ER8411 VPN Client broken
So i have had the new ER8411 for a few days and most things seem to be working ok except a big one is the lack of vpn. Controller will allow you to create a new vpn and configure and even save but it never comes online and the vpn client section in insights is blank.
I assume this is one of many things broken in early firmware for this router but are there any ideas on a time scale for fixes as i have seen someone else report the issue in forum too ?
Hardware will have to be returned if the software is not going to be fixed.
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @MR.S
I'll get one on my PC and test it out next week with ER8411 or any of Omada routers. Seem that only works on Linux.
- Copy Link
- Report Inappropriate Content
If you need me to test the IPsec, let me know. I'll do it next week.
Well I do a new test to se one more time and When downgrade to ER8411v1_un_1.1.1_20231030 the problem went back immediately
same as mention in this post.
https://community.tp-link.com/en/business/forum/topic/636166?replyId=1273676
https://community.tp-link.com/en/business/forum/topic/636166?replyId=1274202
upgraded to ER8411v1_un_1.1.1_20231120 and IPsec problem is solved.
feel free to do a test. I'm afraid that this error will be included in the official update if no one at TP-Link detects this error.
- Copy Link
- Report Inappropriate Content
Thank you @Clive_A , not sure how I managed to mention the wrong person, I clicked "Reply" but apologies.
Looking at the follow up discussion since your post, the problem remains the same:
- OpenVPN to other Omada devices functions as normal.
- OpenVPN UDP to third party hardware appears to form the tunnel but fails to pass traffic.
- OpenVPN TCP to third party hardware functions, but very slowly (I have 950Mbps internet and achieve about 40Mbps throughput to put some numbers to this).
I have made a connection to the third party directly from my laptop, using the same public internet transport and 4G backup, and even tethering from a phone and reached much higher speeds. The full line speed was achieved in the case of the public internet transport (primary WAN). This indicates the problem is very much the TP-Link end.
I have not tried the ER8411 in stand alone mode as you showed in your screenshots. Mine is controlled via a virtualised Omada controller hosted on a Proxmox cluster. I have no reason to suspect the Omada controller and it's platform are at fault here. The controller version is 5.13.22.
I will try using the 1.1.1 BETA firmware but reports from other users suggest this is not a fix.
- Copy Link
- Report Inappropriate Content
about the same as I experience, and 40 mbps is also pretty much a non-working vpn when the specs are 4421.1 Mbps
I have 25Mbps on the most on my ER8411 when ER8411 is OpenVPN Client (Same client file on my computer get 100-120Mbps)
I really hope TP-Link takes this seriously and fixes this problem that I have been dealing with for over a year now.
- Copy Link
- Report Inappropriate Content
@MR.S I am with you. This is a deal breaker for me, I cannot use this product for its intended purpose and it fails to meet the specifications advertised. I will be refunding for now, but I may return to Omada in the future.
As an update for you all in case anyone comes across this later: I tried the v1.1.1 BETA firmware, no change at all. OpenVPN forms tunnels, but when using UDP to third party endpoints traffic fails to route. TCP routes but is very slow (it actually got slower, about 30Mbps).
I will keep an eye on this thread and @Clive_A if you have any luck testing during or after the holidays l would be interested to hear the results. If I still have my device I'll be happy to try a few tests and see if I can copy your results.
- Copy Link
- Report Inappropriate Content
I install a OpenVPN server to test more with UDP,
Server is installed with old compatibility to support TP-Link router. (Older than ver 2.4)
I won't take this server down for a while if there is anything I can test
part of client file
client
dev tun
proto udp
remote my.lab.test 11194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name Pi4-LAB_fcba0b56-7ca8-40fc-8778-7a8239121e60 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
I do test with ER8411 and ER706W, as you se both connect but only ER706W forward trafic.. absolut no trafic from ER8411
- Copy Link
- Report Inappropriate Content
Hi @MR.S
Thanks for posting in our business forum.
MR.S wrote
I install a OpenVPN server to test more with UDP,
Server is installed with old compatibility to support TP-Link router. (Older than ver 2.4)
I won't take this server down for a while if there is anything I can test
part of client file
client
dev tun
proto udp
remote my.lab.test 11194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name Pi4-LAB_fcba0b56-7ca8-40fc-8778-7a8239121e60 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
I do test with ER8411 and ER706W, as you se both connect but only ER706W forward trafic.. absolut no trafic from ER8411
I spent some my spare time to set up the pivpn on the Ubuntu Linux but it does not seem to be possible to connect it in the local network(192.168.2.1/24) where my test lab is. I don't have a public IP to test.
So the connection does not even make. I did some research on the pivpn FAQ and changed the server IP from my public(it auto detects) to the private IP. It does not work either, doesn't start a connection.
I'll be setting up a pfsense to my VM and will test the OVPN on pfsense as the server. I will pick an ASUS and flash it with the Merlin next month. I am kinda busy this month and don't have time for other stuff.
- Copy Link
- Report Inappropriate Content
Ok thanks for trying, if router dont connect at al you have probalby installed the OpenVPN server as ver.2.4 or newer. ther is a choice when install to change the defults and install in compatubility mode for 2.4 or older. I dont remember now where in installation this was, but in the box there is writen somthing like that, if you dont want to change xxxxxx press yes otherwise press no.. so press no and more choic come up.
then make openvpn config with no user or nopassword with this command
pivpn -a nopass
to do it compatble with TP-Link
pivpn have no user only password so pivpn -a nopass that is the only option that work..
- Copy Link
- Report Inappropriate Content
Hi @MR.S
MR.S wrote
Ok thanks for trying, if router dont connect at al you have probalby installed the OpenVPN server as ver.2.4 or newer. ther is a choice when install to change the defults and install in compatubility mode for 2.4 or older. I dont remember now where in installation this was, but in the box there is writen somthing like that, if you dont want to change xxxxxx press yes otherwise press no.. so press no and more choic come up.
then make openvpn config with no user or nopassword with this command
pivpn -a nopass
to do it compatble with TP-Link
pivpn have no user only password so pivpn -a nopass that is the only option that work..
I still cannot make a connection. It's time-consuming and I'll let it go and pass it to the test team.
- Copy Link
- Report Inappropriate Content
@MR.S Also confirming that OpenVPN is broken on 8411. It does work really slowly in TCP mode. I have tested my 8411 as a Client connecting to a 3rd party VPN provider.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 7364
Replies: 66