Open VPN - No routing
Hi guys,
I use the ER605 as router (not behind an ISP router) and I can establish an OpenVPN session. It is recognized at my android 14 device as well as within omada.
Unfortunately I can't access neither my local devices/servers nor the internet, when openVPN is activated on my mobile device.
I also see a strange info in the routing table: tun_server0
The open VPN Setup looks like this:
I'm also using NO-IP as dynDNS service. This also works fine.
Is this an omada or Android problem? With my previous phonesuch a setup worked as intended.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
when I read the log it look like the problem is tp-link, OpenVPN on tp-link is very outdated and problably full of security hole. this is from the log on my client, what this exactly meen I don know.
I'm not sure what that means, but I googled a bit here and it looks like tp-link uses an outdated command for compression that the client can't read
[jan. 28, 2024, 20:32:32] EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue.' trans=TO_DISCONNECTED
I think I find the problem.
in tp-link config there is a line like this
comp-lzo no
modify the config file so it look like this
comp-lzo
remove no at the end.
tested ok.
BUT!!!
this appears in the log after changes, so I dont know but it work now.
[jan. 28, 2024, 20:32:32] EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue.' trans=TO_DISCONNECTED
- Copy Link
- Report Inappropriate Content
I saw that message in logs as well. But didn't know how to overcome it. Good to know, thanks!
Guess OpenVPN creators won't be willing to change their approach so we have to wait for TP-LINK.
Is there any option to mention their support in here or something?
- Copy Link
- Report Inappropriate Content
Thank you all. Now I know at least I'm not the only one with this problem and it looks like tp-link is the cause for it.
Can we open an offical ticket for this issue? I'm not sure if tp-link is aware of this problem.
another question: Anyone tried wireguard instead? Is wireguard working with dynDNS like NO-IP?
- Copy Link
- Report Inappropriate Content
@MR.S I can confirm that I am seeing this in the logs:
[Jan 28, 2024, 14:47:29] EVENT:
COMPRESSION_ENABLED
info='Asymmetric compression enabled.
Server may send compressed data.
This may be a potential security issue.
trans=TO_DISCONNECTED
This is insecure, and unacceptable.
- Copy Link
- Report Inappropriate Content
@Pras71 ER605 V1 does not support Wiregaurd currently or I would be using that.
- Copy Link
- Report Inappropriate Content
Wire guard works with dyndns for sure. I did it a week ago with duckdns.
But I don't know if your router supports it. ER706W does for sure.
- Copy Link
- Report Inappropriate Content
I originally bought a ER605 v1 from Amazon. I also subscribe to Nord VPN and wanted an always on VPN for my Guest network. On the ER605 v1 OpenVPN Server did not allow you to use a username and password, which Nord VPN requires. ER605 v2 and higher had a firmware upgrade that updated OpenVPN to use a username and password, but the ER605 v1 did not have a new firmware available. I have noticed when I buy TP-Link products from Amazon I always get a v1 product. I reached out to TP-Link support and voiced my concern. They said because my ER605 v1 was still under warranty they would RMA it and send me an ER605 v2. I just had to send the ER605 v1 back to them within 15 days or they would charge me for the new one. Ever since I got the ER605 v2 I have not had OpenVPN issues. I have Server side setup so I can VPN into my home network. My Windows laptop uses the OpenVPN Connect (3.3.3) application. I also have the client side setup with an always on VPN connection to NordVPN. Both works as expected.
Also, there is a lot of talk going on in the OpenVPN forum about Android 14. You might find more answers there.
- Copy Link
- Report Inappropriate Content
@HellBent it still doesn't change the fact that a legacy option leading to weakened security is enabled by default without the ability to disable it.
- Copy Link
- Report Inappropriate Content
When I chose TP-Link over ubiquity it was mainly a cost decision, so I assumed this comes with some disadvantages. But this kind of software/firmware support is an absolute disaster. If I have to make any HW decision in a professional environment, TP-Link would be off the table immediately. For me as a home user it was often the first choice, but right now I would pay the mark up and go to ubiquity.
- Copy Link
- Report Inappropriate Content
Anyone who is using Android and experience the issue with OVPN, you might find it helpful: Solution - No Traffic After OpenVPN Is Connected - Android OpenVPN Connect 3.4.0 Update
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 4179
Replies: 31