VPN Router vs. VPN on Device – Which is Better?

Updated: 13 July 2021
Updated: 13 July 2021

Miklos Zoltan

Fact-checked by

In this article we will discuss the issue of VPN on a router vs. VPN app installed on a device.

Quick summary:

VPN on a device: With a VPN installed on a device, you will only be able to access a VPN connection with that specific device and only when the app is turned on. If you need more devices connected to a VPN, you will have to install the VPN app on every device.

VPN on a router: With a VPN router, you only need a VPN installed on the router itself. Every device then connected to the VPN router will share the VPN connection. You will not have to install an app on any other device.

So, which one to use and when:

Use a VPN app: If you only need a VPN connection on one (or just a few) of your devices and only intend use the VPN connection sporadically (such as unblocking streaming sites, for example).

Use a VPN router: If you have multiple devices that need a stable and frequently used VPN connection (work computer, office environment with multiple devices, etc.). This way you won’t have to manually install and set up the VPN app on all devices.

You should also use a VPN router if you have a device that you exclusively want to connect to a VPN server alone and never to your regular connection.

A VPN router is also advantageous when you are using an OS with which most VPN apps are incompatible, such as Tails OS.

Below we will elaborate on how both VPN apps and VPN routers work as well as show you how to set up a VPN router yourself.

Quick navigation: Use this to jump to the section that shows you how to set up a VPN router.

Recommended guide: How does a VPN work
Recommended guide: How to stealthy use a VPN
Recommended guide: Using RAM-only VPN servers for enhanced security

VPN Router vs. VPN on Device

VPN Router vs. VPN on Device

Take a look at the diagrams below.

In the first – VPN on a device – we can see a laptop connecting to the internet through a VPN connection. This is the way most consumer VPNs are set up. This system works just fine.

VPN connection diagram

Below we can see how things are set up with a VPN router. Many devices can connect through the same VPN service, which is now being handled by the router itself.

VPN router diagram

Depending on the router operating system (firmware) used, it can be possible to simultaneously connect certain devices to the VPN, whilst having others connect directly to the internet as normal, without a VPN.

Advantages of a VPN Router

There are several advantages of running a VPN on your router rather than on each device. One of the main things I like is the level of control and customization you have over your entire home network when you’re using the higher end firmware of a VPN router.

With a VPN router you can connect all your WiFi and wired devices to the internet through the VPN, even devices that don’t support a VPN natively. This means that ALL your internet traffic is encrypted by the VPN and the apparent location of your entire network will be that of the VPN server.

What’s more, your ISP will simply see encrypted packets and won’t be able to determine whether you’re torrenting on your laptop, unblocking Netflix on your phone, or gaming online through a console.

This set it and forget it method is very good for keeping your home network protected, but I would suggest periodically testing the VPN connection using a tool such as DNSLeakTest, rather than actually forgetting, as VPN connections can go down.

VPN routers provide increased security

It’s clear that encrypting all your internet activity by default will increase the overall security of your network.

Whilst most websites and services these days actually do encrypt data between the computer and their servers, not all do, and it’s still possible to discover which services you use, even if the attacker can’t actually see what you’re sending and receiving.

This is an often overlooked vulnerability.

Most people will never consider that the services they use could be the first piece of information that an attacker looks for. This could be the beginning of a spear phishing attack, Where a hacker uses social engineering to specifically target an individual.

In this case, they would start by learning which online services you use so they can create a fraudulent form of contact from that service, with the aim of stealing confidential information.

Of course, this particular method is impossible if you’re using a VPN.

Do remember though, that simply using a VPN is not a failsafe way to become anonymous online, and anyone who tells you it is, is either lying or has believed a lie someone else has told them. Either way, it’s not true.

Disadvantages of a VPN Router

There are indeed some disadvantages of VPN routers. The one that will probably put off the most people is the hardware cost.

The basic router you get from your ISP is unlikely to be VPN compatible, nor will you be able to flash it with a firmware that is. The type of router that is compatible with a VPN is generally much more expensive, with the most basic models starting at around $50, but can run way higher than that if you want something with a bit more grunt.

