY, so your case should be different from SteiniPe.
To assist you efficiently, I've forwarded your case to the TP-Link support engineers who will contact you with your registered email address later. Please pay attention to your email box for follow-up.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 8
Views: 66366
Replies: 241
Voters 2
