@firefox111 

Ok  you have problaby stand alone, my ilustration is from the controller. but you should find the same config in standalone mybe with som diferences..

anyhow, to confuse even more, you sholdt try upgrade to this version.. there is som OpeVPn fixes.

https://community.tp-link.com/en/business/forum/topic/634790

Yes this is an update with lower number..  dont ask why :-)

When I lok at the TP-Link simulater there is option to splitt or no splitt. (full mode or not full mode)

Yes OpenVPN is slow but easy to setup, but I recomand Wireguard Difficult to configure but very fast. about 100Mbps  on ER605v2

  @MR.S

Thanks.  I found that out - the "Full Mode" was by default checked (if I'm not mistaken), so I unchecked it and achieved the "Split tunneling" option. In my Cisco days, I have known it to be "Split tunneling".  For the life of me, I did not grasp the "Full Mode:" to be that in the TP-Link world.  Anyway, thanks for pointing me to the OpenVPN.  I am now happy with my LAN-to-LAN connection between my two homes.  My VPN connection between the two locations is much snappier than the L2TP which I have been using for more than a year. That was very slow. And with the L2TP connection, when I'm away from home and connect my iPad to one of the ER605, everything gets pushed through the tunnel.  Now, I'm happy with the ovpn.

  @firefox111 

it was good to hear, when you get time you should look at wireguard too, it is very difficult on tp-link so there is a learning curve there.. but it is probably close to 10 times faster than openvpn..
​

  @MR.S 

Thanks.  I will experiment on wireguard.

  @MR.S 

I just completed the peer-to-peer using wireguard between my two locations and it is truely faster than the OpenVPN, and, much much faster than the dog L2TP. My iperf statistics is 17.4 Mbits with wireguard.

Thank you for your suggestion.

Update: My big problem with wireguard is that in the ER605 Peer setup, it doesn't allow me to enter a FQDN on the Endpoint parameter! It only takes IP Address!  I did a search for "DDNS for wireguard endpoint" and there are articles for Linux peer setup that says it is possible to change the IP Address with the FQDN by editing the wireguard peer config (like editing the .ovpn file).

If the ER605 wireguard Peer config is set in stone to only use IP Address, then I will go back to OVPN as soon as my peer-to-peer connection dies due to my ISP leases a different IP Address.

  @firefox111 

If you need Site to site between two ER605v2 use IPsec site to site.

then you can use FQDN and its super fast with this encryption.

250-300 Mbps

  @MR.S 

Yes, I tried the ipsec LAN-to-LAN and I got connection.  But my cameras from the remote location don't show video to my local IP Cam viewer even though they respond to my telnet to their non-standard ssl ports (in Windows command prompt: "telnet 192.168.4.201 6441").  I can ping all devices in the remote location but the cameras just don't show video!  I've waited long enough for the connection to normalize, maybe, but no go on the cameras. And, oh, I was able to login to the management interface of the remote ER605.  So I went back to wireguard.

  @firefox111 

it seemed strange. I myself have a camera server home with one of the children, remote access to the camera server is no problem.
Is there any access control on the camera? I have it on my camera, only approved IP addresses get access to camera.
I have vpn site to site between an ER605v2 and an ER8411 and it works absolutely fantastic.stream 11 camera on a VPN to a remote server.

  @MR.S 

Strange indeed! With wireguard, I have no problem whatsoever. I have full control of all the devices on the remote site.  My only issue with wireguard is that it uses IP Address not FQDN for the peer endpoint.  With IPSEC, any device which uses non-standard port don't respond.  I can ping them but don't stream the data back to the requesting client device/app! Ports like 6441, 6442, etc for SSL, 8123 for my remote Homeassistant server, non-standard RDP port to a remote PC, etc.  I can login to the remote ER605 management interface with no problem.  Aha, note that the devices that I use non-standard ports are behind another router that does the Port Forwarding to these devices. Are there any Firewall rule I have to worry about for IPSEC LAN-to-LAN to work for these devices?  I don't know.

Oh, iperf works to that same PC that does not respond to non-standard RDP!