If you have a lot of devices connecting to your WiFi at once, your router will need more processing power in order to keep up with the constant encryption and decryption for the VPN. For most home applications this shouldn’t be an issue, and a consumer grade VPN compatible router should be just fine.

Something else worth bearing in mind is that, when running a VPN on your phone or computer, you get the full feature set of the VPN app, which usually supports several VPN protocols and encryption suites, and allows you to quickly alter the configuration.

A VPN on a router, on the other hand, requires manual configuration, and often only supports OpenVPN (which is the best anyway, at least). It is also more laborious to change the server location on a VPN router.

VPN Router Firmware

So how exactly is a VPN router different from a regular router?

A VPN router is just like any other router, but with the capability of running a VPN connection. To do this, a special operating system, known as firmware, is required.

All of the following router firmware options mentioned below offer advanced customization, and give users many options in addition to running a VPN through the router.

QoS (quality of service) is a popular feature, available on most custom firmwares. QoS allows the network administrator to allocate bandwidth based on the type of internet traffic.

You can, for example, make sure your PS4 connection always has preference over someone browsing the internet, or that a specific machine gets more bandwidth than mobile connections, or that P2P downloads are restricted to avoid them slowing down the network.

Some routers such as Netgear, and some D-Link and Linksys models, and most enterprise/ business routers come with VPN compatible firmware straight out of the box, but that firmware is not usually the most powerful in terms of its other features, so many people prefer to install a custom firmware such as Tomato, Sabai OS, or DD-WRT.

DD-WRT

DD-WRT is probably the most widely used of any custom router firmware, and it handles VPN connections very well.

It’s a free open source firmware that has a huge online community of helpful DD-WRT users so you can find instructions on how to set up pretty much anything it’s capable of. You do have to do quite a bit of configuration yourself though.

DD-WRT can be installed at home on a wide variety of routers. Flashing a router is pretty simple, but if you do it wrong, you’ll probably end up with an expensive paperweight, so if you’re unsure then it’s best to buy a pre-configured one from Amazon.

Tomato

Tomato is another free open source firmware that can be installed on a wide variety of routers.

It can handle a lot of very complex processes and has massive customization options, but requires a far greater level of user knowledge as each feature has to be programmed in.
Tomato can’t really be considered a consumer grade option due to the potential difficulty of set up for non-programmers. It is, however, extremely powerful.

For more information, as well as download links, visit the official Tomato firmware website.

Sabai OS

Sabai Technology are a small business with a big name. I worked for them for almost two years and can say they’re 100% legit. They really care about their work, and offer some of the best customer support in the industry.

Now onto their VPN router firmware – it’s by far the most user friendly on this list, and is easy to set up and use, but is not free. Sabai OS (the name of their firmware) is based on Tomato but is preconfigured to get your router working quickly and easily, so you don’t need the expert knowledge to make a regular Tomato build work properly.

Sabai OS has a great feature called Gateways that makes it easy to configure which connected devices run through the VPN, and which through the regular internet.

They also sell pre-configured VPN routers that are ready to go straight out of the box. That means there’s no need to risk breaking a router while trying to flash it yourself.

pfsense

pfsense is a different beast altogether. You can actually install this OS on an old pc and use that as a highly secure VPN router with loads of extra features such as built in anti-virus (at the router level, so malware can’t even get onto your device). Of course using an old PC would end up costing a lot in electricity, so I’d really suggest getting a purpose built box or building one yourself.

There’s a large pfsense community scattered across many forums, with many people who build their own routers and give advice. Get started with pfsense here.

Related guide: How to Block Ads On All Your Devices With pfSense, Squid & SquidGuard
Related guide: How to Set Up IP Filtering and DNS Blackholing on pfSense Using pfBlockerNG

How to build a pfsense router from an old PC

How to Set up a VPN on a Router

When using one of the router firmware builds described above, setting up a VPN is fairly straightforward.

You’ll need your VPN login credentials from your VPN provider. You do still need a subscription to a VPN service.

