I recently installed a TPLink ER605. I had a VPN server running on a Ubuntu VM which I am still using. The VPN requires me to open port 500 & 4500. From a network security standpoint is it more secure to use the built-in YPN on the ER605? Or are both methods about the same? It looks like with the ER605 vpn I will not have to open any ports, is this correct.
In my opinion, every service like VPN needs some ports to be opened for establishing connection. When creating VPN service on ER, ER will probably automatically open ports for you, so from my perspective from security point of view it will be exactly this same situation.
From a port perspective, the risk is the same. The VPN ports are open in either case.
From a comprehensive security perspective, that depends on your ability to secure a standalone host vs your trust in the Omada system to secure itself.
The only real difference is that the OpenVPN binaries on the Firmware for the ER are locked between releases. The Ubuntu packages can be easily updated.