In this article, we will discuss the issue of VPN on a router vs. VPN app installed on a device.
VPN on a device: With a VPN installed on a device, you can only access a VPN connection with that specific device and only when the app is turned on. If you need more devices connected to a VPN, you will have to install the VPN app on every device.
VPN on a router: With a VPN router, you only need a VPN installed on the router itself. Every device then connected to the VPN router will share the VPN connection. You will not have to install an app on any other device.
So, which one to use and when:
Use a VPN app: If you only need a VPN connection on one (or just a few) of your devices and only intend to use the VPN connection sporadically (such as unblocking streaming sites, for example).
Related: Check out our best VPNs roundup if you are looking for a VPN.
Use a VPN router: If you have multiple devices that need a stable and frequently used VPN connection (work computer, office environment with multiple devices, etc.). This way, you won’t have to manually install and set up the VPN app on all devices.
You should also use a VPN router if you have a device that you want to connect to a VPN server alone and never to your regular connection.
A VPN router is also advantageous when you are using an OS with which most VPN apps are incompatible, such as Tails OS.
Below, we will elaborate on how VPN apps and routers work and show you how to set up a VPN router yourself.
Quick navigation: Use this to jump to the section that shows you how to set up a VPN router.
Summary and 2023 Update:
This article examines the pros and cons of using a VPN on a router versus a VPN app on individual devices. A VPN on a router allows all connected devices to share the VPN connection, while a VPN app must be installed on each device.
VPN routers are recommended for those with multiple devices needing a stable and frequent VPN connection, while VPN apps are suitable for those needing a VPN on only a few devices and for occasional use.
VPN routers offer increased security, customization, and encryption for all internet traffic but can be expensive and require manual configuration.
Take a look at the diagrams below.
In the first – VPN on a device – we can see a laptop connecting to the internet through a VPN connection. This is the way most consumer VPNs are set up. This system works just fine.
Below we can see how things are set up with a VPN router. Many devices can connect through the same VPN service, which is now handled by the router itself.
Depending on the router operating system (firmware) used, it can be possible to simultaneously connect certain devices to the VPN while having others connect directly to the internet as normal without a VPN.
There are several advantages of running a VPN on your router rather than on each device. One of the main things I like is the level of control and customization over your entire home network when you’re using the higher-end firmware of a VPN router.
With a VPN router, you can connect all your WiFi and wired devices to the internet through the VPN, even devices that don’t support a VPN. This means that the VPN encrypts ALL your internet traffic, and the apparent location of your entire network will be that of the VPN server.
What’s more, your ISP will see encrypted packets and won’t be able to determine whether you’re torrenting on your laptop, unblocking Netflix on your phone, or gaming online through a console.
Using a VPN can help you keep your online activities private from your ISP. This includes unblocking and streaming content from services like Netflix.
If you’re looking for a VPN to use on your phone, check out our guide on the best VPN app for Netflix to find a reliable and easy-to-use option.
This ” set it and forget it ” method is very good for protecting your home network. Still, I would suggest periodically testing the VPN connection using a tool such as DNSLeakTest, rather than forgetting, as VPN connections can go down.
It’s clear that encrypting all your internet activity by default will increase the overall security of your network.
While most websites and services encrypt data between the computer and their servers, not all do, and it’s still possible to discover which services you use, even if the attacker can’t see what you’re sending and receiving.
This is an often-overlooked vulnerability.
Most people will never consider that the services they use could be the first piece of information that an attacker looks for.
This could be the beginning of a spear phishing attack, Where a hacker uses social engineering to specifically target an individual.
In this case, they would start by learning which online services you use so they can create a fraudulent form of contact from that service to steal confidential information.
Of course, this particular method is impossible if you’re using a VPN.
Do remember, though, that simply using a VPN is not a failsafe way to become anonymous online, and anyone who tells you it is, is either lying or has believed a lie someone else has told them. Either way, it’s not true.
There are indeed some disadvantages of VPN routers. The one that will probably put off the most people is the hardware cost.
The basic router you get from your ISP is unlikely to be VPN compatible, nor will you be able to flash it with firmware.
The type of router compatible with a VPN is generally much more expensive, with the most basic models starting at around $50, but can run way higher than that if you want something with a bit more grunt.
If you have a lot of devices connecting to your WiFi at once, your router will need more processing power to keep up with the constant encryption and decryption for the VPN.
This shouldn’t be an issue for most home applications, and a consumer-grade VPN-compatible router should be fine.
Something else worth bearing in mind is that, when running a VPN on your phone or computer, you get the full feature set of the VPN app, which usually supports several VPN protocols and encryption suites, and allows you to alter the configuration quickly.