If you need some help choosing, check our top ranked VPNs list. For a couple of great options for VPNs that work with routers, check out our ExpressVPN or ProtonVPN review.

Many VPN services provide detailed instructions on how to set up their VPN on a router, and this usually consists of a list of steps to take to set up the VPN connection and DNS, install the encryption certificates, and select a server.

Again, this is more time consuming than simply using the VPN app on your laptop, but it does protect your entire network rather than a single device.

It’s also pretty fun to set up, if your into that kind of thing.

Additional VPN Guides:

Written by: Joe Robinson

Connect with the author:

Data privacy and cyber security expert. Joe has been working in the VPN field for over seven years, and has a passion for analysis and debate. He loves learning new technologies and software, and regularly uses everything from Kali Linux to Pro-tools. When not writing about digital security, Joe helps businesses improve their website usability and spends his free time playing guitar and reading about data science, IoT, and philosophy.

15 thoughts on “VPN Router vs. VPN on Device – Which is Better?”

  1. Niles says:

    Thank you brother. This is very informative. My situation is a little unique as my landlord works for our ISP. I wanted to know if there’s a way to customize the router settings so that my PC is the only thing using the VPN. But I don’t want to cause any issues for my landlord at work so I’m hesitant to do anything. But all these streaming sites are expensive and I was just reading about Hotstar and all the perks of using it. It’s kind of you to take the time to write this article. I really appreciate it and I know everyone else does too. Peace and good health! 🙏🙂

  2. Bolo says:

    Just wondering can you have a second router as a VPN router, with all chosen devices linked to this router. And the main router handling the data going in/out of the house can be left without a VPN?

    1. Miklos Zoltan says:

      You can definitely use a secondary router as your VPN router and you can leave the main router without a VPN. This is the current setup I myself have at the moment.

  3. Ron says:

    So two basic questions don’t seem to be answered in your post.

    1) If we don’t want to put a VPN on a router (we disabled wifi and only have wired modem), does a VPN need to be installed in each device or can it be modem-based somehow?

    2) can a VPN installed on a laptop be used anywhere?

    1. Miklos Zoltan says:

      Thanks for your feedback, Ron!

      1) You will need to install a VPN on every device that’s connected to the modem.

      2) Sure. It encrypts all your internet traffic whether that’s from a browser or any other app installed on the laptop/computer.

  4. Barry says:

    I travel and use phone data as router do all my other devices need to be connected to the same vpn source

    1. Miklos Zoltan says:

      You should be able to install a VPN on your phone and enable it when you are using your phone data. You can install and use the same VPN app on multiple devices.

  5. Cody says:

    I want to only put my LG smart TVs on the VPN connection, but keep the rest of my devices off the VPN connection. Can anyone provide a resource that can help me achieve this?

    1. Miklos Zoltan says:

      The current way I myself are doing this right now is to connect my VPN router to my regular router. I then use the VPN router only with devices that need a VPN connection. Then any other device I connect to the regular router.

  6. richard says:

    Tried all 3 VPN suppliers none of which I found very fast. Surfshark was the worst-can’t even connect to Sky News. Having tested many I found if you don’t use a VPN Router NordVPN wired is very fast, efficient and well priced. Having used a VPN router for 2 years I’ve found in general they reduce the download speeds quite substantially whereas if you wire your device (in my case Android box) to your principal router/supplier of internet, there is very little reduction is speed and if i’m correct security remains excellent.

    1. Miklos Zoltan says:

      At the moment I’m using ProtonVPN with a VPN router and honestly I am not seeing any decrease in speed at all.

      You may need to test a few VPN servers first before you find a fast one.

  7. Toby says:

    Any chance of discussing the advantage of having firewall VPN at home instead of purchasing a VPN service online?
    Example Zyxel hardware

  8. Roger says:

    My ISP provides PPOE connection, which is incompatible with VPN configured router. So do I need two routers – Primary for PPOE connection and secondary for VPN? How do I configure DHCP on these two routers?

Leave a Reply

Your email address will not be published.