@pepicheck The second option DID NOT WORK!! Only the first option worked.

I added the tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA to the generated .ovpn file (above and after cipher AES-128-CBC) and then importing to settings but it did not work

 

client
dev tun
auth-nocache
proto udp
float
nobind

cipher AES-128-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
comp-lzo adaptive
resolv-retry infinite
persist-key
persist-tun
verb 3
remote XXXXXXXXXXXXXX

 

 

Device Firmware Version:1.18.0 0.9.1 v009e.0 Build 241018 Rel.43535n 

Device Hardware Version:Archer VR2100v v1 00000000

 

Any idea why the option 2 did not work for me?

The second option DID NOT WORK!! Only the first option worked. I added the tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA to the generated .ovpn file (above and after cipher AES-128-CBC) and then importing to settings but it did not work client dev tun auth-nocache proto udp float nobind cipher AES-128-CBC tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA comp-lzo adaptive resolv-retry infinite persist-key persist-tun verb 3 remote XXXXXXXXXXXXXX Device Firmware Version:1.18.0 0.9.1 v009e.0 Build 241018 Rel.43535n Device Hardware Version:Archer VR2100v v1 00000000 Any idea why the option 2 did not work for me?

  @ELAMeri Error message? Distro what you have???

 

Same error on a MacBook running Sonoma 15.3

Eventualy reset the OpenVPN client settings to defaults and the issue was solved.

But what puzzled me is that the same OpenVPN setup on multiple Omada controller setups - and only one of them was returning the error message, using the same OpenVPN client app. Of course, all controllers updated to the latest version.

At least it's fixed.

Hopefully this will help someone in the near future.

  @pepicheck I also have the issue with an Archer AX23 v1.2 on the latest firmware.

I tried the second method, but it did not work. I can use the first method, but I have doubts about it.

 

To me, having VPN access means having a secure access to my private network when I'm away. If I have to degrade the security of this connection that I would rather not have this connection at all.

 

With that said, I think it is obvious what the solution is: TP-Link updates the server version inside the firmware. I see the downsides as well:

• Some customers stuck on older clients might not be able to connect.
• The efforts to integrate and test the newer server version might not be worth it.
• etc.

 

With that said, to me it feels like I'm going to part way of VPN servers run on the router. If there is no possibility for the end user to decide to update that application without affecting the rest of the router software, then I cannot see a good solution across the board.