I've spent the entire weekend trying to connect my TP-Link ER8411 to commercial VPN providers like NordVPN, Torguard, Hide.Me, etc. Coming from UniFi equipment where configuring this is typically a straightforward 10-minute task, I’m finding the TP-Link setup far from intuitive, and frankly, largely nonfunctional for this use case.

My expectation was to create a Client-to-Site VPN, input the provider’s config, and have the selected LAN automatically route traffic through this VPN. However, after trying multiple VPN providers and server locations, nothing worked as expected. The interface is particularly frustrating because it does not show VPN status or provide any useful logs for troubleshooting. While there is a VPN Status page, it only shows VPNs that are actively working and offers no diagnostic details. Come on TP-Link, you should be doing better than this for a £350 enterprise device!

After many hours of trial and error, I finally got one VPN connection to appear in the routing table (Not the VPN Status Page, that also appears buggy), but traffic wasn’t routed through it. I had to manually create a Static Route to get LAN traffic to use the VPN tunnel. That worked. When removing the Statis Route, oddly it was still working. When I tried to replicate this setup for a second VPN and LAN, it completely broke. It feels like the VPN client functionality was added without proper integration or testing, which is baffling and frustrating for what is supposed to be a flagship business router.

Looking at my Controller this morning, I have 2 VPNs with the same subnet and IP address, which is not possible. Can someone please tell me, when adding a VPN, what subnets & IP address are expected to be created? Then, when you add a second VPN, what subnets & IP address are expected to be created?

Sounds to me link TP-Link need to conduct proper testing of this VPN functionality and fix the bugs.