What equipment do I need for a VPN?

Should I trust this VPN provider? More often than not, you can't and shouldn't.

We've already discussed the use of a VPN when connecting offices. Any time you have two LANs that need to link over the public internet, you should consider using VPN technology or an equivalent method of enterprise protection. In this case, the VPN software will probably run in a router, a server, or a dedicated VPN server hardware appliance.

We talked about two use cases above for consumer VPN services: Protecting your data and spoofing your location. We'll talk more about location spoofing later, so let's focus on data protection for now.

When you're away from home or the office, and you connect to the internet, you'll most often be doing so via Wi-Fi provided by your hotel or the restaurant, library, or coffee shop you're working out of at that moment. Sometimes, Wi-Fi has a password. Other times, it will be completely open. In either case, you have no idea who else is accessing that network. Therefore, you have no idea who might be snooping on your internet traffic, browsing history or online activity.

I recommend always using a VPN when using someone else's Wi-Fi network. Here's a good rule of thumb: If you're away from the office or home, and you're using someone else's Wi-Fi (even that of a family member or a friend, because you never know if they've been compromised), use a VPN. It's particularly important if you're accessing a service that has personally-identifying information. Remember, a lot goes on behind the scenes, and you never really know if one or more of your apps are authenticating in the background and putting your information at risk.

Another reason you might choose to use a VPN is if you have something to hide. This isn't just about folks doing things they shouldn't do. Sometimes people really need to hide information. Take, for example, the person who is worried an employer might discriminate against him or her because of their sexual orientation or medical condition. Another example is a person who needs to go online but is concerned about revealing location information to a person in their life who might be a threat.

And then, of course, there are those people in restrictive countries who need to hide their activity merely to gain access to the internet without potentially grave penalties.

Take a look at the diagrams below.

In the first – VPN on a device – we can see a laptop connecting to the internet through a VPN connection. This is the way most consumer VPNs are set up. This system works just fine.

Below we can see how things are set up with a VPN router. Many devices can connect through the same VPN service, which is now handled by the router itself.

Depending on the router operating system (firmware) used, it can be possible to simultaneously connect certain devices to the VPN while having others connect directly to the internet as normal without a VPN.

There are several advantages of running a VPN on your router rather than on each device. One of the main things I like is the level of control and customization over your entire home network when you’re using the higher-end firmware of a VPN router.

With a VPN router, you can connect all your WiFi and wired devices to the internet through the VPN, even devices that don’t support a VPN. This means that the VPN encrypts ALL your internet traffic, and the apparent location of your entire network will be that of the VPN server.

What’s more, your ISP will see encrypted packets and won’t be able to determine whether you’re torrenting on your laptop, unblocking Netflix on your phone, or gaming online through a console.

This ” set it and forget it ” method is very good for protecting your home network. Still, I would suggest periodically testing the VPN connection using a tool such as DNSLeakTest, rather than forgetting, as VPN connections can go down.

VPN routers provide increased security

It’s clear that encrypting all your internet activity by default will increase the overall security of your network.

While most websites and services encrypt data between the computer and their servers, not all do, and it’s still possible to discover which services you use, even if the attacker can’t see what you’re sending and receiving.

This is an often-overlooked vulnerability.

Most people will never consider that the services they use could be the first piece of information that an attacker looks for.

This could be the beginning of a spear phishing attack, Where a hacker uses social engineering to specifically target an individual.

In this case, they would start by learning which online services you use so they can create a fraudulent form of contact from that service to steal confidential information.

Of course, this particular method is impossible if you’re using a VPN.

Do remember, though, that simply using a VPN is not a failsafe way to become anonymous online, and anyone who tells you it is, is either lying or has believed a lie someone else has told them. Either way, it’s not true.

There are indeed some disadvantages of VPN routers. The one that will probably put off the most people is the hardware cost.

The basic router you get from your ISP is unlikely to be VPN compatible, nor will you be able to flash it with firmware.

The type of router compatible with a VPN is generally much more expensive, with the most basic models starting at around $50, but can run way higher than that if you want something with a bit more grunt.

If you have a lot of devices connecting to your WiFi at once, your router will need more processing power to keep up with the constant encryption and decryption for the VPN.

