Setting up a VPN (at router level)

/\ndy

/\ndy

/\ndy

Associate
Joined
6 Jan 2006
Posts
803
Location
Ayy
Anyone done this on their home router? Strongly considering it. Can anyone recommend a good (paid) VPN service that would be suitable for this mode of configuration? Looking into upgrading my VSDL router to something like a Netgear D7800.
 
Rent a VPS with high traffic allowance. I have a 4tb monthly limit for around £30 a year in the Netherlands. This runs far more reliably (ie 100%) than using a paid for VPN service (of which I also have).

Trouble is everywhere thinks I'm in Holland when I use it, so it depends on your reasons for doing it, do you want one out of the country for privacy, from whom? government or ISP? etc. Personally I don't have it on all the time anymore and just use it when I'm doing something I wish to remain private.

Use mac assigned static ips and subnets on your network to avoid having your TV and stuff going out over it as that's pretty pointless.
 
I went with a Netgate SG-2200 which runs pfSense. I have a subscription to Private Internet Access VPN which has been flawless and runs at "router level". OpenVPN only tickles what is capable with pfSense however and I won't be going back to an average consumer device.

You need to ensure that the hardware in any router you purchase can cope with running the VPN at max throughput as the encryption overhead is pretty heavy on the chipset and give pretty poor speeds.
 
I have used Windscribe and PIA recently. Windscribe hasn't been great, while PIA has been pretty solid and stays up for weeks at a time but I can't comment on speed because I only have a lousy internet connection to start with so it copes just fine. Look around here an don the internet and you'll see good and bad reviews of all the commercial providers. ExpressVPN, Nord, Mullvad and some others all get generally positive reviews on balance, but I do have some advice to consider not just in selecting a provider:
  • Why do you want the VPN? If it's just to stop your ISP snooping a little and not getting nasty letters about downloads then that's one thing. If you need to be really protected and security is paramount then do your research properly in terms of the VPN provider's log retention policy, where they are based, how you can pay (crypto currency preferred for anonymity) etc.
  • If you have in anyway a decent internet speed then do not expect a consumer level router to max out your connection when connected to a VPN. It doesn't have the processing power. You'll need something like a Mikrotik, self-built pfSense box or similar for maximum throughput
  • Think of the limitations of putting everything behind a VPN. VPN providers tend to use commodity hosting providers whose IP ranges are known. Services like Netflix ban access from many of those IP ranges (AWS being an example). Having all your traffic routed through a country other than the UK will stop iplayer working on your Smart TV as another example. To get around these issues you can have policy based routing on your router so you have VPN protection on selected traffic/devices. I'm not sure how many consumer routers allow granular policy based routing so again something to think about.
  • Most VPN providers have a kill switch on their apps for individual devices. Think about how you'll implement the same functionality at router level. Nothing worse than thinking you're all protected when in fact the VPN has dropped and you don't know.
 
Steve_bullockuk said:
OpenVPN only tickles what is capable with pfSense however and I won't be going back to an average consumer device.
Click to expand...

I've got to agree with you. I haven't looked back since moving away from all in one consumer devices, with pfSense in the mix and Ubiquiti for Wifi
 
You must log in or register to reply here.
Back
Top Bottom