Configuring your router to run a VPN lets it protect all the devices on your network, but senior security analyst Max Eddy explains why it might not be practical for the average user.
By Max Eddy
Does your VPN not provide enough devices in your subscription? Want to use a VPN with a smart TV? Want to prevent an ISP from monitoring what kind of IoT devices you have in your house? The common solution to all of these problems is to configure your router to use a VPN. While it makes sense in theory, I’ve always felt it is more trouble than it’s worth.
Now, in fairness, I’ve never actually tried to manage a router that’s hooked up to a VPN. I have, however, consulted some experts who’ve done so. While it does solve some problems, it has always been an outlier use case and I’ve focused on more mainstream topics.
Why Should I Use a VPN on My Router?
The major benefit of configuring your router to use a VPN is that all the devices on your network-from a smart fridge to phones-are protected behind the VPN. That’s useful, since there are plenty of smart devices in our homes that can’t run software on their own, can’t be configured to use a VPN, or don’t even have screens. By routing all these devices through the VPN from the router, an ISP or any other entity on the web won’t be able to see the traffic these devices generate.
The VPN-via-router trick also helps you get around device restrictions from VPN companies. Most VPN companies allow you to connect up to five devices to a VPN at the same time, and some will sell you more slots for more devices. When your router is using a VPN, however, everything on the network counts as only one device.
Many VPN services provide instructions on configuring your router to use a VPN. This isn’t as simple as just installing an app on a desktop computer. That’s probably why some VPN companies sell routers that are configured to use their VPN out of the box.
A quick glance at the (very thorough and quite helpful) instructions from ExpressVPN gives a sense of the challenge you’d face doing it yourself. This is a lot to ask of even a generally knowledgeable individual, and far more than someone new to using security tools. It’s the kind of challenge that could easily turn a person off from using a VPN at all.
While I haven’t used a router with a VPN, my colleague Chris Stobing is an expert on routers, VPNs, and routers using VPNs. He tells me that once the router is configured, it’s accessed through the same dashboard similar to the one you use to manage your other router settings. That alone is a red flag that a VPN on your router isn’t practical. I would hazard a guess that most people looked at their router’s dashboard exactly once when they set it up and then never again.
Not Every Service Works With VPNs
One problem with putting your whole network through a VPN is that some services won’t work when you try to connect via VPN. I frequently receive emails about how a bank, Microsoft Office 365, Netflix, and a plethora of other sites and services did not work with a given VPN. There are two reasons, I think, why this happens.
The first is that services like Netflix have different streaming agreements depending on which country you’re in. If you use a VPN to hop into another country, you could potentially access more (or at least different) streaming content. In order to enforce these agreements, Netflix and other streaming services work hard to block VPN usage.
The other reason is actually even more frustrating: sites and services are trying to make sure you’re not a crook. Bad guys understand the benefits of VPNs just as well as the good guys do, and crooks sometimes use VPNs to cover their tracks when executing nefarious online activity. Companies like banks are also especially sensitive to unusual user behavior. If one day you connect from New York and the next day you connect from Vancouver, the bank might get suspicious. That means throwing more login challenges at you-like answering security questions or just regular old Captchas-or blocking you outright.
It’s annoying when a site you want to access won’t play nice with your VPN, but the problem is still more complex when you have a whole network full of devices trying to talk with different services. If, for example, the server that’s supposed to keep your smart fridge’s software up to date doesn’t like the look of your VPN, how would you know? How long would your fridge miss new features and critical security updates before you figured it out? Adding a VPN to your router is especially useful for getting devices that can’t run software on their own protected by a VPN, but I fear that it could also cause failures that these same devices cannot communicate.
A Problematic Solution
When you find yourself blocked for using a VPN, there’s not a whole lot you can do. You can try connecting to a different VPN server, preferably one closer to home. This may seem less odd to the site or service and it may let you through. Sometimes, however, you’ll just have to switch your VPN off and hope for the best.
Switching your VPN off, or messing around with its settings, is all well and good when it’s a friendly app on your desktop or mobile phone. While I haven’t used a router with a VPN, I cannot imagine that the process of activating or deactivating the VPN connection could be easier than it is on a phone or computer. Router interfaces are not known to be user-friendly.
Stobing tells me that most people who opt for the VPN router option actually do it in tandem with a second router. One router is for the devices that the owner wants behind a VPN, and the other is a normally configured router. If there’s a problem with the VPN, Stobing says you simply connect to the other router. This is a technically simple solution, but it requires owning, managing, and using two separate routers. This seems wildly impractical for the average user.
Connecting your router to a VPN will have some beneficial effect on your network security, but perhaps not enough to justify the hassle. A VPN will prevent your ISP from monitoring your activities, and make it more difficult for observers online to track your movements online. A VPN won’t work to prevent unauthorized traffic from entering or leaving your network, as a firewall would, nor will it protect you against malware.
Lastly, even with a VPN on your router, you’re still going to need a VPN on every device that leaves your network. Your smart bulbs probably aren’t likely to find themselves connected to the airport Wi-Fi, but your phone and laptop definitely will, and that’s when you need a VPN the most.
Less Than Practical
On paper, running a VPN on your router is the solution to a lot of common problems, but it doesn’t really play to the strengths of a VPN. A VPN is at its best when it’s protecting you from people on the same network and from your ISP. Running a VPN to cover your home network certainly helps anonymize you to a certain degree, but whatever benefits it might bestow seem too limited to be worth the trouble.
Someday, I’ll have to actually try out a network protected by a VPN, but that’s just because I enjoy testing outlandish solutions to simple problems. Heck, I installed a new operating system on my phone a few months back, so this is probably easier. Even after I do though, I seriously doubt I’ll be recommending it as a solution to anyone.
Originally published at https://www.pcmag.com on August 27, 2019.