ER8411 VPN Client broken

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER8411 VPN Client broken

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
66 Reply
Re:ER8411 VPN Client broken
2023-12-22 07:57:41

Hi @MR.S 

I'll get one on my PC and test it out next week with ER8411 or any of Omada routers. Seem that only works on Linux.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#32
Options
Re:ER8411 VPN Client broken
2023-12-22 10:15:47

 

 

 

If you need me to test the IPsec, let me know. I'll do it next week.

  @Clive_A 

 

Well I do a new test to se one more time and When downgrade to ER8411v1_un_1.1.1_20231030 the problem went back immediately

same as mention in this post.

 

https://community.tp-link.com/en/business/forum/topic/636166?replyId=1273676

https://community.tp-link.com/en/business/forum/topic/636166?replyId=1274202

 

upgraded to ER8411v1_un_1.1.1_20231120 and IPsec problem is solved.
 

 

feel free to do a test. I'm afraid that this error will be included in the official update if no one at TP-Link detects this error.

 

  0  
  0  
#33
Options
Re:ER8411 VPN Client broken
2023-12-22 14:28:04 - last edited 2023-12-22 14:29:08

Thank you @Clive_A , not sure how I managed to mention the wrong person, I clicked "Reply" but apologies.

 

Looking at the follow up discussion since your post, the problem remains the same:

- OpenVPN to other Omada devices functions as normal.

- OpenVPN UDP to third party hardware appears to form the tunnel but fails to pass traffic.

- OpenVPN TCP to third party hardware functions, but very slowly (I have 950Mbps internet and achieve about 40Mbps throughput to put some numbers to this).

 

I have made a connection to the third party directly from my laptop, using the same public internet transport and 4G backup, and even tethering from a phone and reached much higher speeds. The full line speed was achieved in the case of the public internet transport (primary WAN). This indicates the problem is very much the TP-Link end.

 

I have not tried the ER8411 in stand alone mode as you showed in your screenshots. Mine is controlled via a virtualised Omada controller hosted on a Proxmox cluster. I have no reason to suspect the Omada controller and it's platform are at fault here. The controller version is 5.13.22.

 

I will try using the 1.1.1 BETA firmware but reports from other users suggest this is not a fix.

  2  
  2  
#34
Options
Re:ER8411 VPN Client broken
2023-12-23 11:14:00

  @Luke538 

 

about the same as I experience, and 40 mbps is also pretty much a non-working vpn when the specs are 4421.1 Mbps

I have 25Mbps on the most on my ER8411 when ER8411 is OpenVPN Client (Same client file on my computer get 100-120Mbps) 

 

 

 

I really hope TP-Link takes this seriously and fixes this problem that I have been dealing with for over a year now.

 

 

 

 

  1  
  1  
#35
Options
Re:ER8411 VPN Client broken
2023-12-23 11:42:15

@MR.S I am with you. This is a deal breaker for me, I cannot use this product for its intended purpose and it fails to meet the specifications advertised. I will be refunding for now, but I may return to Omada in the future.

 

As an update for you all in case anyone comes across this later: I tried the v1.1.1 BETA firmware, no change at all. OpenVPN forms tunnels, but when using UDP to third party endpoints traffic fails to route. TCP routes but is very slow (it actually got slower, about 30Mbps).

 

I will keep an eye on this thread and @Clive_A if you have any luck testing during or after the holidays l would be interested to hear the results. If I still have my device I'll be happy to try a few tests and see if I can copy your results.

  0  
  0  
#36
Options
Re:ER8411 VPN Client broken
2023-12-23 14:43:11 - last edited 2023-12-23 14:49:43

  @Clive_A 

 

I install a OpenVPN server to test more with UDP, 

Server is installed with old compatibility to support TP-Link router. (Older than ver 2.4)

 

I won't take this server down for a while if there is anything I can test

 

part of client file

client
dev tun
proto udp
remote my.lab.test 11194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name Pi4-LAB_fcba0b56-7ca8-40fc-8778-7a8239121e60 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----

 

I do test with ER8411 and ER706W, as you se both connect but only ER706W forward trafic.. absolut no trafic from ER8411
 

 

 

  0  
  0  
#37
Options
Re:ER8411 VPN Client broken
2023-12-26 09:55:13

Hi @MR.S 

Thanks for posting in our business forum.

MR.S wrote

  @Clive_A 

 

I install a OpenVPN server to test more with UDP, 

Server is installed with old compatibility to support TP-Link router. (Older than ver 2.4)

 

I won't take this server down for a while if there is anything I can test

 

part of client file

client
dev tun
proto udp
remote my.lab.test 11194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name Pi4-LAB_fcba0b56-7ca8-40fc-8778-7a8239121e60 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----

 

I do test with ER8411 and ER706W, as you se both connect but only ER706W forward trafic.. absolut no trafic from ER8411
 

 

 

I spent some my spare time to set up the pivpn on the Ubuntu Linux but it does not seem to be possible to connect it in the local network(192.168.2.1/24) where my test lab is. I don't have a public IP to test.

So the connection does not even make. I did some research on the pivpn FAQ and changed the server IP from my public(it auto detects) to the private IP. It does not work either, doesn't start a connection.

 

I'll be setting up a pfsense to my VM and will test the OVPN on pfsense as the server. I will pick an ASUS and flash it with the Merlin next month. I am kinda busy this month and don't have time for other stuff.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#38
Options
Re:ER8411 VPN Client broken
2023-12-26 10:19:53

  @Clive_A 

 

Ok thanks for trying, if router dont connect at al you have probalby installed the OpenVPN server as ver.2.4 or newer. ther is a choice when install to change the defults and install in compatubility mode for 2.4 or older. I dont remember now where in installation this was, but in the box there is writen somthing like that, if you dont want to change xxxxxx press yes otherwise press no.. so press no and more choic come up.

 

then make openvpn config with no user or nopassword with this command

pivpn -a nopass 

to do it compatble with TP-Link 

pivpn have no user only password so pivpn -a nopass that is the only option that work..

 

 

 

  0  
  0  
#39
Options
Re:ER8411 VPN Client broken
2024-01-04 07:51:04

Hi @MR.S

MR.S wrote

  @Clive_A 

 

Ok thanks for trying, if router dont connect at al you have probalby installed the OpenVPN server as ver.2.4 or newer. ther is a choice when install to change the defults and install in compatubility mode for 2.4 or older. I dont remember now where in installation this was, but in the box there is writen somthing like that, if you dont want to change xxxxxx press yes otherwise press no.. so press no and more choic come up.

 

then make openvpn config with no user or nopassword with this command

pivpn -a nopass 

to do it compatble with TP-Link 

pivpn have no user only password so pivpn -a nopass that is the only option that work..

 

 

 

I still cannot make a connection. It's time-consuming and I'll let it go and pass it to the test team.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#40
Options
Re:ER8411 VPN Client broken
2024-02-21 04:26:16

  @MR.S Also confirming that OpenVPN is broken on 8411. It does work really slowly in TCP mode. I have tested my 8411 as a Client connecting to a 3rd party VPN provider.

  0  
  0  
#41
Options