@muss3000 Have you learnbed anything further about this firmware revision? One of my AX11000 is operating remotely and I do not want to risk a failure. I have heard reports that this revision is buggy but nothing confirmed, 

I am running 1.1.1 Build 20200716 and have not experienced any difficuties.

  @muss3000 

It has been my experiance, particularly with TP-Link devices, that any firmware updates that address documented security vulerabilities, would be noted in the changelog.  The update in question likely addresses reported issues with connection stability.  I agree, I would like to know a little more specifics on what instabiliteis they are referring to.

@RobT - This is a response to your question on my experience

@Kevin_Z - This contains my experiences plus suggestions you may find of some benefit to future changes.

I upgrade only a matter of weeks ago to the beta version. My experienced initially were mixed particularly configuring my devices over vpn. I will list out the pros/cons of my experience so far.

The pros

• I found that my router was stable in that I can access the router configuration along with no internet drop outs without ever needing to hard reset it by stopping/starting the power. I do configure it to restart daily via the admin console so I have never tested it over a long period of uptime.
• I found the other features on the device, particular the configured security (ie mac binding, blacklist/whitelist, etc...) were not impacted by the upgrade.
• Once the device is recognised as a vpn client device list then it has never fallen back to the ISP wan ip address so far.

The cons

• I used my router as a vpn client and vpn server at the same time. If I have it configured this way, when I connect to my network externally via vpn then I seem to have to connect on the ISP ip address. I find you cannot connect using the assigned client vpn ip address to the wan on the router. When I am connected externally I do not see my vpn connected device on the client vpn device list. Therefore clients that connect to your vpn server from external cannot make use of the routers vpn client feature to access the wan under the connected vpn. It will use your ISP assigned ip address and not your vpn assigned ip address. This is a big limitation I have argued previously where I was told that vpn clients are not considered to be "part of your lan" (ie you can't whitelist/blacklist a vpn connected client) despite them having full access to your lan resources.
• When I first enabled it I put all my connected devices on the vpn client device list and none of them initially recognised the vpn ip address despite it being enabled and connected. When I went through and put a select list of connected devices it worked. I am not sure if there is a limitation on the number of devices you can have but it would be good. I have not tried to do a full list since so it might of just been a one off.
• These days alot of vpn providers provide a feature to kill internet access in case the vpn drops out to prevent unwanted traffic leaking over the ISP wan ip. There is no such feature on the router vpn client screen so I can only guess if the vpn drops out, your traffic will automatically route through your ISP ip address. Perhaps this limitation can be addressed in a future feature.
• If you add a device, you need to go in and manually add it. It would be good to have a "all devices" option for those of use who are lazy. This feature would be in addition to the manual list add so new devices can be automatically included. Again another possible future feature.
• I have had issues adding and removing using the config page on my android phone. I think the mobile interface is a bit more fiddly.

The limitations that I would like to see reviewed

• Allow clients connecting from externally to your lan also be added to the vpn client list for external wan use. ie <external device> connects to -> router vpn server -> routes traffic through to vpn client ip.
• Add a feature in the vpn client list to allow for "all devices" to be added so if any new devices get added that manual configuration is not always required unless of course that is your preference.
• Add a kill wan access/always on feature so that when vpn disconnects, your wan traffic is blocked until your vpn connectivity is remedied
• Provide better error messaging when you fail to add/remove vpn clients. I think from memory it is "Operation failed" which tells me very little as to why making me spend alot of time to diagnose issues which can be difficult when you are stuck using a phone web interface.

I know that just recently in the last few days, there is an officially supported release version announced containing the vpn client feature but so far this has appeared when I click on "check for firmware". I did post a comment asking why which can be found at: -

https://community.tp-link.com/en/home/forum/topic/272492?replyId=1124306

Anyway I hope this was of some value and let me know if you have any other questions or want clarity on what I wrote.