Using a VPN on a Router

VPN on Router
These days, VPNs generally offer cross-platform compatibility, effectively working on multiple devices (Windows, Mac, Linux, iOS, Android) - either through VPN clients or by being configured on them. However, did you know it’s also possible to set up a VPN on a router?

Yep, it’s doable, though it’s certainly no walk in the park. The setup process can be a bit difficult if you’re not extremely tech-savvy. And skipping it by buying a pre-configured router can be quite costly.

But before we even get to that, you should first see if doing this is something that would really benefit you.

So, here’s everything you need to know about the advantages and disadvantages of using a VPN on a router (among other things):

What Are the Pros and Cons of Using a VPN on a Router?

There are various nifty advantages and concerning drawbacks you should consider before going ahead with the setup to make sure that using a VPN on a router would really benefit you.

The Advantages

You Can Use a VPN on Multiple Devices

While most VPNs usually work on a majority of devices, that level of cross-platform compatibility is often not enough nowadays. What if you’d like to use a VPN on your Xbox, PlayStation, or smart TV, for instance?

Router 1

Well, that’s the kind of thing you can actually do if you set up a VPN on a router. Once that’s done, any device that connects to your router will be able to use the VPN’s features.

That means you’d be able to watch geo-restricted content on your smart TV, or access geo-blocked gaming regions on your console.

Only One Setup Is Needed

You won’t have to install or configure VPN apps and clients on multiple devices anymore. It’s enough to configure the VPN on the router once, and be done with it. Essentially, any device that will be able to connect to your router will automatically use the VPN that’s configured on it.

The VPN Will Always Be On

Once a VPN is configured on a router, said router will always connect to the Internet through the VPN. So, you won’t have to worry about forgetting to turn the VPN on when you go online, and leaving your online traffic and personal data exposed.

A Router VPN Can Protect You from WiFi Poaching

If you’re not familiar with WiFi poaching, just think of it as someone connecting to your WiFi network and using it without your permission. That can usually be prevented by having a strong password in place, but – sometimes – a diligent hacker might just be able to bypass it.

When that happens, they’d be able to gather some geo-related info on you because they will have your IP address.

But if you have a VPN operational on your router, you’ll get to enjoy a certain degree of anonymity since your real IP will be replaced with a different one.

So, if your WiFi network ever gets breached like that, the uninvited guest won’t really be able to pinpoint your location. Similarly, if they use your WiFi for nefarious purposes, it won’t get traced back to your IP.

The Disadvantages

Download and Connection Speeds Might Take a Hit

When using a VPN on a router vs. a computer, for example, you are likely to experience slower connection and download speeds. That’s almost always going to happen if your router has a weak CPU, and if you’re using an encryption-heavy VPN protocol (like OpenVPN, for instance).

Sadly, even if you use a VPN protocol that favors speed over security (such as L2TP), your online speeds still won’t be at their peak if your router’s CPU under-performs. This is a common problem with D-Link and TP-Link routers, actually.

The only way you could bypass that issue would be to get a more performant router. However, that can cost you a lot of money. The price range can start anywhere around $100-$200, and go up to $500 or more.

Not only that, but the more devices you have connected to a specific VPN server through your router, the slower the overall Internet connection speed will be.

You Might Not Get to Access Geo-Blocked Content in Your Country

Since setting up a VPN on a router means it will always be on, your IP address will always be set to a specific country whenever you access the web through the router.

So, if you live in the US, and have set up the router to connect to a VPN server in the UK, you likely won’t be able to access US content that is geo-restricted, like Netflix US or Hulu, for instance. That’s because you will constantly have a UK IP address when you go online.

Netflix Remote

To bypass this, you’ll need to manually change the VPN server in the router firmware. If you use Tomato router firmware, though, this won’t be a problem since you cat set up 2 VPN servers and switch between them with ease.

Setting up a VPN on a Router Can Be Difficult

Unfortunately, it’s not as simple as just running a setup process, clicking “Finish,” and browsing the web at your leisure.

Instead, you’ll normally have to access the router’s Default Gateway Address, tweak the network connection, and even download and edit configuration files – just to name a few steps. If you have no experience with stuff like this, it can feel pretty daunting.

Fortunately, most VPN providers offer step-by-step tutorials showcasing how to set up a VPN on a router. We here at CactusVPN have got our own easy-to-understand tutorials too in case you are interested.

Not All Routers Offer VPN Support

Some routers just can’t support VPN functionality, mostly because the firmware doesn’t allow it. What’s more, even if a router has VPN support, that doesn’t necessarily mean it supports all VPN protocols.

