@polyphon 

Hi,

I doubt there is much configuration you can do from the TP-Link router's side. Just look at the options you have in the AX55's VPN configuration webpage.

If anything, I guess any VPN configuration changes would have to be made on the Netgate router's side.

I don't have a solution to your problem at hand, but I suggest you compare the *.ovpn file you got from the Netgate to an *.ovpn file from the AX55 (you would need to setup a "sample" OpenVPN server on the AX55 to export such a file)

Then open both files side by side and compare the upper sections of them. (everything above "<ca>, -----BEGIN CERTIFICATE-----")

Look for options that appear to make a significant functional difference between the two or options that are competely missing.

Like the following example that I have made up the solely for illustration:

Let's say the Netgate's file has an option "cipher AES-256-CBC" and that same option on the AX55 was "cipher AES-128-CBC". Then go to the Netgate OpenVPN server configuration and change it to use "cipher AES-128-CBC" as well. Alternatively you could also try if manually editing that line in the *.ovpn file is sufficient.

If you don't mind, then you could also post the mentioned section of the Netgate's *.ovpn file here so that other people can look at it and maybe come up with a solution. Just make sure you don't post the certificates and keys from the *.ovpn file here and alter any of your personal IP addresses !! (like in the example below)

--------------------------------------

client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote myvpnserver.whatever 1194

--------------------------------------