Home Network Community > Wi-Fi Routers > OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
< Wi-Fi Routers

OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)

OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)

OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
Wednesday - last edited Wednesday
Tags: #VPN
Model: Archer AX73  
Hardware Version: V1
Firmware Version: 1.3.6 Build 20240407 rel.43274(4555)

Dear All,

 

Please help with the issue as follows.

 

I am trying to activate a VPN client on my router. I already have rented a VPS and installed an OpenVPN Access Server package on it. Then I generated an .ovpn file for my router using the instruction by OpenVPN (created a user for my router, enabled "Allow Auto-login" for it, and set "tls-auth" on Access Server to "Yes", then generated and downloaded the file). I did not follow next steps as per OpenVPN instructions, as the TP-Link interface they used as example was different from what I have in my system.

 

On the router side, I set the VPN Client to "Enable", added a new profile with the OpenVPN type option selected, uploaded the .ovpn file, and enabled the profile.

 

However, what I get is the "Connecting" status. My IP as seen by ip services remains as it was, my Access Server panel does not register this connection.

 

I tried to run an OpenVPN client on my Windows PC operating in the very same home network with a config file generated for Windows and it works perfectly.

 

I am definitely not a pro and rely mostly on Google-knowledge for this. I read multiple threads here and there, but to no avail. What could possibly be the problem here?

 

Thank you very much in advance.

 

-------------

UPD1. ...Oddly enough, when I tried again (after numerous attempts) to activate the client as described above, it worked. However, after I disabled the VPN Client and then enabled it back to see if it is going to work properly, it stuck again with the "Connecting" stage no matter how many times I switched it on and off. But it is not the end of the story. When I added a new profile with the very same config file and setings as before, it worked again -- connection was up upon being enabled. Nonetheless, when I disabled it and enabled again, it also did not make it past "Connecting". Surprisingly, when I randomly clicked one of the profiles previously made with this config file, which I did not bother to remove while experimenting, the VPN Client went online again! Can there be some sort of issue with the router itself?

 

UPD2. The connection speed via the router VPN is substantially lower (including on the same devices) than the speed of the same VPN connection via the OpenVPN Connect app. Why this difference?

  0      
 
  0      
 
#1
Options
5 Reply
Re:OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
Thursday

Hi  @NewbUser,

From your description, VPN should be working properly on the router now, right? If it is still unstable, I suggest you test OpenVPN Client on other devices to see if it can also connect stably? 

 

The slow VPN speed on the TP-Link Router when using the VPN Server or VPN Client is often due to the limitations of the router's CPU. The processing power of the router is not as robust as that of a computer or other devices, which can result in slower performance when establishing VPN connections. This limited processing capability of the router is a contributing factor to the slower speeds experienced. To improve VPN performance, you may consider setting up the VPN connection on a computer or other devices that offer more processing power and performance capabilities.

  0  
  0  
#3
Options
Re:OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
Thursday - last edited Thursday

Hi  @Joseph-TP , thank you for your reply. At this point, I have 4 VPN profiles, all identical to each other in every aspect. If I enable one of them (when others are disabled), it will return the "Connecting" status and get stuck with it. However, if I keep disactivating/activating them one after another randomly, at some point one of them would successfully connect to my VPN server. So, in brief, it displays different behaviors with the same type of input, which is bedazzling by itself and gives no guarantee that the VPN continues working on my router.

 

It looks like the issue, if it is an issue, is router-side, as the same VPN server is easily reached in fractions of seconds from my PC's OpenVPN Connect client. I switched it on and off many times, and it was working with no problems whasoever.

 

So yes, I guss if I keep it enabled all the time while managing which of the devices has access to it, it will work, but I wonder if it is normal and if it keeps working after a while.

 

P.S. ...And big thanks for explaining to me the speed issue, I had no idea that it might be processor-related (the difference is really dramatic, e.g. 19/4 Mbps on the router with enabled VPN VS 82/84 Mbps on my rig via the PC OpenVPN client as of today).

  0  
  0  
#4
Options
Re:OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
Thursday

Dear All,

 

I guess the workable solution for this issue (which is, in fact, the router's erratic/inconsistent behavior in terms of connecting to a remote VPN server) is rebooting. In my case, the successful pattern was like this: (1) create a profile; (2) enable it (that is where we get the "Connecting" status, which may last forever, but we disregard that and go on to the next step); (3) reboot the router. When back online, it is highly likely to have the VPN profile enabled and working. As a plan B, you may create several profiles with the same settings and activate/deactivate them in a random order, which may result, at some point, to bringing the VPN connection online. Once it is up, the router stays reliably connected.

 

As regards the speed issue, I followed a recommendation to change the encryption algorythm from AES-256-CBC to AES-128-GCM in order to unload the router's processor to a degree, but this resulted in a lower speed, contrary to my expectations.

  0  
  0  
#5
Options
Re:OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
Yesterday

Hi  @NewbUser,

 

Below is a simple and useful troubleshoot step.  
Please plug a usb to the router. Then add this line to the ovpn file: log-append /tmp/smb/G/log.txt 
Then re-import the ovpn file and run the vpn. You will find the error log in the usb. 
It will be helpful if you could provide the log.  

 

Please send the log to the email support.forum@tp-link.com, attaching Forum ID 734132 and details, and the senior engineer will assist in analysis and follow-up.

  0  
  0  
#6
Options
Re:OpenVPN Client Issue: permanent "Connecting" status (AX5400 Wi-Fi 6 Router)
19 hours ago

Hi  @Joseph-TP ,

 

It looks like the problem has gone.

 

By default, in the Access Server panel, the "Allowed data channel ciphers" box is left blank. I followed a recommendation from the web and specified the accepted ciphers as follows: AES-128-GCM:AES-256-GCM:AES-256-CBC:AES-128-CBC:BF-CBC. That appears to have solved the problem when it comes to activating profiles set up with the config file generatd inside the OpenVPN AS admin panel. The problem persists with an edited file where I have replaced the "cipher AES-256-CBC" string with "cipher AES-128-GCM" and added "auth SHA256" for (allegedly) faster performance, though, but it is not a big issue for me.

 

Thank you very much for your help!

  0  
  0  
#7
Options

Information

Helpful: 0

Views: 102

Replies: 5

Tags

VPN
Related Articles
VPN client always in Connecting state
257 0
AX73 open VPN client split tunneling
2408 4
Not able to connect OpenVPN client
784 0
Unable to connect to openVPN from client
1110 0
Unable to connect OpenVPN client to OpenVPN server (router)
140 0
 OpenVPN client
449 1
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.