ER8411 - OpenVPN Client Certificate + Account not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ER8411 - OpenVPN Client Certificate + Account not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER8411 - OpenVPN Client Certificate + Account not working
ER8411 - OpenVPN Client Certificate + Account not working
2023-10-06 09:22:16
Tags: #VPN
Model: ER8411  
Hardware Version: V1
Firmware Version: 1.1.0 Build 20230705 Rel.64091

Hi,

 

yesterday I replaced my ER7206 by a ER8411 and realized that the OpenVPN Client-to-Site is no longer working although it is statet as introduced with firmware 1.1.0

 

The Insight shows, that it is connected, but I cannot connect to IP via VPN connection.

 

The Router is used in Controller Mode with Linux Controller 5.12.7.

 

I would be happy if someone could help me.

 

Regards,

Matthias

Omada Controller Linux 5.14.26.1 TL-SG2008 v3.0 - 3.0.9 EAP653(EU) v1.0 - 1.0.14 EAP650-Outdoor(EU)v1.0 - 1.1.4 EAP610-Outdoor(EU) v1.0 - 1.2.5 EAP615-Wall(EU) v1.0 - 1.2.4
  0      
  0      
#1
Options
15 Reply
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-06 12:34:25 - last edited 2023-10-06 12:36:56

  @MatthiasL22 

 

there is somthing with UDP on this router, try and configure OpenVPN server with TCP. for me this work, very slow and far away from the spec on this device.

 

OpenVPN is also very oudated, work only whit OpenVPN 2.4 or older. so connection to more modern system will not work from any TP-Link device.

 

 

 

 

  0  
  0  
#2
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-06 12:42:16

  @MR.S 

This is not true. My previous ER7206 was very well doing with OpenVPN core 3.

I read already the TCP stuff, which is not a solution for me, as the OpenVPN server is configured to not accept connection via TCP.

Omada Controller Linux 5.14.26.1 TL-SG2008 v3.0 - 3.0.9 EAP653(EU) v1.0 - 1.0.14 EAP650-Outdoor(EU)v1.0 - 1.1.4 EAP610-Outdoor(EU) v1.0 - 1.2.5 EAP615-Wall(EU) v1.0 - 1.2.4
  0  
  0  
#3
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-06 12:52:50

  @MatthiasL22 

I had to install a new OpenVPN server with TCP to get it to work, so I think this is the only option on ER8411. and the server was installed in 2.4 or older compatibility to get it to work.. all the other routers like ER605v2 ER707-M2 work with UDP but not ER8411

 

  0  
  0  
#4
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-06 13:06:52

  @MR.S 

Thanks for Feedback. Nevertheless, this would be a bad workaround. Not a solution.

I know that this topic is discussed in several threads here.

Omada Controller Linux 5.14.26.1 TL-SG2008 v3.0 - 3.0.9 EAP653(EU) v1.0 - 1.0.14 EAP650-Outdoor(EU)v1.0 - 1.1.4 EAP610-Outdoor(EU) v1.0 - 1.2.5 EAP615-Wall(EU) v1.0 - 1.2.4
  0  
  0  
#5
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-06 13:26:46

  @MatthiasL22 

 

yes I reported this to support for 11 month ago and regulary mention this on forum with @Fae and @Clive_A tagged but not mutch have happend. I also mention this for support in a e-mail and two weks ago and they ansver that this was fixed in firmware 1.1.0 so I dont think sombody is aware of the problem, @Fae anwer me that they hade more importen work to do than try fix ER8411, so I dont know.. almost a Year and still norhing happend.

  0  
  0  
#6
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-07 08:02:13

Hi @MatthiasL22 

Thanks for posting in our business forum.

So I am not gonna focus on what MR.S said until we try to fix the issue you have with the router.

In the original post, you said that you cannot access the IP, any luck that you can ping it?

In the Insight, you see the tunnel is up and running but the IP is not working. Can you verify that your setup is correct? Would love to see some pictures and verifications.

 

If you are facing the exact problem as MR.S, I can escalate your case for further analysis and require your cooperation. So for now, I'll focus on your issue.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#7
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-07 09:38:03

  @Clive_A 

Thanks for reply and I would appreciate escalation on that. 
Pictures of what do you need exactly?

 

Even a ping is not possible. 
I do not think that anything is configured wrong because with the same settings and er7206 everything was working. 
 

VPN is OpenVPN via UDP with certificate and account verification. 
 

regards,

Matthias

Omada Controller Linux 5.14.26.1 TL-SG2008 v3.0 - 3.0.9 EAP653(EU) v1.0 - 1.0.14 EAP650-Outdoor(EU)v1.0 - 1.1.4 EAP610-Outdoor(EU) v1.0 - 1.2.5 EAP615-Wall(EU) v1.0 - 1.2.4
  0  
  0  
#8
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-07 09:53:09

Hi @MatthiasL22 

Thanks for posting in our business forum.

MatthiasL22 wrote

  @Clive_A 

Thanks for reply and I would appreciate escalation on that. 
Pictures of what do you need exactly?

 

Even a ping is not possible. 
I do not think that anything is configured wrong because with the same settings and er7206 everything was working. 
 

VPN is OpenVPN via UDP with certificate and account verification. 
 

regards,

Matthias

Nothing else has been configured on the router and the tunnel shows up. Is this correct about your setup? Just one VPN entry?

ER8411 is hosting the server? What IP address did you ping? The gateway IP?

 

The escalation requires a basic understanding of your issue and setup.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#9
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-07 10:59:38

  @Clive_A 

I made some pictures. 
ER8411 is VPN client. 
hope it helps. 
I tried to ping not only the gateway IP but also other IPs which are known to be available via VPN

File:
photos.zipDownload
Omada Controller Linux 5.14.26.1 TL-SG2008 v3.0 - 3.0.9 EAP653(EU) v1.0 - 1.0.14 EAP650-Outdoor(EU)v1.0 - 1.1.4 EAP610-Outdoor(EU) v1.0 - 1.2.5 EAP615-Wall(EU) v1.0 - 1.2.4
  0  
  0  
#10
Options
Re:ER8411 - OpenVPN Client Certificate + Account not working
2023-10-08 01:52:12

Hi @MatthiasL22 

Thanks for posting in our business forum.

MatthiasL22 wrote

  @Clive_A 

I made some pictures. 
ER8411 is VPN client. 
hope it helps. 
I tried to ping not only the gateway IP but also other IPs which are known to be available via VPN

So you've tried the command prompt on the PC which is in VLAN 30 as well?

What if you use this exact profile on the phone with the OpenVPN app, does it connect well and work with the ping?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#11
Options