This shouldn’t be an issue for most home applications, and a consumer-grade VPN-compatible router should be fine.

Something else worth bearing in mind is that, when running a VPN on your phone or computer, you get the full feature set of the VPN app, which usually supports several VPN protocols and encryption suites, and allows you to alter the configuration quickly.

On the other hand, a VPN on a router requires manual configuration and often only supports OpenVPN (which is the best anyway, at least). Changing the server location on a VPN router is also more laborious.

So how exactly is a VPN router different from a regular router?

A VPN router is just like any other router, but with the capability of running a VPN connection. A special operating system, known as firmware, is required to do this.

All of the following router firmware options mentioned below offer advanced customization and give users many options in addition to running a VPN through the router.

QoS (Quality of service) is a popular feature, available on most custom firmware. QoS allows the network administrator to allocate bandwidth based on internet traffic.

You can, for example, make sure your PS4 connection always has preference over someone browsing the internet, that a specific machine gets more bandwidth than mobile connections, or that P2P downloads are restricted to avoid slowing down the network.

Some routers, such as Netgear, some D-Link and Linksys models, and most enterprise/ business routers come with VPN-compatible firmware straight out of the box.

Still, that firmware is not usually the most powerful in terms of its other features, so many people prefer to install custom firmware such as Tomato, Sabai OS, or DD-WRT.

DD-WRT

DD-WRT is probably the most widely used custom router firmware and handles VPN connections very well.

It’s a free, open-source firmware that has a huge online community of helpful DD-WRT users so you can find instructions on how to set up pretty much anything it’s capable of. You do have to do quite a bit of configuration yourself, though.

DD-WRT can be installed at home on a wide variety of routers.

Flashing a router is pretty simple, but if you do it wrong, you’ll probably end up with an expensive paperweight, so if you’re unsure, then it’s best to buy a pre-configured one from Amazon.

Tomato

Tomato is another free, open-source firmware that can be installed on various routers.

It can handle a lot of very complex processes and has massive customization options but requires a greater level of user knowledge as each feature has to be programmed in.

Tomato can’t be considered a consumer-grade option due to the potential difficulty of set up for non-programmers. It is, however, extremely powerful.

For more information, as well as download links, visit the official Tomato firmware website.

Sabai OS

Sabai Technology is a small business with a big name. They care about their work and offer some of the best customer support in the industry. I worked for them for almost two years and can say they’re 100% legit.

Now onto their VPN router firmware – it’s by far the most user-friendly on this list and is easy to set up and use but is not free. Sabai OS (the name of their firmware) is based on Tomato but is preconfigured to get your router working quickly and easily, so you don’t need the expert knowledge to make a regular Tomato build work properly.

Sabai OS has a great Gateways feature that makes it easy to configure which connected devices run through the VPN and the regular internet.

They also sell pre-configured VPN routers that are ready to go straight out of the box. That means there’s no need to risk breaking a router while trying to flash it yourself.

pfsense

pfsense is a different beast altogether. You can install this OS on an old pc and use that as a highly secure VPN router with loads of extra features such as built-in anti-virus (at the router level, so malware can’t even get onto your device).

Of course, using an old PC would cost a lot of electricity, so I’d suggest getting a purpose-built box or building one yourself.

There’s a large pfsense community scattered across many forums, with many people who build their own routers and give advice. Get started with pfsense here.

Related guide: How to Block Ads On All Your Devices With pfSense, Squid & SquidGuard
Related guide: How to Set Up IP Filtering and DNS Blackholing on pfSense Using pfBlockerNG

How to build a pfsense router from an old PC

When using one of the router firmware builds described above, setting up a VPN is fairly straightforward.

You’ll need your VPN login credentials from your VPN provider. You do still need a subscription to a VPN service.

For a couple of great options for VPNs that work with routers, check out our ExpressVPN or ProtonVPN review.

Many VPN services provide detailed instructions on how to set up their VPN on a router. This usually consists of a list of steps to set up the VPN connection and DNS, install the encryption certificates, and select a server.

Again, this is more time-consuming than simply using the VPN app on your laptop, but it does protect your entire network rather than a single device.

It’s also pretty fun to set up if your into that kind of thing.