Authentication for wireless under OpenWrt is done with the hostap utilities. Configuration for MSCHAPv2 is listed at https://openwrt.org/docs/guide-user/network/wifi/basic#wpa_enterprise_client
The 841 v14 doesn't immediately look to be supported (yet?) -- https://openwrt.org/toh/start?dataflt[Model*~]=841
Edit: Without knowing the hardware details of the TP-Link 841 v14, flashing the release version for the v13 would be "rolling the dice". While the hardware recently changed with v13 compared to earlier models, it may have changed again. There may be "development" builds or other information on the v14 linked in the forums here. See @tmomas link a couple posts down.
https://openwrt.org/supported_devices/432_warning
If you just bought it and can still return it, you might want to consider a moderately priced device in the US $20-40 range with sufficient flash and RAM , where dual-band 802.11ac support tends to be at the upper end of that range.
Anything prior to Edit: OpenWrt v17 should be considered insecure as it hasn't been actively maintained for years now and certainly includes multiple kernel and application vulnerabilities, which are likely being actively exploited. Your IT department would be justified in having a proper fit if you connect with such a device.