VPNs provide you with a lot of great benefits. You might use one to get around region restrictions on their streaming service. Or protect your privacy if you feel like your ISP or your government might be snooping. You could be taking advantage of VPNs to bypass censorship in your home country.
But you might be one of the many people who face a problem: you forget to log into your VPN. Or just don’t want to. Or you can’t log into your VPN with all of your devices, like your gaming console or your smart TV. Most of the time, people log into their VPNs through a web interface or by downloading an app from their provider.
This is an easy way to access a VPN, but there’s another way: setting up the VPN directly on your router. It’s more convenient, more secure, and protects more devices than using a browser-based or downloadable VPN.
When you first start looking into it, setting up a VPN on your router can be a bit intimidating. But we’ll walk you through the whole process here. We’ll start with how router VPNs work, so you get an idea of what we’re talking about. We’ll go over why you should install one. And finally, we’ll walk you through the process of setting up a VPN on your router.
There’s a lot to cover, so let’s get started!
Why You Should Add a VPN to Your Router
Logging into a VPN through your browser or an app is simple and it works well, so why should you install a VPN on your router? There are a few distinct advantages that this approach provides:
1. It’s always up and running
When your router connects directly to a VPN, you never have to worry about signing into the service. When you’re just trying to get online for a few minutes, entering your username and password and waiting for the service to load up can be a pain.
Having a VPN connection on your router means you’re always connected. And that’s crucial when you’re using one to protect your privacy. No more forgetting to log in.
2. You only have to sign in once
If you have several devices connected to your VPN, you have to set it up manually on each device. If you changes phones often, or let friends use your wi-fi and want to protect their privacy, this can be a hassle.
When the VPN is installed on your router, you only have to sign in once. After the VPN is successfully setup on your router, it’ll protect everything on your network without having to sign in on any of those devices.
3. It protects all of your devices
With a standard VPN, you have to log each of your devices into your VPN provider separately. That can be difficult when you’re connecting TVs, game consoles, or other devices that don’t let you download and run any apps you want.
If you have guests over, they’ll automatically be connected to the VPN if they connect to your router. Which is a nice bonus if you want to protect your friends’ and family members’ privacy as well.
All of the devices on your network, no matter what they are, will automatically be routed through your VPN. This approach is more convenient than using an app-based VPN (especially if it doesn’t support every device in your house).
Unfortunately, these benefits come with a cost: running all of your traffic through a VPN could slow down your connection. How much depends on your VPN provider, connection speed, and other factors. But it’s worth noting that your internet access won’t be quite as snappy as it was before.
It’s also possible that you might have trouble accessing local geo-restricted content. If you’re trying to get to something that’s only accessible by people in your country, and your traffic is routed through another one, you’ll be blocked. It’s easy to deal with, but it can be annoying.
Even with those tradeoffs, installing a VPN on your router is still a good idea. Let’s take a look at how to do that.
Making Sure You Have the Right Router
Unfortunately, not every router can have a VPN set up on it. In fact, there are only a few routers that you can buy from manufacturers that are ready for VPNs right out of the box. And they tend to be pretty expensive.
But you have a few options here. One of them involved a bit of tinkering with your router, but we’ll show you how to do that.
Here are your options:
1. Buy an out-of-the-box VPN-compatible router
Some router manufacturers are now selling routers that support VPNs right out of the box. This is extremely convenient, as you can just buy a stock router and set up your VPN. It’s definitely the easiest option.
VPN-capable wireless routers tend to cost a bit more than regular routers. For example, the TP-Link SafeStream N300 is a good entry-level wireless router that costs $85. That doesn’t seem too bad, until you realize that you can get a faster AC router for around $50.
However, the extra money that you pay for a VPN router will pay off in ease of use. If your router doesn’t currently support adding a VPN, you may find that it’s a pain to flash your own firmware and install one yourself.
Most VPN-compatible routers allow you to connect a wide range of different VPNs. Most VPNs use the OpenVPN protocol, and almost every VPN router you can find will support this protocol, meaning you can use your router with any VPN provider you want.
2. Flash new router firmware
A router’s firmware is, essentially, the program that runs the router. You probably don’t think very much about your router’s firmware. And that’s by design; it comes fully installed and almost completely set up. You rarely need to mess with it.
But one thing that many people don’t realize is that you can replace that firmware to add new capabilities to your router. This is called “flashing,” and there are two pieces of firmware that are commonly flashed on routers.
The first is DD-WRT, an open-source firmware that strives to give users the maximum amount of functionality without being overly complex. DD-WRT lets users adjust the strength of their wifi signal, manage quality-of-service settings to prioritize specific types of traffic, access your home network from afar, and more.
But, most importantly for this discussion, it also lets you install a VPN. We’ll go over exactly how to do that in a bit.
