Home Network Community > Deco > Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
< Deco

New Release Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU

123

New Release Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU

New ReleaseDeco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-09 19:48:26 - last edited 2023-05-15 19:33:19
Tags: #Firmware Update #Official
Model: Deco X55   Deco X50  
Hardware Version: V1
Firmware Version:

Hey Everyone!

 

We are excited to announce that the official firmware version 1.2.0 for the Deco X50 and X55 V1 was released last week. Many of our community's most anticipated features were added in this update, such as VPN server/client configuration, MTU customization, IoT networking, and Static Routing Options.

 

 

Please Update through the Deco App or Web Interface, or Download the Official Firmware From Your Product's Download Page

 

Deco X50 Firmware Downloads

Deco X55 Firmware Downloads

 

FAQ: How to Update a Deco's Firmware

 

Release Notes:

 

New Features:

 

1. Support for VPN Server Features, Including OpenVPN. PPTP VPN, and L2TP/IPsec VPNs

2. Support for VPN Client Features, Including OpenVPN. PPTP VPN, and L2TP/IPsec VPNs

 

4db7e089038341f5b53fb51255704c18

 

3. Support for Static Routing (Deco App > Advanced)

 

3ab34ff44e47470cace49281d0457ed4

 

4. Added the ability to customize the MTU size (Deco App > More > Internet Connection > Internet Connection Type)

 

a0915dfa04aa4dcba9c18de7e92faa5b

 

5. Added IoT Network Function

 

66155bea6eb94a8bbe4ad17d2b1662e9

 

 

* The following features(6-12) are also supported:

6. Added Reboot Schedule for every day/week under Deco App > More > Reboot Schedule.
7. Added support for customizing Satellite Deco Signal Source under Deco App > Internet > Select the Satellite Deco > Signal Source.
8. Added support for customizing clients' Connection Preference under Deco App > CLIENTS > Select the client > Click the gear icon on the right-up corner > Connection Preference.
9. Added No-IP and DynDNS to the DDNS settings under Deco App > More > Advanced > DDNS.
10. Added Smart DHCP on/off switch in Access Point mode under Deco App > More > Advanced > Smart DHCP.
11. Added a prompt notification when the Ethernet link rate goes down to 100Mbps.
12. Added schedule and bandwidth limit to guest network under Deco App > More > Wi-Fi > Guest Network.

 

Improvements:


1. Optimized the MAC Clone function.
2. Improved system reliability and security.

 

Note:

1. The Advanced features need to be configured on the Deco APP, and please make sure your Deco APP is up to date.
2. Some new features would not be available when the router is working in Access Point mode.
3. The firmware downgrade needs to be performed by firmware recovery. >>How to use firmware recovery on Deco

4. Some Features may require every node on the network to be compatible with a feature. If a feature does not appear, please wait for an update adding support to the other deco models on your network.

 

 

Please feel free to comment below if there is any question about the new firmware.

Check out the Latest: Getting Started with EasyMesh and TP-Link New Tablet Mode for the Tapo App Comparing the Latest Tapo Doorbells
  0      
 
  0      
 
#1
Options
22 Reply
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-10 14:33:57

  @Riley_S On prev tp-link wifi routers, the VPN process created a config to import into OpenVPN. Although I have upgraded the firmware, and have the VPN function on my X55 system, there's only mobile app access (VPN not listed as an option in the web portal) and the process doesn't appear to 'save' a config, or create a certificate. How then do I config OpenVPN to work with the VPN?

 

Also, the process wants to use the main router DDNS or DN created... What if I only want to use the VPN function for a specific internal IP, ie. a Virtual Machine?

 

Please advise.

  1  
  1  
#2
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-10 17:42:09

  @cableghost,

I talked with our product testing team, and they showed me that after setting up a connection, there should be an option to export the configuration file. Make sure that you have updated your Deco app to the most recent version, as this is one of the newest features added to the Deco platform.

 

You will be able to find the option to export a config file by tapping on the name of the setup connection and scrolling to the bottom of that page.

Check out the Latest: Getting Started with EasyMesh and TP-Link New Tablet Mode for the Tapo App Comparing the Latest Tapo Doorbells
  0  
  0  
#3
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-10 22:26:44

  @Riley_S 

As you may know, I have messaged with TP-Link Support separately about this, but I simply do not understand why the new IoT network feature on the Deco X55 does not isolate devices on that IoT WiFi network from devices on the main network. In our home we have over 30 TP-Link Kasa smarthome devices, plus about 10 Wyze cameras, and I want those IoT devices completely isolated from my computers, printers, and NAS devices.  Given the possiblity of hacks or bugs in any IoT device, they absolutely need to be isolated on their own network. Steve Gibson on the Security Now podcast has spoken about this issue for years, and it is mystery to me why the major router vendors haven't addressed this issue.

 

So I was very excited when I first saw this feature in the new firmware but then stunned and disappointed when it didn't work right. From everything I have read and heard, isolation is the well-understood and desired (and only?) definition of having an IoT network, yet the new IoT network feature you just added does not isolate! The answer I got from support made no sense to me, something about customers needing to "control back-end IoT devices via smart gateway" -- what does that even mean?? TP-Link sells wonderful Kasa devices, which simply connect via WiFi; there is no "smart gateway" involved, other than a WiFi router.

 

I love TP-Link products and I am very delighted that you are updating firmware and adding features, but please get this one right!

 

Thanks

 

  0  
  0  
#4
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-10 23:37:38 - last edited 2023-03-11 14:48:34

  @Riley_S In the app, there's nothing to click on after setting up the VPN.

 

What about tunneling the VPN server for only certain IP addresses? Doesn't seem it's possible to use with only a main DDNS?

