Here’s why you need to have a VPN on your router

A VPN remains the primary point of defense for your privacy when you’re online. Without a VPN, all your data is literally an open book that anyone who intercepts your internet traffic can read. This potentially includes the criminal at your local Wi-Fi-toting coffee shop, your ISP, and government agencies conducting mass surveillance campaigns online.

It’s no wonder that privacy-conscious surfers have increasingly turned to using VPN services for their protection.

The simplest way to get a VPN up and running is by installing the native client on your computer. All VPNs offer a software client of some description, at the very least for Windows, and often for Mac and Linux platforms, and indeed mobile devices (commonly Android and iOS) too. A few VPN providers even support more obscure platforms like BlackBerry, or devices like the Boxee box.

However, no VPN service, no matter how well intentioned, can seriously support all of the niche platforms out there to provide privacy for each and every device you might own.

And even if a VPN service wanted to try and cover every available device somehow, there are still plenty of gadgets in existence that simply can’t have a VPN client installed, like a smart thermostat or connected fridge, or a wireless camera.

As the number of connected devices has continued to grow swiftly, at a certain point it simply makes more sense to provide VPN privacy to the network as a whole, rather than each device individually. After all, each of these devices is a tiny computer in and of itself, and there are increasing reports of attempts to hack and exploit them.

Network-wide protection

The deployment of a VPN network-wide can be likened to the firewall on a network. As you’re most likely aware, the firewall guards the entire network, policing incoming traffic and blocking anything malicious (and watching outbound traffic, too). While each Windows computer has a built-in software firewall, in most networks this is considered a secondary measure, and the primary firewall is a hardware firewall that is located on the router.

So, just like the router has a firewall to protect the entire network from malware or hacking, the router can be configured so that all traffic running to or from the network can be protected by the VPN.

With a VPN installed on the router, all of the devices connected to the router, whether via a wired or wireless connection, will benefit from the VPN with its encrypted tunnel to maintain the privacy and security of your data (and other benefits besides).

An additional advantage is that a VPN installed on a router is active at all times, and you don’t need to individually start each software client across your different devices every time you require VPN protection.

Anti-poaching

Another advantage of having the VPN on the router is another layer of protection against Wi-Fi poaching, which is when an uninvited guest decides to connect to and use your wireless network.

Now there are certainly best practices to avoid this situation, including having a complex, lengthy and robust password that uses upper and lowercase letters, numbers and symbols for both the primary wireless signal, and the Guest network too, as well as disabling PIN, and finally, running a current model router with the most recent firmware update.

However, even if you implement all those measures, in the worst-case scenario of an individual still managing to get onto your network and use it for nefarious purposes – at least with the VPN operational on the attacker’s device, you’ve got a certain level of anonymity, so whatever the interloper may have done (possibly something illegal), it doesn’t lead directly back to your IP address.

Potential downsides

So we can clearly see there are definite positive points for having a VPN network-wide, but in the interests of balance, let’s look at any possible drawbacks before plunging in feet-first and installing a VPN on your router.

Bypassing geo-restrictions and blocking is something a VPN can allow you to do, and that’s certainly a useful feature at times, but on the other hand, you may find yourself blocked from certain online resources if they detect you’re using a VPN (and with the VPN on the router, you’ll be using the service across all your devices, of course).

It’s also worth bearing in mind that a VPN adds a certain amount of overhead due to the encryption/decryption process, and an additional server hop – perhaps to a faraway server in some cases – and this can slow your internet connection down, perhaps significantly at times. And again, with a VPN on the router, that slowdown will affect all your devices.

Installing a VPN on your router

For many folks, though, the pros will outweighs the cons, and that being the case, the next step is to install a VPN onto the router, with most of the better routers these days supporting this feature.

Some users turn to open source firmware for their router, such as DD-WRT, OpenWRT or Tomato, which offer advanced functionality and are well-suited to using a VPN. Among routers with stock factory firmware, in our experience, Asus routers, with their AsusWRT interface, are stable and lend themselves to implementing a VPN at the network level; indeed, we used AsusWRT for our guide on installing a VPN on your router.

Be sure to find out the encryption protocols that your VPN service supports, then choose one and obtain the relevant setup details from your provider. The encryption protocols used for VPN on a router include PPTP, L2TP and OpenVPN, with the latter offering the best level of security, so it is frequently preferred by users. Head here for an in-depth look at VPN protocols.

Jonas P. DeMuro

Jonas P. DeMuro is a freelance reviewer covering wireless networking hardware.