The second option is called Tomato, and it provides similar functionality. There are a few differences; for example, Tomato isn’t available on as many routers. But it offers better bandwidth monitoring, multi-VPN switching, and a few other things. To see a more detailed breakdown of the differences, check out FlashRouters’ comparison of the two.
Of course, Tomato also lets you install a VPN.
So which should you choose? The choice may already be made for you if you’re flashing your own router, as both firmwares are available for different routers. Check out the supported devices for DD-WRT as well as Tomato-compatible routers to find your router. Beyond that, it could come down to very subtle differences.
Fortunately, both are totally free.
If you’re new to the router firmware scene, just pick one and go with it. Both will give you better router performance and the ability to install a VPN.
How to flash new firmware to your router
Ready to flash firmware to your router? Here are the basics of how to do it.
First, confirm that your router is compatible with the firmware you want to install. Check the previously linked pages to make sure that Tomato or DD-WRT will work on your router.
If your router is compatible, download either the DD-WRT installation files or those for Tomato.
Next, do a hard reset of your router.
When it’s booted back up, log into your router’s administration page. You’ll need to check your router’s manual to find out how to access it. (As an example, my own router requires me to go to http://192.168.10.1.) Enter your admin username and password to log into the administration panel.
Most routers make it easy to upgrade the firmware, and will show you an “Upgrade Firmware” or similar option in the administration panel. (Trendnet routers have this option in the Advanced section.)
The administration panel will then ask you to choose a file. Choose the file that you downloaded from DD-WRT or Tomato, then confirm that you want to install it.
It’ll take a few minutes to install; don’t do anything to your router, computer, or internet connection while it’s installing. This could have disastrous effects for your router. You’ll eventually see a confirmation message that the installation was successful.
Wait about five minutes before hitting “Continue.”
After that, do another hard reset of your router. Then head back to the IP address of your administration panel, and you’ll have successfully flashed DD-WRT!
3. Buy a pre-flashed router
Does installing your own firmware sound difficult? It’s not too bad, but you have to be confident enough to mess with your router. If you’d rather not do this, you can still get DD-WRT or Tomato—you’ll just have to buy a router that comes with one or the other pre-installed.
One of the advantages of going this route is that you can buy just about any router you want and still install a VPN.
FlashRouters is the go-to destination for pre-flashed routers. You can buy a wide variety of routers from Linksys, ASUS, and Netgear, and they come flashed with DD-WRT or Tomato.
You can even get routers that have VPNs pre-installed on them, so you all you have to do is sign into your provider account when they arrive. It really doesn’t get much easier than that.
That being said, pre-flashed routers can be expensive. For example, you can grab the Linksys WRT3200AC router on Amazon for $180. If you want it pre-flashed and prepped for IPVanish VPN, you’re looking at $300 or more.
That’s a huge bump in price. But, then again, it’s completely ready for you to use. And depending on how comfortable you are with tinkering with your router, it could be worth the expense.
Choosing a VPN for Your Router
Now that you have a router ready to connect you to a VPN, you need to choose the VPN provider that you’re going to use. If you’re already paying for a premium VPN, great! If not, it’s time to do some research.
Once you’ve found one that you look, double-check to make sure that it can be installed on a router. Most VPNs can be installed on a DD-WRT or Tomato router with no problem, but there are some that don’t offer this capability. (Hotspot Shield, for example, makes it difficult—if not impossible—to install its VPN on your router.)
You may want to prioritize speed when you’re choosing a VPN for your router, as it will have to deal with a lot of traffic. You’ll be streaming, gaming, downloading, browsing, and uploading over the VPN now, and any slow-down will be noticeable.
It’s also a bonus if the VPN you’ve chosen has an online guide to setting up the VPN with your router firmware. You might be able to figure out how to do it without a guide (or find the information posted elsewhere), but it’s much easier when you have the best practice straight from the provider.
Beyond these factors, the decision-making process will be the same as any other time you choose a VPN provider. Look for providers that respect your privacy by not keeping logs. Check out speed reports. See where their servers are located. If you want to skip doing all that research, just check out our guide to the best VPNs in 2017, and choose from there.
Understanding VPN Protocols: PPTP vs. L2TP/IPSec vs. OpenVPN
When you’re setting up your VPN router, you might have the choice of a few different VPN protocols. If you aren’t experienced with VPNs, you might not have any idea what the differences are, but choosing the right option will give you better security and speed.
Point-to-Point Tunneling Protocol (PPTP)
PPTP is integrated directly into Windows, making it a popular choice among people who are setting up VPNs. You don’t need a third-party application to get it running, which is nice.
But PPTP is very insecure.
At least compared to the other technologies you could be using. It’ll still disguise your traffic from people who aren’t looking too hard. But the NSA has almost certainly cracked PPTP, which means the US government could monitor your traffic. And that others probably aren’t too far behind.
PPTP does have the advantage of being fast, but it’s not worth trading your privacy for.
