A lot of small businesses are using consumer grade routers and networking equipment these days. With good reason. If you only have a three to five person office and everyone connects via Wi-Fi, basically just to access internet services and one local file server, you really don’t need much else.
The best consumer grade routers I’ve worked with in recent years are the TP-Link Archer series. They are built for home use, but have some advanced features that lend themselves to today’s remote workplace.
One feature is their ability to be used as an OpenVPN server that you can connect to from the outside, letting you access your home servers, or company assets. It’s pretty easy to set up and the clients are super simple to deploy.
Setup OpenVPN Server with TP-Link Router
Before starting, please set up Dynamic DNS on your router. OpenVPN will not work without it. ‘
Note: I am using a TP-Link Archer A7 AC1750 as a reference. Your menus may be different depending on model and age of your router.
Step 1 – Log into the web interface for your router.
Step 2 – Click on the Advanced Tab and Scroll down until you see “VPN Server”. Select OpenVPN.
Step 3 – Check the “Enable VPN Server” checkbox. Everything can be left as default.
If you want the VPN client to only access your network and use its own internet select “Home Network Only”. If you want all traffic, including internet, to be sent through the VPN connection select “Internet and Home Network”.
Step 4 – Click “Generate Certificate”. It will take a few minutes to generate a certificate. Wait until it is finished to move on.
Step 5 – Once the certificate is generated, click the “Export” under the “Export Configuration” Section.
Make sure you put the .OVPN file it downloads somewhere you remember. You’ll need it when you deploy a client.
Note: Once you’re done you’ll need to deploy the clients. I will post a detailed article on how to do that soon and link it here. The concept is pretty simple though. You need an OpenVPN compatible client for the operating system you’re working with. In most of those, you simply import a profile and select the OVPN file you downloaded from the router. It does all the work for you. Then you can connect
13 replies on “Set Up Open VPN Server with TP-Link Router”
If I don’t want for a client to have access once he has the connection file, what shall I do? If I regenerate the certificate he will not have access anymore?
Yes, this is what you’d do, then redistribute the new file to whoever needs it. Sorry this took so long to reply to.
I followed the same steps on my Archer C7, but I am getting error while connecting to VPN
“There was an error attempting to connect to the selected server”
Hi, I have a TP-Link Archer C50, the “VPN Server” is not an option when I click on the Advanced Tab and Scroll down. I’m assuming that I do not have the option to set it up on this router. is that correct?
I just started using VPN (surfshark) and wanted to set it up on the router. I’m now considering upgrading to TP-Link Archer A7 AC1750.
Yes that’s correct. If it’s not in the menu system it isn’t a feature the router has. The A7 Archer is great I looked at the specs on Amazon, it doesn’t show VPN Server on all the specs. However TP-Link’s website shows it has an OpenVPN server, which is what you’re looking for. The C3 150 is also a great model to look at.
thanks for the Reply. I did get the Archer C7 and followed your setup to Step 5, generating and exporting the certificate. It says now I have to ‘deploy the clients’. i’m not sure what that means but i’ll look for that.
I cant get this to work on my router. I followed the instructions that TP link provide ( the same as you detail) it connects when using the OpenVPN client but I am unable to access anyting on my local network. I have the option for home network and internet selected. When I try and access my router from the remote location it gives me a 403 error and I also cant access other boxes on my LAN. Any ideas?
Are you trying to access the router itself from your remote location or a device on your home network? Router management is disabled for VPN connections typically. If you have a printer or something with a web GUI, that’s the best way to test it. Or assign a home pc a static IP address so you can ping it remotely.
The 403 error is a ‘forbidden’ access error. Which if you’re trying to access the router from a VPN connection this makes sense. It is connecting properly but the router is preventing you from accessing it. You CAN enable remote management under the “Administration” menu under “System”, but I’d highly suggest you do not for security reasons. If you need to, you can enabled RDP on a machine at your house, remote into that and access router configuration.
I have the same problem with 403 error.
I need to access the files in my local network (shared folders from other computers, NAS) but I receive the 403 forbidden error.
I don’t need to access my router as you answer before in this comment.
When you try to access the files, are you going to a website, or to an address in your file explorer?
Is there some limitation regarding number of clients which are able to connect remotely.
I am using Archer AX50 V1 and it seems to be limited for 10 clients.
I was not success with more.
I wouldn’t doubt that ten clients is the limit on the home routers. I looked around for some information and couldn’t find any information on an OpenVPN client limit. TP-Link does make some small business class routers that support more. The ER7206 supports up to fifty OpenVPN clients at a time. There’s also the ER605 that supports sixteen as does they TL-605, but this isn’t much of a step up. These are more or less traditional routers, so if you need WiFi, you’d need to purchase access points as well. The good thing is, they aren’t that expensive with the ER7206 running about $150 on Amazon.
I didn’t find also some limitation or anything.
I have configured there only simple OpenVPN on this router, which I understand it is in passthrough option according the statement.
This TP-Link AX50 is supporting only OpenVPN Pass-Through for VPN server or PPTP VPN.
On the VPN server I have configured only:
Service type as TCP
VPN Subnet/Netmask: 10.1.10.0 255.255.255.0
Internet and Home Network option.
According this configuration, if I will raise 11th VPN connection, this one is not able to connect from outside to my local network.
First 10 connections are working great.