ER8411 OpenVPN/SSL VPN Issue

ER8411 OpenVPN/SSL VPN Issue

ER8411 OpenVPN/SSL VPN Issue
ER8411 OpenVPN/SSL VPN Issue
2023-05-15 05:18:57 - last edited 2 weeks ago
Model: ER8411  
Hardware Version: V1
Firmware Version: 1.0.3

 

@Fae 

 

About OpenVPN/SSL VPN issue.
Today is 6 months since I reported the VPN error, it still hasn't been fixed. Do you have any more information about what's going on? Is there anyone working on this?

 

Do you know if the ER707-M2 has the same VPN bug?

 

  1      
  1      
#1
Options
1 Accepted Solution
Re:ER8411 OpenVPN/SSL VPN Issue-Solution
2 weeks ago - last edited 2 weeks ago

 

 

it seems that my problem has been solved, I have now run against my own Openvpn server from pivpn for a few weeks without problems with UDP, the speed is good, probably only limited by the server running on an old PC. no drops or other problems on the VPN connection.

 

The OpenVPN server is not installed in compatibility mode as I had to do before, i.e. version older than 2.4 

 

The problem now is TCP, it's terribly slow. 30-40 Mbps at most, I hope Tp-Link can look into this too :-)

 

 

I am now using this firmware on my ER8411,  1.2.2 Build 20240809 Rel.48592

 

 

 

 

 

Recommended Solution
  0  
  0  
#45
Options
45 Reply
Re:ER8411 OpenVPN/SSL VPN Issue
2023-05-16 05:04:19

Hello @shberge,

 

The issue has been reported to our R&D team for further investigation last week. At this time, I'm informed that the fix of the ER8411 OpenVPN/SSL VPN Issue might be a bit delayed as they need to hurry up to finish the on-going large and important project first. And it will take some time to fix the issue due to the fact that the underlying logic of ER8411 is different from other router models, the fix will be more complicated. But please be assured that they will try the best to work out the problem. We appreciate your understanding and patience in this matter.

 

As for the ER707-M2, I haven't received any feedback about the VPN on it yet, will keep an eye on this. You are welcome to tag me or @Hank21 for further follow-up if you notice one.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  1  
  1  
#2
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2023-06-26 11:14:37 - last edited 2023-06-26 11:18:29

  @Fae 

What is the status of the VPN problems? now it's almost 8 months since I first reported this, do you have any updated information?

 

I am now on

Firmware Version:

1.0.4 Build 20230606 Rel.72432

Controller Version

5.11.8

  1  
  1  
#3
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2023-07-13 08:29:06

  @Fae @Hank21 @Clive_A 

What happend with ER8411??, now it 9 month today since some problems were first reported.
 

 

  1  
  1  
#4
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2023-10-06 12:19:42

@Fae 

I am having the same OpenVPN Issues. would be great to get a fast update here.

Especially because the ER8411 is really the most expensive router of TP-Link (regarding performance and price).

 

Omada Controller Linux 5.14.26.1 TL-SG2008 v3.0 - 3.0.9 EAP653(EU) v1.0 - 1.0.14 EAP650-Outdoor(EU)v1.0 - 1.1.4 EAP610-Outdoor(EU) v1.0 - 1.2.5 EAP615-Wall(EU) v1.0 - 1.2.4
  1  
  1  
#5
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2024-03-29 14:41:23

  @MatthiasL22 

 

And I assume this issue still has not been fixed or resolved or even reported as a known issue in the release notes.

  1  
  1  
#6
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2024-03-29 15:38:30

  @svandive 

there is a beta available since beginning of this year somewhere in the forum, which fixed this issue, although with quite poor performance. 

Omada Controller Linux 5.14.26.1 TL-SG2008 v3.0 - 3.0.9 EAP653(EU) v1.0 - 1.0.14 EAP650-Outdoor(EU)v1.0 - 1.1.4 EAP610-Outdoor(EU) v1.0 - 1.2.5 EAP615-Wall(EU) v1.0 - 1.2.4
  0  
  0  
#7
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2024-03-31 10:59:05 - last edited 2024-03-31 11:34:02

  @svandive 

 

I haven't seen anything in the release note about this either, either it was fixed by mistake or they don't want to talk much about it.


But latest update works with UDP, I don't know how stable it is, latest beta version disconnected openvpn without reconnecting after a while.

 

I haven't tested SSL since the last beta, it worked but destroyed the IPsec site to site VPN, ping worked and everything looked ok but when I tried to start a remote desktop or a web application in the IPsec s2s tunnel, nothing happened. to get IPsec working again I had to delete all SSL configuration and restart the router, exactly as when I bought the router on the end of 2022.