Layer 2 Tunneling Protocol / Internet Protocol Security (L2TP/IPsec)
L2TP is a VPN technology that doesn’t actually use any encryption. That’s why it’s usually paired with IPsec, which provides encryption services over the connection.
The biggest advantage of this particular protocol is that it’s fast. Possibly the fastest VPN protocol out there. And it’s often built into modern operating systems, so it’s easy to set up.
But it might not be super secure. It’s tough to say. There’s some evidence that the NSA may have weakened or cracked the IPsec protocol, making this another suspect protocol. The encryption is burlier than that used in PPTP, but it still might not protect you from all prying eyes.
For this reason, it’s probably not a good idea to use L2TP/IPsec if you’re using your VPN to avoid government surveillance. If you want to use it for regionless browsing, that should be fine. But if your safety is in question, stick with OpenVPN.
The final protocol that you’re likely to come across is OpenVPN, an open-source protocol that uses modern technologies like OpenSSL. It can also run on any port, which means your traffic can be disguised as regular HTTPS traffic, adding an extra layer of security.
Improved authentication, plug-ins, 256-bit encryption, and other security features make OpenVPN the most secure choice for your VPN. Most modern VPNs are capable of using this protocol, and both DD-WRT and Tomato support it.
The drawback to the strength of encryption in OpenVPN is that it can be a bit slower than L2TP. In most cases, you probably won’t notice the difference. But it could add up with torrenting or other big downloads.
In general, though, OpenVPN is by far and away the best choice for your VPN.
TCP vs. UDP
Many VPNs allow you to connect to their servers using two different communication protocols. And while might not make as much of a difference to your security, it’s still good to know which one to choose.
Transmission Control Protocol (TCP) is a “stateful protocol,” which means, in simple terms, that the receiving computer confirms its receipt of the data packet being sent. If the sending computer doesn’t receive a confirmation, it sends the packet again.
This ensures that your data is transmitted reliably, and that packets don’t get dropped.
User Datagram Protocol (UDP) is a “stateless protocol,” so it doesn’t wait for confirmation of receipt from the other computer. This makes communication faster, but also opens it up to the potential of communication errors.
In general, we recommend using UDP unless you have communication errors, in which case you should switch to TCP. Many VPNs do this by default, but if you’re given a choice, it’s a good strategy to stick with.
How to Configure a VPN on Your Router
The method you use to add a VPN to your router depends on whether you’re using a router that is compatible with VPNs out of the box or if you’re using flashed firmware.
A purpose-built VPN router will have its own VPN-ready firmware, and you’ll need to access it to add your VPN. In most cases, it’s best for run a search for “[your VPN] install [your router brand].” That might look like “NordVPN install D-Link.” If you’re using third-party firmware, search for “[your VPN] install [yourfirmware]” instead, like “IPVanish install Tomato.”
If your VPN has posted instructions for working with that particular type of router, you’ll find them and you can simply follow the instructions. This will be much easier than digging through piles of documentation to get it figured out yourself.
In general, you’ll need to follow a sequence of steps that go something like this:
- Update the DNS and DHCP settings to match those provided by your VPN provider
- Disable IPv6 (this helps prevent DNS leaks that might compromise your security)
- Choose a server IP address from your VPN provider
- Select a tunnel protocol (TCP or UDP)
- Choose an encryption method (we recommend AES)
- Enter your VPN username and password
After that, your router will connect you to the internet through your chosen VPN!
There are all sorts of other settings that you might want to tweak if you’re familiar with them, but these are the basics, and the ones you’ll need to fill in before you can get connected.
As I mentioned, the exact settings you’ll need to use depend greatly on the VPN and firmware you’re using. Here are a few links to popular VPNs and the instructions for installing them on your router (I’ve only included instructions for DD-WRT and Tomato; if you’re using a router with built-in VPN capability, consult the owner’s manual):
- ExpressVPN: DD-WRT / Tomato
- Private Internet Access: DD-WRT / Tomato
- NordVPN: DD-WRT / Tomato
- VyprVPN: DD-WRT / Tomato
- Hide My Ass!: DD-WRT / Tomato
- IPVanish: DD-WRT / Tomato
If you have another VPN provider, you should be able to find information on how to set it up with your firmware without too much trouble. And remember to use OpenVPN if it’s offered as a protocol. There might be situations in which you want to use another protocol, but in general, it’s the best choice.
Upgrade Your VPN Game
If you’re serious about your privacy and security, or you just have a tendency to forget to log into your VPN, installing a VPN on your router is a no-brainer. It takes some work, but if you know what you’re getting into, it’s really not that hard.
The benefits you’ll get from a router VPN definitely outweigh the difficulty of getting one set up. And if you really don’t want to take the time to do it yourself, you can buy a router that’s ready to go.
No matter why you’re using a VPN, installing it on your router will make your life easier and more secure. Now that you know how to do it, you can start the process yourself!