  0  
  0  
#5
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-11 00:48:37

  @dwhiting56,

I have already passed this concern to our team as soon as I found out it did not isolate. Hopefully, we will hear back from the developers about whether or not the Decos are capable of this or if they can be updated later to support isolation. 

 

The response that you were given by support is mainly related to Voice Assistants and Local Control of devices. For example, issues will arise if using a Google Hub on your main network, with your IoT devices connected to the IoT network, as the hub cannot see the devices. You would think that the fix for this is to move the hub over to your IoT network, but this would mean that you would not be able to cast to the hub from your phone. With Matter becoming mainstream, the controllers will mostly be on your main network, meaning that it will be impossible to establish a matter network if the devices were isolated from the network of the controller.

 

If you take Kasa devices, like a camera, you would still be able to connect to the device via cloud, but your phone would not be able to communicate locally with the device. For cameras, this is more important as the only way to have an uninterrupted camera stream to your device is to stream the video locally; cloud viewing has a prompt after 10 minutes. For plugs and lights, this just means that your phone will not be able to communicate with the device on the network, and would need to send the command via the Cloud connection.

 

It is also worth noting that the HomeShield service provides IoT device protection, meaning the service will detect any unusual or malicious activity from a device and automatically block the connection. I know that IoT isolation is important in many situations, but for most users, the protections granted by HomeShield will protect their devices and networks. I will provide an update to everyone if we receive any information about the feature. IoT networking is still just rolling out and there may be changes made later to the feature.

Check out the Latest: Getting Started with EasyMesh and TP-Link New Tablet Mode for the Tapo App Comparing the Latest Tapo Doorbells
  0  
  0  
#6
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-11 01:41:50

  @Riley_S

Thanks. But the simple solution for all the things you mentioned is simply to put everything (IoT devices included) on the main network. Having an IoT network which is identical in every way and with full access to/from the main network is no different from just putting the IoT devices on the main network. I don't see the point at all, other than perhaps being able to say "I have an IoT network". What is the benefit, compared to just putting everything on the main network?? Maybe I'm missing something.

 

In any case, having isolation as a user-selectable option (you could default it to "off") on the IoT network doesn't hurt anybody who likes your current solution, but it helps a lot of us who bought a bunch of IoT devices and are worried about security. There's an old joke: "the 'S' in IoT is for security"; the fact that there is no 'S' in IoT is exactly the point -- there is no security in IoT. Your current IoT network does absolutely nothing to address that concern.

 

  0  
  0  
#7
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-13 17:38:03

  @dwhiting56,

However, we were able to find that in the previous update to Deco, there is a device isolation feature located below the options on the Security Tab of the Deco app. While devices will need to be added one by one to enjoy the device isolation feature for now, this will also allow you to limit your devices from seeing others on the network. Please keep in mind that isolating specific devices may cause issues with how they connect and communicate with both your phone and any matter controllers on the network.

 

ce7b625d7dbb46c2ba8cd264454a9b9c 77c2dc4a0cd74146ad293255e36dbc16 c790e0307115407096fbcfb46d2e69d6

 

I did hear back that our community's request to add a toggle for device isolation has been forwarded to the correct team, and we may be able to hear something soon.

Check out the Latest: Getting Started with EasyMesh and TP-Link New Tablet Mode for the Tapo App Comparing the Latest Tapo Doorbells
  0  
  0  
#8
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-13 17:52:00

  @Riley_S 

OK, thanks! I will look that over.

 

So is this new IoT network feature a Matter controller? That might make a lot of sense actually, though of couse the isolation option is still a good idea for a future feature.

  0  
  0  
#9
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-13 18:53:37 - last edited 2023-03-13 20:24:01

  @dwhiting56,

I believe that the IoT network on Deco is being built to accommodate the Matter Protocol to give the best experience possible. At CES, it was announced that the newest Decos would ship with Matter Compatability and be able to operate as a matter controller for your network. The newest Decos are just about to be released, so we will soon see how the matter integration will work, and if the IoT network will be specific for the Matter Protocol.

 

We appreciate all the feedback on the feature and are working to forward these requests as quickly as possible to our teams.

Check out the Latest: Getting Started with EasyMesh and TP-Link New Tablet Mode for the Tapo App Comparing the Latest Tapo Doorbells
  0  
  0  
#10
Options
Re:Deco X50/X55 V1 1.2.0 with VPN/Static Route/MTU
2023-03-13 21:51:22

  @Riley_S 

OK. It will be interesting to see how this all plays out.

 

FWIW, here's my generalization that you might want to have your product folks think about:

 

I see no reason why a WiFi router shouldn't have multiple SSIDs (4? 8?), each with the following two configuration choices:

  • isolate this SSID's devices from the main network
  • isolate this SSID's devices from each other

 

If you think about it, the typical Guest network has these choices both set to "isolate", while my desired IoT network would be configured to isolate from the main network but not from each other. This way the user could select the configuration he wants, and the Guest network just becomes a particular setting of the generation configuration options. A old D-Link router (DIR-655, iirc) had these options for its Guest network. The router could pre-configure the Guest network to work as usual. This gives the user a lot of flexiblity in configuring his network, and it would set your router apart from your competitors. There is no extra hardware cost, and the software overhead is fairly small.

 

Just a thought...

Thanks

 

 

  2  
  2  
#11
Options
123

Information

Helpful: 0

Views: 4845

Replies: 22

Tags

Firmware Update Official
Related Articles
Deco X50/X55_V1.26-1.4.5 Supports EasyMesh, Wireguard VPN and Fixed WAN Port
527 1
 Deco X55 VPN Not Working
149 0
 X55 1.2.0 Firmware, Unmanaged Switches
366 0
 Deco X50 - Outdoor - Released Now
4776 4
 PIA VPN on Deco X55
1823 0
 Deco X55 VPN Issues
558 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.