 

Now I have given up openvpn Client on the ER8411 and route all this traffic via a Unifi router which works absolutely fantastic for Wireguard and OpenVPN.
TP-Link still works best with IPsec site to site VPN.

 

OpenVPN and wireguard for remote access to my network run on two Raspberry PI 5 together with unifi and omda controller and some other stuff. 

 

 

you can try the latest firmware and test give feedback in this thread

 

EDIT:

 

I did a test here and unfortunately ER8411 as OpenVPN client disconnects the tunnel after a while. it appears as active but is not. if I deactivate the OpenVPN tunnel and activate it again, it works for a while before it disconnects or cuts the traffic, so back to Unifi, the next test will be when there is new firmware for the ER8411.

for the record I can mention that the ER707-M2 and ER706W do NOT have this problem.

 

 

 

 

 

 

 

 

 

  1  
  1  
#8
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2024-04-02 01:23:14

Hi @MR.S 

Thanks for posting in our business forum.

MR.S wrote

  @svandive 

 

I haven't seen anything in the release note about this either, either it was fixed by mistake or they don't want to talk much about it.


But latest update works with UDP, I don't know how stable it is, latest beta version disconnected openvpn without reconnecting after a while.

 

I haven't tested SSL since the last beta, it worked but destroyed the IPsec site to site VPN, ping worked and everything looked ok but when I tried to start a remote desktop or a web application in the IPsec s2s tunnel, nothing happened. to get IPsec working again I had to delete all SSL configuration and restart the router, exactly as when I bought the router on the end of 2022.

 

Now I have given up openvpn Client on the ER8411 and route all this traffic via a Unifi router which works absolutely fantastic for Wireguard and OpenVPN.
TP-Link still works best with IPsec site to site VPN.

 

OpenVPN and wireguard for remote access to my network run on two Raspberry PI 5 together with unifi and omda controller and some other stuff. 

 

 

you can try the latest firmware and test give feedback in this thread

 

EDIT:

 

I did a test here and unfortunately ER8411 as OpenVPN client disconnects the tunnel after a while. it appears as active but is not. if I deactivate the OpenVPN tunnel and activate it again, it works for a while before it disconnects or cuts the traffic, so back to Unifi, the next test will be when there is new firmware for the ER8411.

for the record I can mention that the ER707-M2 and ER706W do NOT have this problem.

 

 

 

 

 

 

 

 

 

Have you tried to add keepalive in the exported .OVPN? Will it help? I recall I answered this before and result seems to be positive.

 

The previously provided beta to you and Matthias did not work at all? I recall you and he reported the performance was much better.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#9
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2024-04-02 05:06:56

  @Clive_A 

 

i can give it a try, added keepalive 10 120 and reimported.

 

previously provided beta or none of the versions have worked as they should so far, that is, there is a small improvement, UDP at least connects now but loses communication after a while.

 

I have not tested SSL with the latest version, but the beta version destroys the IPsec traffic as mentioned above. as it has done all along. ping works normally, but if I try to start remote desktop or a web application, for example, nothing happens, if something happens, it's very slow,

 

disabling ssl doesn't help i actually have to delete everything configured in ssl and reboot the router to get it working again

 

 

 

 

  1  
  1  
#10
Options
Re:ER8411 OpenVPN/SSL VPN Issue
2024-04-02 06:46:28

Hi @MR.S 

Thanks for posting in our business forum.

MR.S wrote

  @Clive_A 

 

i can give it a try, added keepalive 10 120 and reimported.

 

previously provided beta or none of the versions have worked as they should so far, that is, there is a small improvement, UDP at least connects now but loses communication after a while.

 

I have not tested SSL with the latest version, but the beta version destroys the IPsec traffic as mentioned above. as it has done all along. ping works normally, but if I try to start remote desktop or a web application, for example, nothing happens, if something happens, it's very slow,

 

disabling ssl doesn't help i actually have to delete everything configured in ssl and reboot the router to get it working again

 

 

 

 

Summarize this now:

1. OpenVPN will disconnect after a while.

2. Performance is not expected. Like what you reported: https://community.tp-link.com/en/business/forum/topic/596196?replyId=1296198

Persists till now? 20Mbps or so? What is your upload and download speed? ISP plan.
3. IPsec and SSL would not work at the same time.

 

Do I understand you correctly?

 

Let me ask you this about the last one, did you bring up #3 in the past when you contacted us about OpenVPN? I recall I have met this and the dev told me they didn't reproduce this. It was because your network with too many VPN tunnels.

Do you reproduce this in two routers without too many variables?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#11
Options