Knowledge Base Introduction and Configuration Guide of VPN Function
What is VPN?
VPN stands for Virtual Private Network. A VPN helps you access internet resources remotely, securely, and privately with tunneling technology. You might use a VPN for Enhanced Security, Privacy Protection, and Remote Access.
Enhanced Security: VPNs encrypt your internet traffic, protecting your data from potential eavesdropping or unauthorized access.
Privacy Protection: VPNs hide your IP address and location, making it difficult for websites, advertisers, or malicious actors to track your online activities.
Remote Access: VPNs enable secure access to your home or office network from remote locations, allowing you to access files, printers, or other network resources.
You may go to Introduction of VPN to get more information
Typical Topology of VPN
Types of VPN
A VPN connection consists of a VPN server and a VPN client.
VPN server acts as a gateway, accepting client connections and providing secure access to a network.
VPN client allows users to connect to a remote VPN server, establishing a secure connection for accessing resources.
TP-Link routers offer the two types of VPN function.
If you configure the router as a VPN server, you need to install VPN client software on each device to establish VPN connections between the router and your devices. In this case, the data transmitted between your router and devices are encrypted in a private tunnel, keeping your data safe.
If you configure the router as a VPN client, after connecting it to a VPN server, all of its connected devices can enjoy the VPN service, and you don’t need install VPN software on every device.
The table below lists common use cases:
User Requirement |
What Router acts as |
Connecting to third-party VPN service provider such as Express to hide IP |
VPN Client |
Enhancing security and privacy when using public Wi-Fi networks |
|
Anonymous browsing and protection against online surveillance |
|
Securely accessing company or home network resources remotely |
|
Enabling secure remote access to company networks for work-from-home employees |
VPN Server |
Enabling secure access to home network resources from anywhere |
|
Creating a secure network environment for IoT devices at home |
Please note that some router models may only support VPN server function, check it here: Wi-Fi Routers | TP-Link
VPN Usage Scenarios
VPN server:
Scenario: Customer A configures his router as a VPN server and hopes he can remotely access the VPN server or LAN resources over the Internet.
Notifications:
• VPN server supports Openvpn/PPTP/Wireguard/L2TP over IPsec. Openvpn is popular and mainstream. Some models may not support Wireguard.
• VPN client can visit the LAN network(PC/NAS/Camera) of our router when he connects to the VPN server
• Normally LAN PC should disable firewall or set a rule in the firewall settings because windows firewall will block the connection from other IP
Network topology:
VPN client:
Scenario: Customer A has subscribed to Express/Nord VPN and wants to access the subscribed VPN server directly through our router because downloading the VPN Client APP for each VPN client would be too time consuming.
Notifications:
• VPN client supports Openvpn/PPTP/Wireguard/L2TP over IPsec. Openvpn is popular and mainstream. Some models may not support Wireguard.
• Need add device in the VPN device list. Device will not go through the VPN if it’s not in the VPN device list
• VPN client can bypass internet censorship and surveillance in certain countries, protect the privacy.
• Most VPN providers will create a username and password to connect the VPN. Customer can find FAQ in their official website such as Nordvpn.
Network topology:
VPN Passthrough:
Scenario: If our router supports VPN passthrough, VPN clients on the internal network can access the remote VPN server through VPN Passthrough; Or an intranet VPN server provides VPN services to other remote machines through Passthrough.
Notifications:
• VPN passthrough support PPTP/IPsec/L2TP. Openvpn and wireguard don’t need VPN passthrough
• VPN passthrough is on in default.
Network topology:
What VPN protocols do TP-Link Wi-Fi Routers support?
TP-Link VPN routers support multiple VPN protocols, including: PPTP, L2TP/IPsec, OpenVPN, and WireGuard, with compatibility varying by model.
Please go to the product [Specifications] of the models listed at the following link for more details:
Wi-Fi Routers | TP-Link
Or you can contact TP-Link support for accurate information regarding VPN protocol support for your specific model.
For Deco products, please refer to Deco VPN Server/Client Supported List
Configuration Guide of VPN with TP-Link Wi-Fi Router&Deco
For Archer Router
For common VPN Client: How to install a VPN Client on TP-Link Wi-Fi Router
For Build-in Surfshark VPN Client: How to Install Surfshark VPN on TP-Link Wireless Routers
For Build-in NordVPN Client: How to Install NordVPN on TP-Link Wireless Routers
Note: Username and password for VPN client consist of a random combination of letters and numbers.
For certain providers such as NordVPN and Surfshark, customers usually use their account ID and password to log in within the official VPN client provided by these companies. But for third-party client like our routers, users should use the designated credentials within the
official VPN client offered by the respective providers.
https://support.nordvpn.com/Connectivity/Router/1877338602/Setting-up-TP-Link-withNordVPN.htm
For PPTP VPN Server: How to use PPTP VPN to access your home network through the Wi-Fi Routers
For OpenVPN Server: How to use OpenVPN to access your home network through the Wi-Fi Routers
For WireGuard VPN Server and Client: How to set up WireGuard VPN on TP-Link wireless router
More: How to Establish a VPN Connection on TP-Link Wi-Fi Router
For Deco
QA
1. Can a VPN Router act as both VPN server and VPN client simultaneously
A: TP-Link VPN router can act as both VPN server and VPN client to meet all your VPN service needs.
2. Can I use VPN to access the whole network from both VPN server and VPN client side with TP-Link Wi-Fi Router?
A: No, the ability for the server to access the client can typically only be achieved in site-to-site VPN. The VPN types supported by routers are designed for client-to-server connections, meaning that the client can access the server, but not the other way around.
3. Do TP-Link Wi-Fi Routers work with a third party VPN service?
A: TP-Link Wi-Fi Routers work with the VPN using the standard VPN protocol such as PPTP, L2TP/IPsec, OpenVPN, and WireGuard. For some certain custom VPN services requiring to use custom VPN client software, we recommend to check the compatibility with the VPN provider and TP-Link cannot guarantee the support to those VPN.
4. Can I use VPN to bypass geographical restrictions with TP-Link Wi-Fi Router?
A: Yes, VPN can help bypass geographical limitations. By routing your internet traffic through a server in another region, a VPN can make it appear as if you are accessing the internet from that region, allowing you to access region-restricted content or services. However, it should be noted that the use of VPN may be legally restricted in some regions or countries, and it is recommended to use it in compliance with applicable laws.
5. How many devices can I connect to a VPN Server running on TP-Link Wi-Fi Router?
A: When setting up a TP-Link router as a PPTP or L2TP/IPSec server, you can create a total of 16 accounts. However, only 10 accounts are allowed to connect to the VPN server online at a time, with one device per account. For the WireGuard you can have a maximum of 16 concurrent connections, and for OpenVPN, the maximum number of concurrent connections is limited to 10.
6. Can I configure a separate DNS server address when using a VPN connection on TP-Link Wi-Fi Routers?
A: Currently, TP-Link Wi-Fi routers do not support the configuration of a separate DNS server address when using a VPN connection.