For instance, Tenda routers only support PPTP and LT2P protocols. While they might offer decent speed, these protocols can easily be blocked, can sometimes struggle with firewalls, and barely offer any protection. LT2P, in fact, has no encryption on its own.

Router Operating Systems Are Not Always Secure

This is the kind of problem not even a VPN can solve. Basically, if your router’s manufacturer doesn’t release regular OS updates for the router model you own, the OS becomes vulnerable to hacker attacks.

Sometimes, a simple OS bug or an improper firmware configuration could be enough to give someone else remote access to your router.

VPN Encryption on a Router Isn’t That Secure

Compared to using a VPN on a device or computer, using a VPN on a router means putting up with a weaker form of VPN encryption.

That’s because the VPN encryption will go up to the router, and that’s it. From there on, all your devices on the local network will be unsecured.

How Can You Set Up a VPN on a Router?

Here are some of the general steps you need to follow to set up a VPN on a router. If you’re looking for something more specific, please remember that we already have step-by-step tutorials on how to set up CactusVPN on multiple routers.

1. Flash Your Router (Optional)

Note that you only need to follow this step if your router’s firmware doesn’t offer VPN support. If it does, you can go ahead and skip it.

Essentially, flashing means you will be replacing the firmware your router came with with a new, more improved one. Usually, if a router doesn’t run DD-WRT or Tomato firmware, most people decide to flash it.

Set Up a VPN on a Router

Of course, before you do that, you should make sure that your router is compatible with either DD-WRT or Tomato firmware. You can easily find that out by checking out DD-WRT’s list of supported devices, and Tomato’s list of supported routers.

If your device is not compatible, you will either have to get a supported router, or buy a flashed router directly. The latter option should only be considered if you don’t think you have the technical know-how to set up a VPN on a router, as flashed routers are quite expensive.

Now, onto the process itself. Here’s what you should do:

  1. Download the respective DD-WRT/Tomato installation files for your router.
  2. Next, do a hard reset. Normally, you can do that by holding the Reset button for 10 seconds.
  3. Once the router boots up, log into its admin page. Check the router manual to see what address you need to enter to access the page, and what factory-default credentials you need to enter to log in.
  4. In the administration panel (normally on the left), you should see an option titled “Upgrade/Upload Firmware,” or similar variations. Click on it.
  5. When asked to upload an installation file, select the DD-WRT/Tomato installation file you downloaded.
  6. During the installation, make sure you don’t do anything to the router, computer, or Internet connection.
  7. When you get a confirmation notification that the firmware was installed, wait approximately 5 minutes, and then hit “Continue.”
  8. Do one more hard reset of the router, and then access the admin page.

Those should be the general steps to take to flash a router. If you’d like a more in-depth look at the steps, feel free to check the DD-WRT installation guide and the Tomato installation guide.

2. Choose a VPN Service

You will need a VPN username and account password to fully set up a VPN on a router. If you don’t have a VPN yet, feel free to browse our deals, and see which one works best for you.

Alternatively, you can also try out our VPN for free for 24 hours.

3. Decide on a VPN Protocol

Depending on your type of router, you’ll have the option to choose from multiple VPN protocols. Generally, your options will include OpenVPN, PPTP, and L2TP. OpenVPN is the most secure, but it’s also the protocol that’s most likely to slow down your connection and download speeds because of its encryption.

PPTP and L2TP are usually faster, but also offer poor security. In fact, L2TP offers no encryption on its own (which is why it’s usually paired up with IPsec).

4. Choose Between TCP and UDP

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are transport layer protocols that are used to facilitate the exchange of data between one host and the other.

Usually, you’ll be able to connect to a VPN server choosing one of these protocols. What you should know about both of them is that TCP is generally used for standard online browsing, and that UDP is mostly used for streaming and online gaming.

5. Configure the VPN on the Router

Now that all that info is sorted, you can move on to setting up the VPN on your router network. We personally recommend using our existing tutorials for guidance, as we have a step-by-step guide for different routers.

In case you’d like an overview of how the configuration process works in general, here are the usual things you need to do:

  1. Update the router’s DNS and DHCP settings to ensure they match the settings provided by the VPN provider.
  2. Select a VPN server IP address.
  3. Choose a tunnel protocol (TCP or UDP)
  4. Choose a type of encryption.
  5. Type in your VPN username and password.

Out-of-the-Box VPN Routers

Some VPN and router providers have partnered up to offer users VPN-enabled routers that come directly configured and ready to be used.

They come with a major downside, though – the steep price range. Many VPN-enabled routers start at around $200, and go up to (and sometimes over) $500 – not to mention you also have to pay the VPN subscription fee.

How Can You Enable / Use / Disable a VPN on a Router?

A VPN is automatically enabled on your router once it is properly configured. You don’t have to enable it every time you want to connect to the web.

