Failed OpenVPN Server on AX11000 router

Does OpenVPN Server on the AX11000 work?
An external VPN device behind the router does. I am unable to configure OpenVPN server on the router to work on a MS Windows or Ubuntu Linux client. The instructions in the User manual https://www.tp-link.com/us/user-guides/archer-ax11000_v1/chapter-11-vpn-server are incomplete. A post in the forum https://www.tp-link.com/ca/support/faq/3317/ indicated a change was needed in the configuration file. I branched out to using this procedure https://community.tp-link.com/en/home/forum/topic/653446 still no success.
I have tried numerous configuration changes and took the network down as the router was rebooted with no success.
I have tried different OpenVPN clients. The client on a MS WIndows PC worked with one OpenVPN device behind this router but will not work direct connect to the router.
Does OpenVPN server work on my hardware and firmware version?
If yes, can you share the configuration required?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content

Hi @colporteur,
It seems that you have referred to this thread to do troubleshooting.
Is the router's WAN IP a public IP? Refer to the following information for judgment:
1) Private IPv4 addresses have the following class configurations:
Class A IP addresses: from 10.0.0.0 to 10.255.255.255
Class B IP addresses: from 172.16.0.0 to 172.31.255.255
Class C IP addresses: from 192.168.0.0 to 192.168.255.255
2) Apart from the private IP addresses in the above 3 classes, there is another range of IP addresses, which looks like public IP address, but Carrier Grade NAT (CGNAT) address. They are from 100.64.0.0 to 100.127.255.255, which are usually not real public IP address either.
3) Or you could also google your public IP address on a client device connected to the Router, then compare it with the Router WAN IP address. If they are the same, it means the Router WAN IP is a real public IP address, if not, it means it is private IP address or the CGNAT address.
For OpenVPN, you could refer to this guide: How do I troubleshoot if the OpenVPN is not connecting
If the above steps still cannot solve the problem, please provide the following information for further troubleshooting:
1. Model no., hardware and firmware version of your TP-Link router, model no. of the VPN client device
2. Your specific network topology and what you want to achieve via VPN
3. The current problem phenomenon
4. The .ovpn file for OpenVPN, and screenshots of all VPN Settings
5. Log file of the VPN client if you have
You can email support.forum@tp-link.com, attaching Forum ID 762126 and details, and we will have a dedicated person to assist in analysis and follow-up.
- Copy Link
- Report Inappropriate Content

Hi @colporteur,
It seems that you have referred to this thread to do troubleshooting.
Is the router's WAN IP a public IP? Refer to the following information for judgment:
1) Private IPv4 addresses have the following class configurations:
Class A IP addresses: from 10.0.0.0 to 10.255.255.255
Class B IP addresses: from 172.16.0.0 to 172.31.255.255
Class C IP addresses: from 192.168.0.0 to 192.168.255.255
2) Apart from the private IP addresses in the above 3 classes, there is another range of IP addresses, which looks like public IP address, but Carrier Grade NAT (CGNAT) address. They are from 100.64.0.0 to 100.127.255.255, which are usually not real public IP address either.
3) Or you could also google your public IP address on a client device connected to the Router, then compare it with the Router WAN IP address. If they are the same, it means the Router WAN IP is a real public IP address, if not, it means it is private IP address or the CGNAT address.
For OpenVPN, you could refer to this guide: How do I troubleshoot if the OpenVPN is not connecting
If the above steps still cannot solve the problem, please provide the following information for further troubleshooting:
1. Model no., hardware and firmware version of your TP-Link router, model no. of the VPN client device
2. Your specific network topology and what you want to achieve via VPN
3. The current problem phenomenon
4. The .ovpn file for OpenVPN, and screenshots of all VPN Settings
5. Log file of the VPN client if you have
You can email support.forum@tp-link.com, attaching Forum ID 762126 and details, and we will have a dedicated person to assist in analysis and follow-up.
- Copy Link
- Report Inappropriate Content
@Joseph-TP Thank you for the response
The OpenVPN Server is the scenario I attempted to describe. The scenario can be found here: https://community.tp-link.com/en/home/forum/topic/648406
Funny, the hardware and firmware versions questions I answered to establish the post but it didn't get included in the message. Here it is again.
Firmware Version | 1.3.4 Build 20230906 rel.74809(5553) |
Hardware Version | Archer AX11000 v1.0 |
top lines of config file generated on AX11000 OpenVPN server
client
dev tun
proto udp
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote <dynamic DNS entry> 1194
///below this are the certs are in the original client file///
I wanted to confirm my understanding of the operation of a VPN server so I did some testing. I place a VPN server device in the private network side of the AX11000 and setup port forwarding from the public side. When I OpenVPN client to the public facing IP of the router, port forwarding connected me to the VPN server behind the router. I believe I understand the nuances of OpenVPN Server and client. I just can't get the AX11000 to work as an OpenVPN server.
The above test gives me confidence I have an OpenVPN client that works. It doesn't work when I pull in the config file generated from the AX11000 router.
- Copy Link
- Report Inappropriate Content

Information
Helpful: 0
Views: 111
Replies: 2
Voters 0
No one has voted for it yet.