@RichLockett 

Thanks for reaching out. I understand that you're experiencing issues with your work laptop's GlobalProtect VPN connection when connected via Ethernet to your Deco Mesh network (XE75s in Access Point mode), while it works fine over a mobile hotspot. The VPN stalls browser activity until refreshed, and disabling Mesh on the laptop's dedicated Deco unit did not resolve the issue.

Based on your description, this appears to be a VPN connectivity issue when using the Deco Mesh network. Here are some troubleshooting steps you can follow:

1. VPN Server Requirements:
    • Deco VPN Server features (OpenVPN, WireGuard, PPTP, L2TP) require a public IPv4 address. If your Deco is in Access Point mode and your main router (Sky Fibre) is handling routing, VPN passthrough and port forwarding must be correctly configured on the main router.
    • Go to the Deco app > MORE > Internet Connection > IPv4 and check if the WAN IP address is public. If not, VPN Server features may not work as expected.
    • If another router is in front of the Deco (as in your setup), ensure that port forwarding is set up on the main router for the VPN ports.

2. VPN Client Access:
    • If you can connect to the VPN but have no Internet or cannot access network resources, go to Deco app > MORE > VPN > VPN Server, tap your VPN Server, and ensure 'Client Access' is set to 'Internet and Home Network'.
    • If you only see 'Home Network Only', Internet access will not be available through the VPN.

3. Firewall Settings:
    • If you cannot access home network resources (such as servers or NAS devices), check that the firewall on those devices is not blocking connections from the VPN subnet.

4. Additional Steps:
    • Since your VPN works on a mobile hotspot but not on the Deco network, this suggests a possible issue with network segmentation, firewall, or VPN passthrough on your main router or switch. Double-check that your Sky Fibre router allows VPN passthrough and that there are no restrictions on the Ethernet switch.
    • Try connecting your laptop directly to the main router (bypassing the Deco and switch) to see if the issue persists. This will help isolate whether the problem is with the Deco Mesh, the switch, or the main router.

If you continue to have issues, please provide the following information to TP-Link support:
    • Your WAN IP address
    • Screenshots of your VPN Server configuration
    • Screenshots of your VPN Client configuration (on your laptop)
    • VPN connection logs (if possible)

For more details, you can refer to the official FAQ: https://www.tp-link.com/en/support/faq/2925/

Let us know if you need further assistance, and please share the results of these troubleshooting steps.

  @RichLockett 

Hi, thank you very much for your feedback.

Is the current network topology like:

Internet service----Sky Fibre Broadband----TP-Link switch---main Deco XE75, 2*satellite XE75 wirelessly connected to the main XE75?

Did you set Deco XE75 into access point mode?

Can you constantly reproduce this issue on the laptop:

"Anything browser-related seems to stall and won't fire up again until I have refreshed the GlobalProtect VPN link, then it works immediately for a while."

By the way, I'll follow up on your case via email and consult the senior engineer for more advice. Please check whether you can receive my email.

Thanks a lot.

Best regards.