Enable/Use/Disable a VPN on a Router

Though, it is worth mentioning that most firmware should give you an Enable option for the VPN client.

Regarding how you can use a VPN on a router, you can basically:

  • Unblock geo-restricted content
  • Secure your online connections (to a certain extent)
  • Use VPN features on multiple devices

As for how to disable a VPN on a router, you mostly just have to stop the VPN client in the router’s firmware. DD-WRT, for example, normally has a Disable/Enable option next to the VPN function.

In case your router has dual router setup support, you can just connect to the non-VPN router instead.

How Can You Switch Between VPN Servers?

Generally, you have to manually switch server locations in the router’s firmware by typing in a new VPN server address.

On DD-WRT, for instance, you can do that by accessing your router’s settings, and editing the server and login settings.

It is worth noting that a TomatoUSB router lets you save 2 server options, so that you can switch between them at your leisure.

Are There Any Known Issues with Using a VPN on a Router?

Technical issues can vary in this case, and some might even be specific to a certain type of router or VPN brand.

Overall, these are some of the most common issues you might encounter:

  • Problems establishing a VPN tunnel – IP packet filtering being performed on a router can cause issues when a tunnel is trying to be established between the client and the server.
  • The Double NAT issue – If you have different routers for multiple devices, or an extra router connected to your ISP-issued router, it can cause connection issues if Bridge Mode isn’t enabled.
  • The No VPN Passthrough issue – If the router doesn’t support VPN Passthrough, or the feature isn’t turned on, it can cause VPN server and VPN client connection issues.
  • DNS leaks – Luckily, this can generally be prevented by turning off IPv6 in the router’s firmware settings.

Which Router Works Best with a VPN?

The most VPN-friendly router firmware out there includes Tomato and DD-WRT. So, a router that’s compatible with Tomato and DD-WRT would be suitable. DD-WRT is a Linux-based firmware that can enhance the functionalities of wireless routers, and Tomato is an open-source firmware that can support up to 2 VPN servers and 2 VPN clients.

Here’s a list of DD-WRT supported routers, and a list of Tomato supported routers. In case your router isn’t supported, and you’d like to get one that is, here are some specifications to keep in mind to make choosing a router easier:

  • If you want to use the OpenVPN protocol, we recommend choosing a router that has a CPU with fewer cores. Why? Because OpenVPN is single-threaded, meaning it can’t be split up across multiple CPU cores. So, a dual-core CPU would be likely to perform better than a quad-core CPU if you’re using OpenVPN.
  • If you’re planning on using VPN encryption, you might be interested in a router with a CPU that supports AES-NI. That’s basically an instruction that offers support for accelerating VPN encryption speeds.
  • If you’re interested in streaming and torrenting, and want to enjoy high bandwidth without any issues, you should look into a router with a CPU of at least 800 Mhz. Though, the higher the Mhz, the better the quality.

What Are DD-WRT-Enabled Routers?

DD-WRT-enabled routers are routers that come pre-configured with the DD-WRT firmware. So, you don’t need to flash the router to install DD-WRT on them. They are a bit pricey, though, as most prices start at over $200. Buffalo DD-WRT-enabled routers are more cost-efficient (starting at $50), but they are not as performant.

Which Router Works Best with a VPN

Tomato-enabled routers are the same thing, except they are flashed with the Tomato firmware.

What Are VPN-Enabled Routers?

VPN-enabled routers are pre-configured routers that can natively support OpenVPN out of the box. ASUS seems to offer the largest selection of VPN-enabled routers, with its firmware supporting OpenVPN, PPTP, and L2TP.

Bottom Line – Is It Worth It?

Well, it depends on your needs. For instance, if you own a lot of mobile and smart devices, and really want to watch geo-blocked content on all of them, setting up a VPN on a router would be a good idea.

You should also consider doing this if you want to enjoy more online privacy across multiple devices, and if having to replace your router (in case it doesn’t offer VPN support) with a compatible one is not a problem.

However, if you only use a computer and a mobile device, having a VPN router might not really be worth the hassle. The same goes for those of you who might have to replace your router, but are on a tight budget.

Also, if connection and download speeds really matter to you, it might not be a good idea to bother with this if your router doesn’t have a CPU with at least 800 Mhz (or more, preferably), or if you can’t afford to upgrade to a more performant router.

Want to surf anonymously online?

Protect online privacy, secure your connection and access blocked websites

Try CactusVPN For Free
Posted on
By
Tim has been writing content and copy for a living for over 4 years, and has been covering VPN, Internet privacy, and cybersecurity topics for more than 2 years. He enjoys staying up-to-date with the latest in Internet privacy news, and helping people find new ways to secure their online rights.