Home Network Community > Deco > OpenVPN server on Deco X75 Pro - DNS server wrong
< Deco

OpenVPN server on Deco X75 Pro - DNS server wrong

OpenVPN server on Deco X75 Pro - DNS server wrong

OpenVPN server on Deco X75 Pro - DNS server wrong
OpenVPN server on Deco X75 Pro - DNS server wrong
Yesterday
Tags: #VPN
Model: Deco X75  
Hardware Version:
Firmware Version: 1.3.0

Setup / situation:

 

  • TP-Link Deco X75 Pro with OpenVPN server enabled
  • Home LAN: 192.168.1.0/24
  • Router / gateway: 192.168.1.1
  • VPN Client: UDP / port 1194 / subnet 192.168.2.0 + 255.255.255.0 / internet and lan access
  • VPN client: iPhone using official OpenVPN app
  • Connection succeeds (handshake OK, tunnel established)

 

 

Problem:

  • The OpenVPN server pushes 192.168.2.1 as DNS which is not valid and not working. It should push 192.168.1.1 and maybe a backo
  • These values do not appear in the .ovpn file and cannot be changed in the Deco GUI

 

As a result:

 

  • LAN access does not work (DNS / internal services fail)
  • Internet access also fails
  • VPN clients cannot behave like LAN devices
  • There is no option to:
    • change or disable pushed DNS
    • use 192.168.1.1 as DNS
    • use the LAN subnet instead of a forced VPN subnet ik the server. Highly unwanted but should in theory push the right DNS
    • modify OpenVPN server routes or options

 

Conclusion

This appears to be a firmware limitation of the Deco OpenVPN server.

With the current implementation, usable LAN access and usable internet access over VPN are both not possible.

 

Is this a known limitation, or is there a way to configure DNS and subnet behavior?

 

  1      
 
  1      
 
#1
Options
2 Reply
Re:OpenVPN server on Deco X75 Pro - DNS server wrong
Yesterday

  @JoranV 

Hi, welcome to the community.

The gateway for the VPN tunnel should be 192.168.2.1. In a "routed" network tunnel setup, the VPN creates a virtual point-to-point link. The server usually takes the first address in the client pool (192.168.2.1) to act as the "virtual gateway" for all connected clients. The iPhone sends traffic to 192.168.2.1, and the OpenVPN server routes that traffic into the 192.168.1.0/24 LAN.

 

Here is some advice for your reference:

  • Please make sure the IPV4 address on the Deco App>More>Internet Connection is the same as your external IP address here:https://whatismyipaddress.com/
  • Change the LAN DNS to be 8.8.8.8/8.8.4.4 under Deco App>More>Advanced>DHCP server> Primary/Secondary DNS servers

(After that, you can restart the Deco and export the VPN Client config file again to test the VPN connection on the iPhone.)

PS. You can also open your .ovpn file with a text editor and add the following lines, typically before the <ca> block

dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4

 

Thank you very much.

Best regards.

 

Check What's Currently Going on With DecoDeco Wi-Fi Heatmap ready for Test!
  0  
  0  
#2
Options
Re:OpenVPN server on Deco X75 Pro - DNS server wrong
23 hours ago

Hi @David-TP ,

 

Thank you for your reply.

 

I have verified point 1 and can confirm that the IPv4 address shown in the Deco App matches my public/external IP, so this is not the issue.

 

Regarding point 2, I have already configured the LAN DNS servers under Deco App > More > Advanced > DHCP Server to 8.8.8.8 and 8.8.4.4, rebooted the Deco, and exported a new VPN client configuration. DNS options are also pushed correctly to the iOS OpenVPN client, as shown in the log below, where the client receives both 192.168.2.1 and 8.8.8.8.

 

The VPN tunnel establishes successfully, but there is no LAN or internet access. This appears to be because traffic sent to the virtual VPN gateway 192.168.2.1 is not being routed/NATed by the Deco OpenVPN server to the LAN (192.168.1.0/24) or to the WAN.

 

Full OpenVPN client log (public IPs anonymized):

Feb 14, 2026, 07:10:13 EVENT: RECONNECTING
Feb 14, 2026, 07:10:13 EVENT: RESOLVE
Feb 14, 2026, 07:10:14 Contacting x.x.x.x:1194 via UDP
Feb 14, 2026, 07:10:14 EVENT: WAIT
Feb 14, 2026, 07:10:14 Connecting to vpn-server:1194 via UDP
Feb 14, 2026, 07:10:14 EVENT: CONNECTING
Feb 14, 2026, 07:10:14 Tunnel Options: V4, dev-type tun, link-mtu 1558, tun-mtu 1500, proto UDPv4, comp-lzo, cipher AES-128-CBC, auth SHA1, keysize 128, key-method 2, tls-client
Feb 14, 2026, 07:10:14 Creds: UsernameEmpty/PasswordEmpty
Feb 14, 2026, 07:10:14 Sending Peer Info:
    IV_VER=masked
    IV_PLAT=ios
    IV_NCP=masked
    IV_TCPNL=masked
    IV_PROTO=masked
    IV_MTU=masked
    IV_LZO=masked
    IV_AUTO_SESS=masked
    IV_GUI_VER=masked
    IV_SSO=masked

Feb 14, 2026, 07:10:14 SSL Handshake: peer certificate: CN=server, cipher: AES256 TLSv1.2
Feb 14, 2026, 07:10:14 Session is ACTIVE
Feb 14, 2026, 07:10:14 EVENT: GET_CONFIG
Feb 14, 2026, 07:10:14 Sending PUSH_REQUEST to server...

Feb 14, 2026, 07:10:14 OPTIONS:
  route 0.0.0.0 0.0.0.0
  redirect-gateway def1
  route 192.168.1.0 255.255.255.0
  route 192.168.2.0 255.255.255.0
  dhcp-option DNS 192.168.2.1
  dhcp-option DNS 8.8.8.8
  route 192.168.2.0 255.255.255.0
  topology net30
  ping 10
  ping-restart 120
  ifconfig 192.168.2.6 192.168.2.5
  peer-id 1
  cipher AES-256-GCM

Feb 14, 2026, 07:10:14 EVENT: ASSIGN_IP
Feb 14, 2026, 07:10:14 NIP: adding DNS 192.168.2.1
Feb 14, 2026, 07:10:14 NIP: adding DNS 8.8.8.8
Feb 14, 2026, 07:10:14 EVENT: CONNECTED vpn-server:1194 via UDP

  0  
  0  
#3
Options

Information

Helpful: 1

Views: 56

Replies: 2

Tags

VPN
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.