On the other hand, a VPN on a router requires manual configuration and often only supports OpenVPN (which is the best anyway, at least). Changing the server location on a VPN router is also more laborious.
So how exactly is a VPN router different from a regular router?
A VPN router is just like any other router, but with the capability of running a VPN connection. A special operating system, known as firmware, is required to do this.
All of the following router firmware options mentioned below offer advanced customization and give users many options in addition to running a VPN through the router.
QoS (Quality of service) is a popular feature, available on most custom firmware. QoS allows the network administrator to allocate bandwidth based on internet traffic.
You can, for example, make sure your PS4 connection always has preference over someone browsing the internet, that a specific machine gets more bandwidth than mobile connections, or that P2P downloads are restricted to avoid slowing down the network.
Some routers, such as Netgear, some D-Link and Linksys models, and most enterprise/ business routers come with VPN-compatible firmware straight out of the box.
Still, that firmware is not usually the most powerful in terms of its other features, so many people prefer to install custom firmware such as Tomato, Sabai OS, or DD-WRT.
DD-WRT is probably the most widely used custom router firmware and handles VPN connections very well.
It’s a free, open-source firmware that has a huge online community of helpful DD-WRT users so you can find instructions on how to set up pretty much anything it’s capable of. You do have to do quite a bit of configuration yourself, though.
DD-WRT can be installed at home on a wide variety of routers.
Flashing a router is pretty simple, but if you do it wrong, you’ll probably end up with an expensive paperweight, so if you’re unsure, then it’s best to buy a pre-configured one from Amazon.
Tomato is another free, open-source firmware that can be installed on various routers.
It can handle a lot of very complex processes and has massive customization options but requires a greater level of user knowledge as each feature has to be programmed in.
Tomato can’t be considered a consumer-grade option due to the potential difficulty of set up for non-programmers. It is, however, extremely powerful.
For more information, as well as download links, visit the official Tomato firmware website.
Sabai Technology is a small business with a big name. They care about their work and offer some of the best customer support in the industry. I worked for them for almost two years and can say they’re 100% legit.
Now onto their VPN router firmware – it’s by far the most user-friendly on this list and is easy to set up and use but is not free. Sabai OS (the name of their firmware) is based on Tomato but is preconfigured to get your router working quickly and easily, so you don’t need the expert knowledge to make a regular Tomato build work properly.
Sabai OS has a great Gateways feature that makes it easy to configure which connected devices run through the VPN and the regular internet.
They also sell pre-configured VPN routers that are ready to go straight out of the box. That means there’s no need to risk breaking a router while trying to flash it yourself.
pfsense is a different beast altogether. You can install this OS on an old pc and use that as a highly secure VPN router with loads of extra features such as built-in anti-virus (at the router level, so malware can’t even get onto your device).
Of course, using an old PC would cost a lot of electricity, so I’d suggest getting a purpose-built box or building one yourself.
There’s a large pfsense community scattered across many forums, with many people who build their own routers and give advice. Get started with pfsense here.
Related guide: How to Block Ads On All Your Devices With pfSense, Squid & SquidGuard
Related guide: How to Set Up IP Filtering and DNS Blackholing on pfSense Using pfBlockerNG
When using one of the router firmware builds described above, setting up a VPN is fairly straightforward.
You’ll need your VPN login credentials from your VPN provider. You do still need a subscription to a VPN service.
For a couple of great options for VPNs that work with routers, check out our ExpressVPN or ProtonVPN review.
Many VPN services provide detailed instructions on how to set up their VPN on a router. This usually consists of a list of steps to set up the VPN connection and DNS, install the encryption certificates, and select a server.
Again, this is more time-consuming than simply using the VPN app on your laptop, but it does protect your entire network rather than a single device.
It’s also pretty fun to set up if your into that kind of thing.
February 23, 2023 6:24 am
I enjoyed your article on VPN. I use a VPNs on a per device basis but adding one to router sounds good. But I have noticed that sometimes I need to turn off my VPN on my iPhone to make certain apps work. How will a VPN installed on the router affect all devices? Any help would be great. Thank you
September 13, 2022 3:10 pm
All of this tech talk has my head spinning; I have McAfee VPN app on my laptop; I also connect to my company’s VPN when working; based on your article the VPN router is the best option to cover my home. Is there a router you recommend?
September 1, 2022 7:24 pm
I just bought an Asus RT-AX88U router…took me 3 days to get it set up and link all my 22 devices to it. Yesterday, I flashed my router with DD-WRT (quite proud of myself)….Im with Nord…and in the setup under “Custom Configuration” it says to load specific text. The custom configuration already has text in it…does this mean Im to erase the existing text and load what Nord wants me to lad, or in ADDITION to the existing text…other than this, this is whats holding me back from using a VPN on my router for the time being.
