Hi - Very interested in the subs opinions on this. I’ve been using Mullvad VPN on my desktop and laptop for a couple years now. I like the ease of use when I need to disable it for reaching some regional sites. Often I’ll leave it off for quicker downloads and browsing.
I recently bought an ASUS router which allows you to setup a VPN server or client. I’d use OpenVPN if I wish to utilize this. I am concerned about the ease with which I could disable it though, as I’d have to login to my router to do this.
First question: Is there a benefit to running the VPN on the router side versus the client? I know it would protect all my devices without having to have a client installed on each, but often I don’t want or need to be utilizing the VPN.
Second question: what are the benefits to configuring the router to run as a VPN server versus client?
I look forward to the expertise of the group!
When your router is a VPN server, you can connect to your home network while you are away from home.
When your router is a VPN client, all traffic on your home network goes over the VPN. So all your traffic would go through Mullvad in this scenario.
It would be more difficult to disable, as you’d have to do so from within the router.
If you only sometimes use a VPN you’re better off stick to what you have now.
If you mostly use a VPN when you are away from home, you might consider setting up the router as a VPN server; to protect your browsing activities and give you the added bonus of being able to access files at home, while you’re away.
Alternatively you can put OpenWRT on the router and create two WiFi SSIDs. One uses the VPN the other doesn’t. That way it’s as easy as switching WiFi networks and stuff like TVs that don’t need the VPN can be on the clean WiFi. You can also pick which Ethernet ports go to the VPN or not.
I often do this for public WiFi, put all their stuff over an anonymizing VPN.
I run my home network through a VPN due to privacy laws over here (mostly as a F-U to Amber Rudd). I’ve tried 3 different approaches:
-
client on each device. Downside is that my connection is not brilliantly stable and each device winds up disconnecting regularly. In addition, mobile devices like Android don’t seem to like running an always-on VPN as the CPU doesn’t seem to sleep, so it runs through its battery way too fast.
-
VPN gateway. I have a VM on my NAS that handles the VPN, then acts as the gateway for all my devices. It then NATs the traffic and forwards it all to the actual router. It worked fairly well, but had an annoying habit of not reconnecting and silently sending all my traffic straight through without the VPN. It gave me a lot of control, but in a fairly explicit way (writing iptables rules is NOT fun). It also made it harder to reboot the NAS.
-
VPN client on the router. My EdgeRouter supports running as a VPN client so I’ve moved the task there. It’s much more explicit about not letting traffic through when the VPN is down (I.e. Traffic doesn’t flow at all until it reconnects). I also get a nicer GUI for defining static routes - Netflix traffic, for example, skips the VPN automatically on any device. The router has enough horsepower to run my pathetic internet connection at full speed even with the VPN overhead. And I can reboot the NAS as needed, and reclaim the RAM for other VMs.
2 and 3 give you a reasonable amount of flexibility. I keep the VPN on permanently and set static routes to bypass the VPN for things that restrict me. It may slow down depending on how fast your internet connection is and how fast your router’s CPU can go, but there are benefits.
I also wanted to define a VPN connection to my office so I could monitor the company network (I was the sysadmin) from home, but nothing ever came of that.
Appreciate your informative response. Thanks for taking the time!
Thanks for this! It’s what I suspected, but terrific to have confirmation. Cheers!