Get CactusVPN for $3.5/mo!
Yep, it’s doable, though it’s certainly no walk in the park. The setup process can be a bit difficult if you’re not extremely tech-savvy. And skipping it by buying a pre-configured router can be quite costly.
But before we even get to that, you should first see if doing this is something that would really benefit you.
So, here’s everything you need to know about the advantages and disadvantages of using a VPN on a router (among other things):
There are various nifty advantages and concerning drawbacks you should consider before going ahead with the setup to make sure that using a VPN on a router would really benefit you.
While most VPNs usually work on a majority of devices, that level of cross-platform compatibility is often not enough nowadays. What if you’d like to use a VPN on your Xbox, PlayStation, or smart TV, for instance?
Well, that’s the kind of thing you can actually do if you set up a VPN on a router. Once that’s done, any device that connects to your router will be able to use the VPN’s features.
That means you’d be able to watch geo-restricted content on your smart TV, or access geo-blocked gaming regions on your console.
You won’t have to install or configure VPN apps and clients on multiple devices anymore. It’s enough to configure the VPN on the router once, and be done with it. Essentially, any device that will be able to connect to your router will automatically use the VPN that’s configured on it.
Once a VPN is configured on a router, said router will always connect to the Internet through the VPN. So, you won’t have to worry about forgetting to turn the VPN on when you go online, and leaving your online traffic and personal data exposed.
If you’re not familiar with WiFi poaching, just think of it as someone connecting to your WiFi network and using it without your permission. That can usually be prevented by having a strong password in place, but – sometimes – a diligent hacker might just be able to bypass it.
When that happens, they’d be able to gather some geo-related info on you because they will have your IP address.
But if you have a VPN operational on your router, you’ll get to enjoy a certain degree of anonymity since your real IP will be replaced with a different one.
So, if your WiFi network ever gets breached like that, the uninvited guest won’t really be able to pinpoint your location. Similarly, if they use your WiFi for nefarious purposes, it won’t get traced back to your IP.
When using a VPN on a router vs. a computer, for example, you are likely to experience slower connection and download speeds. That’s almost always going to happen if your router has a weak CPU, and if you’re using an encryption-heavy VPN protocol (like OpenVPN, for instance).
Sadly, even if you use a VPN protocol that favors speed over security (such as L2TP), your online speeds still won’t be at their peak if your router’s CPU under-performs. This is a common problem with D-Link and TP-Link routers, actually.
The only way you could bypass that issue would be to get a more performant router. However, that can cost you a lot of money. The price range can start anywhere around $100-$200, and go up to $500 or more.
Not only that, but the more devices you have connected to a specific VPN server through your router, the slower the overall Internet connection speed will be.
Since setting up a VPN on a router means it will always be on, your IP address will always be set to a specific country whenever you access the web through the router.
So, if you live in the US, and have set up the router to connect to a VPN server in the UK, you likely won’t be able to access US content that is geo-restricted, like Netflix US or Hulu, for instance. That’s because you will constantly have a UK IP address when you go online.
To bypass this, you’ll need to manually change the VPN server in the router firmware. If you use Tomato router firmware, though, this won’t be a problem since you cat set up 2 VPN servers and switch between them with ease.
Unfortunately, it’s not as simple as just running a setup process, clicking “Finish,” and browsing the web at your leisure.
Instead, you’ll normally have to access the router’s Default Gateway Address, tweak the network connection, and even download and edit configuration files – just to name a few steps. If you have no experience with stuff like this, it can feel pretty daunting.
Fortunately, most VPN providers offer step-by-step tutorials showcasing how to set up a VPN on a router. We here at CactusVPN have got our own easy-to-understand tutorials too in case you are interested.
Some routers just can’t support VPN functionality, mostly because the firmware doesn’t allow it. What’s more, even if a router has VPN support, that doesn’t necessarily mean it supports all VPN protocols.
For instance, Tenda routers only support PPTP and LT2P protocols. While they might offer decent speed, these protocols can easily be blocked, can sometimes struggle with firewalls, and barely offer any protection. LT2P, in fact, has no encryption on its own.
This is the kind of problem not even a VPN can solve. Basically, if your router’s manufacturer doesn’t release regular OS updates for the router model you own, the OS becomes vulnerable to hacker attacks.
Sometimes, a simple OS bug or an improper firmware configuration could be enough to give someone else remote access to your router.
Compared to using a VPN on a device or computer, using a VPN on a router means putting up with a weaker form of VPN encryption.
That’s because the VPN encryption will go up to the router, and that’s it. From there on, all your devices on the local network will be unsecured.
Here are some of the general steps you need to follow to set up a VPN on a router. If you’re looking for something more specific, please remember that we already have step-by-step tutorials on how to set up CactusVPN on multiple routers.
Note that you only need to follow this step if your router’s firmware doesn’t offer VPN support. If it does, you can go ahead and skip it.
Essentially, flashing means you will be replacing the firmware your router came with with a new, more improved one. Usually, if a router doesn’t run DD-WRT or Tomato firmware, most people decide to flash it.