PS…This is the best article for explaining VPN’S…Thank you
September 7, 2022 11:03 am
Hi Rick, thanks for your feedback. 🙂 Yes, you can overwrite the custom text.
May 21, 2022 8:58 pm
I want to travel to see my fiancee in portugal and I workkgn in te UK. My job doesn’t knlw. The laptop they gave me as a global vpn client. How do I disguise my ip address? My phone as vpn exprww if I link my laptop to my phone data would that work? Or if I use a vpn router in portugal?
April 21, 2022 5:29 am
I could really use your knowledge and it seems, this article is the only relevant I can find.
I’m currently working in UK and my Employer doesn’t allow employes to work out of UK jurisdiction.
How can I go back to Germany but actually “stay in UK”?
We already use a VPN and no software can be installed on our workstations.
I was thinking to set up a VPN server right in my appartment and then connect my modem in Germany, to a VPN router, to my VPN home server.
Any thoughts on that? Can it be done without ever showing that I connected somewhere else?
+note: If I get fired, the worst thing that can happen, I will do the best vacations of my life.
March 7, 2022 9:40 pm
Really good article. Many thanks for providing it. The questions and answers have cleared up dozens of questions for me that I did not see clearly answered after spending 4 or more hours on specific VPN vendor websites. They should all provide a link to your article since they don’t answer so many good questions themselves.
December 22, 2021 11:47 pm
Hi. Nice article!
I have one question I have not seen addressed anywhere. (It might be that, as a raw VPN newbie, the question is too stupid a to ask!)
I have Nord VPN set up on my Asus Router. I followed the instructions on Nord’s website, and I think I have it set up properly. My question is about my cell phone. Nord had a QR code to put a VPN client on my cell phone, and I did that. The question is, is that needed?
When accessing the internet via the router it seems redundant.
But, when away from home and using public wi-fi hotspots it or the phone’s date service (AT&T) it seems a good idea to have the VPN on the phone. But I don’t want to enable/disable the VPN as I wander from place to place
December 24, 2021 12:37 pm
There are no stupid questions! 🙂
You are spot on If you are connected to your VPN router with your phone, then you don’t need to enable your VPN app connection as well. That’s indeed redundant.
The app is needed for when you are not at home or connected to a different network, such as cellular network and public WiFi (or any WiFi that’s not yours).
December 17, 2021 12:14 am
Are there answers to any of these questions? If so, How can I see them? If not, what’s the point of having a comments section? I have an Asus AX3000(AX58U) with Merlin firmware and Nord VPN. Plenty of configuration, fairly simple to use, it’s my first experience with a VPN of any kind and I got iy setup. I have only done a basic seyup though, there are a lot of things it can do that I just don’t know enough about to use and when I try things I often mess up my wifi connection and either have to try to undo what I did or reset the router. The router cost me $179 on sale and Nord VPN is $79 for 2 years. I’m happy with my setup. One thing not mentioned here is the fact that this is only discussing your privacy at home on your private wifi network. If you use public networks or work/school networks, you’ll want a VPN on any devices you use in this way so if this is your situation, make dure to select a XPN which allows you to use it both at home on your router and on your devices.
December 24, 2021 12:35 pm
Hey. Sorry, things didn’t update for a while due to some website caching issues. It’s fixed now.
Regarding the rest of your comment, yes, you are correct! Thanks for your feedback.
December 11, 2021 5:21 pm
If I install VPN on my laptop which gets the internet via wifi from a router, will I be safe downloading torrents? Or I would need to install VPN on the router?
December 24, 2021 12:33 pm
VPN on a laptop should be enough.
Make sure to never accidentally access your torrenting app while the VPN is not active.
November 18, 2021 5:43 pm
Imagine I live in place A and have a VPN set up on a router that is connecting me to somewhere in place B I turn my laptop on and connect to an app which is a remote access VPN to another place C.
If I go check my IP on all that, in principle which place would that IP reveal? C ?
And the company providing me the on laptop-app remote access VPN would see me being in B.
December 24, 2021 12:32 pm
> If I go check my IP on all that, in principle which place would that IP reveal? C ?
> And the company providing me the on laptop-app remote access VPN would see me being in B.
Yes. Both of these are correct.
November 16, 2021 6:29 am
Question: This is the setup I’m trying to create
1) I will run TAILS OS from a laptop
2) I will get a prepaid 5G mobile hotspot subscription and device (No identifiable information will be used and it will be prepaid)
Now I want to be able to still use a VPN as a failsafe while using TAILS OS with this mobile hotspot since I will be using this while traveling and I don’t want anything linked to my home network. (Everything I do will be outside of my home and nothing be linked to my house etc.)
So my question is can I still use a VPN router using the 5G mobile hotspot device?
Thanks for the very informative articles! Really appreciate what you’re doing for the community!
December 24, 2021 12:31 pm
> I will get a prepaid 5G mobile hotspot subscription and device
I wouldn’t really recommend this.
Mobile traffic is worst security wise.
Also I’m unsure if you would be able to connect your mobile device to your router (having the mobile device as the source of the internet traffic).
My recommendation is you should get a VPN router and install a VPN on that router and use your normal internet.
This way you will cloak your network and everything else even before it reaches any Tor node.
November 10, 2021 4:14 pm
I have ExpressVPN but it doesn’t work on my laptop unfortunately (it’s very old) so I’m thinking about a Netgear Nighthawk VPN gaming router. Will I still need a subscription to expressvpn and then configure that to my new router? If so, will I always need to have a PC/Laptop running in order for the vpn router to work?
November 13, 2021 9:01 am
Try NordVPN instead
July 9, 2021 3:56 pm
Thank you brother. This is very informative. My situation is a little unique as my landlord works for our ISP. I wanted to know if there’s a way to customize the router settings so that my PC is the only thing using the VPN. But I don’t want to cause any issues for my landlord at work so I’m hesitant to do anything. But all these streaming sites are expensive and I was just reading about Hotstar and all the perks of using it. It’s kind of you to take the time to write this article. I really appreciate it and I know everyone else does too. Peace and good health! 🙏🙂
December 24, 2021 12:27 pm
It’s perfectly fine to use a VPN or a VPN router. You or your landlord should never get into any problems because of that.
If someone happens to ask you can always say you need it to access your work network.
July 3, 2021 1:27 pm
Just wondering can you have a second router as a VPN router, with all chosen devices linked to this router. And the main router handling the data going in/out of the house can be left without a VPN?
July 7, 2021 9:06 am
You can definitely use a secondary router as your VPN router and you can leave the main router without a VPN. This is the current setup I myself have at the moment.
April 11, 2021 5:46 pm
So two basic questions don’t seem to be answered in your post.
1) If we don’t want to put a VPN on a router (we disabled wifi and only have wired modem), does a VPN need to be installed in each device or can it be modem-based somehow?
2) can a VPN installed on a laptop be used anywhere?
July 7, 2021 9:07 am
Thanks for your feedback, Ron!
1) You will need to install a VPN on every device that’s connected to the modem.
2) Sure. It encrypts all your internet traffic whether that’s from a browser or any other app installed on the laptop/computer.
February 4, 2021 11:19 pm
I travel and use phone data as router do all my other devices need to be connected to the same vpn source
July 7, 2021 9:08 am
You should be able to install a VPN on your phone and enable it when you are using your phone data. You can install and use the same VPN app on multiple devices.
November 15, 2020 7:38 am
I want to only put my LG smart TVs on the VPN connection, but keep the rest of my devices off the VPN connection. Can anyone provide a resource that can help me achieve this?
July 7, 2021 9:10 am
The current way I myself are doing this right now is to connect my VPN router to my regular router. I then use the VPN router only with devices that need a VPN connection. Then any other device I connect to the regular router.
January 22, 2022 9:58 pm
What is the benefit of having 2 different routers?
February 8, 2022 11:44 am
One is your normal router that connects to the internet. The other a VPN router that has a VPN installed directly in the router. This router will be between your normal router and devices.
The idea is you only use the VPN router for when you visit things that require a VPN connection.
You shouldn’t use the VPN router for everything, like accessing Google, Gmail, Facebook etc, with your regular accounts. That kinda eliminates your stealth.
August 23, 2020 8:25 am
Tried all 3 VPN suppliers none of which I found very fast. Surfshark was the worst-can’t even connect to Sky News. Having tested many I found if you don’t use a VPN Router NordVPN wired is very fast, efficient and well priced. Having used a VPN router for 2 years I’ve found in general they reduce the download speeds quite substantially whereas if you wire your device (in my case Android box) to your principal router/supplier of internet, there is very little reduction is speed and if i’m correct security remains excellent.
July 7, 2021 9:11 am
At the moment I’m using ProtonVPN with a VPN router and honestly I am not seeing any decrease in speed at all.
You may need to test a few VPN servers first before you find a fast one.
March 5, 2020 3:15 am
Any chance of discussing the advantage of having firewall VPN at home instead of purchasing a VPN service online?
Example Zyxel hardware
February 12, 2020 11:03 pm
My ISP provides PPOE connection, which is incompatible with VPN configured router. So do I need two routers – Primary for PPOE connection and secondary for VPN? How do I configure DHCP on these two routers?