Of course, before you do that, you should make sure that your router is compatible with either DD-WRT or Tomato firmware. You can easily find that out by checking out DD-WRT’s list of supported devices, and Tomato’s list of supported routers.
If your device is not compatible, you will either have to get a supported router, or buy a flashed router directly. The latter option should only be considered if you don’t think you have the technical know-how to set up a VPN on a router, as flashed routers are quite expensive.
Now, onto the process itself. Here’s what you should do:
Those should be the general steps to take to flash a router. If you’d like a more in-depth look at the steps, feel free to check the DD-WRT installation guide and the Tomato installation guide.
You will need a VPN username and account password to fully set up a VPN on a router.
We’ve got you covered – CactusVPN offers a high-end VPN that features military-grade encryption, 24/7 support, a Kill Switch, 30+ high-speed servers with unlimited bandwidth, and up to six VPN protocols to choose from. What’s more, we don’t log any of your data, and our service works across multiple platforms.
And if you ever want to try out other ways of unblocking websites, we also offer a Smart DNS service that unblocks 300+ websites for you. That, and all our VPN servers double as proxy servers.
And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.
Depending on your type of router, you’ll have the option to choose from multiple VPN protocols. Generally, your options will include OpenVPN, PPTP, and L2TP. OpenVPN is the most secure, but it’s also the protocol that’s most likely to slow down your connection and download speeds because of its encryption.
PPTP and L2TP are usually faster, but also offer poor security. In fact, L2TP offers no encryption on its own (which is why it’s usually paired up with IPsec).
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are transport layer protocols that are used to facilitate the exchange of data between one host and the other.
Usually, you’ll be able to connect to a VPN server choosing one of these protocols. What you should know about both of them is that TCP is generally used for standard online browsing, and that UDP is mostly used for streaming and online gaming.
Now that all that info is sorted, you can move on to setting up the VPN on your router network. We personally recommend using our existing tutorials for guidance, as we have a step-by-step guide for different routers.
In case you’d like an overview of how the configuration process works in general, here are the usual things you need to do:
Some VPN and router providers have partnered up to offer users VPN-enabled routers that come directly configured and ready to be used.
They come with a major downside, though – the steep price range. Many VPN-enabled routers start at around $200, and go up to (and sometimes over) $500 – not to mention you also have to pay the VPN subscription fee.
A VPN is automatically enabled on your router once it is properly configured. You don’t have to enable it every time you want to connect to the web.
Though, it is worth mentioning that most firmware should give you an Enable option for the VPN client.
Regarding how you can use a VPN on a router, you can basically:
As for how to disable a VPN on a router, you mostly just have to stop the VPN client in the router’s firmware. DD-WRT, for example, normally has a Disable/Enable option next to the VPN function.
In case your router has dual router setup support, you can just connect to the non-VPN router instead.
Generally, you have to manually switch server locations in the router’s firmware by typing in a new VPN server address.
On DD-WRT, for instance, you can do that by accessing your router’s settings, and editing the server and login settings.
It is worth noting that a TomatoUSB router lets you save 2 server options, so that you can switch between them at your leisure.
Technical issues can vary in this case, and some might even be specific to a certain type of router or VPN brand.
Overall, these are some of the most common issues you might encounter:
The most VPN-friendly router firmware out there includes Tomato and DD-WRT. So, a router that’s compatible with Tomato and DD-WRT would be suitable. DD-WRT is a Linux-based firmware that can enhance the functionalities of wireless routers, and Tomato is an open-source firmware that can support up to 2 VPN servers and 2 VPN clients.
Here’s a list of DD-WRT supported routers, and a list of Tomato supported routers. In case your router isn’t supported, and you’d like to get one that is, here are some specifications to keep in mind to make choosing a router easier:
DD-WRT-enabled routers are routers that come pre-configured with the DD-WRT firmware. So, you don’t need to flash the router to install DD-WRT on them. They are a bit pricey, though, as most prices start at over $200. Buffalo DD-WRT-enabled routers are more cost-efficient (starting at $50), but they are not as performant.
Tomato-enabled routers are the same thing, except they are flashed with the Tomato firmware.
VPN-enabled routers are pre-configured routers that can natively support OpenVPN out of the box. ASUS seems to offer the largest selection of VPN-enabled routers, with its firmware supporting OpenVPN, PPTP, and L2TP.
Well, it depends on your needs. For instance, if you own a lot of mobile and smart devices, and really want to watch geo-blocked content on all of them, setting up a VPN on a router would be a good idea.
You should also consider doing this if you want to enjoy more online privacy across multiple devices, and if having to replace your router (in case it doesn’t offer VPN support) with a compatible one is not a problem.
However, if you only use a computer and a mobile device, having a VPN router might not really be worth the hassle. The same goes for those of you who might have to replace your router, but are on a tight budget.
Also, if connection and download speeds really matter to you, it might not be a good idea to bother with this if your router doesn’t have a CPU with at least 800 Mhz (or more, preferably), or if you can’t afford to upgrade to a more performant router.