• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy Logo

Restore Privacy

Resources to stay safe and secure online

  • Privacy Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search
    • Password Manager
    • Tor
    • Privacy Tools
  • Reviews
    • Email Reviews
      • ProtonMail
      • Tutanota
      • Mailfence
      • CTemplar
      • Mailbox.org
      • Posteo
      • Fastmail
      • Hushmail
    • VPN Reviews
      • ExpressVPN
      • NordVPN
      • Surfshark
      • Perfect Privacy
      • CyberGhost
      • IPVanish
      • Private Internet Access
      • Netflix VPN
      • Best VPN for Torrenting
      • NordVPN vs ExpressVPN
    • Cloud Storage Reviews
      • pCloud
      • Nextcloud
      • IDrive
      • SpiderOak
      • Sync.com
      • MEGA Cloud Storage
      • Tresorit
    • Secure Messenger Reviews
      • Telegram
      • Signal
      • Wire
    • Password Manager Reviews
      • KeePass
      • NordPass
      • 1Password
      • Dashlane
      • LastPass
      • Bitwarden
  • VPN
    • What is VPN
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • NordVPN Cyber Monday
      • Cyber Monday VPN Deals
      • ExpressVPN Cyber Monday
      • Surfshark Cyber Monday
    • Best VPN Services
    • VPN Router
    • Free VPN
    • Free Trial VPN
    • Cheap VPNs
    • VPN for Firestick
  • Reports
  • Mission
  • Search
  • Privacy Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search
    • Password Manager
    • Tor
    • Privacy Tools
  • Reviews
    • Email Reviews
      • ProtonMail
      • Tutanota
      • Mailfence
      • CTemplar
      • Mailbox.org
      • Posteo
      • Fastmail
      • Hushmail
    • VPN Reviews
      • ExpressVPN
      • NordVPN
      • Surfshark
      • Perfect Privacy
      • CyberGhost
      • IPVanish
      • Private Internet Access
      • Netflix VPN
      • Best VPN for Torrenting
      • NordVPN vs ExpressVPN
    • Cloud Storage Reviews
      • pCloud
      • Nextcloud
      • IDrive
      • SpiderOak
      • Sync.com
      • MEGA Cloud Storage
      • Tresorit
    • Secure Messenger Reviews
      • Telegram
      • Signal
      • Wire
    • Password Manager Reviews
      • KeePass
      • NordPass
      • 1Password
      • Dashlane
      • LastPass
      • Bitwarden
  • VPN
    • What is VPN
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • NordVPN Cyber Monday
      • Cyber Monday VPN Deals
      • ExpressVPN Cyber Monday
      • Surfshark Cyber Monday
    • Best VPN Services
    • VPN Router
    • Free VPN
    • Free Trial VPN
    • Cheap VPNs
    • VPN for Firestick
  • Reports
  • Mission
  • Search

VPN Routers – The Ultimate Guide

August 13, 2020 By Sven Taylor — 191 Comments

VPN router

At nearly 5,000 words, this guide takes a deep dive into the world of VPN routers.

In today’s world, a VPN router is one of the most important privacy tools you can own. A VPN is crucial for protecting your privacy against all the forces out there trying to track you, monitor you, spy on you, and steal from you.

While it may seem a bit complex to some, the truth is that anybody can use a VPN router – regardless of your experience level. In this guide we’ll cover different setup options, the best VPN routers for different situations, as well as configuring a VPN router for policy-based routing and a kill switch.

But before we dive in, let’s cover just a few reasons for using a VPN router:

  • Protect and secure every device on your network.
  • Secure your network against attacks, surveillance, and ISP snooping. Internet service providers often record your browsing history and online activities. And ISPs in the USA can now legally sell that information.
  • Easily chain two VPNs at the same time for added security and anonymity (one VPN on the router, another on your computer). This will also protect you in the case that one VPN is compromised.
  • Create a backup VPN (fail-safe) on your router in case of leaks, crashes, or problems with the primary VPN on your computer.
  • Block ads and tracking on your entire network through the VPN
  • Easily access blocked content or restricted websites with all your devices.

Outline

This VPN router guide is broken down into the following sections:

  1. VPN router setup options
  2. Why most VPN routers are slow
  3. How to get the best speeds with a VPN router

So let’s dive in to the topic of VPN routers.

1. VPN router setup options

You basically have three different options if you want to use a VPN on a router:

  1. Get a pre-configured VPN router. This is an ideal solution that minimizes hassle. Three great options for preconfigured routers are:
    1. Flashrouters
    2. Sabai Technology
    3. Vilfo router
  2. Get a VPN-ready router that natively supports OpenVPN (no flashing required). There are many different models that support OpenVPN right out of the box. The best lineup of VPN routers (largest selection) comes from Asus, which we will cover below.
  3. Flash an existing router with firmware to support using a VPN.

We’ll cover each of these setup options in detail below, along with the best VPN routers for each category.

However, before diving into setup options, it’s first important to discuss a potential drawback with VPN routers, which is the speed reduction.

Why most VPN routers are slow

The VPN router’s processor (CPU) is arguably the biggest factor affecting overall speed (assuming you are using a good VPN). Unfortunately, the processors in most consumer-grade routers are underpowered when it comes to handling encryption with a VPN. The processors simply are not up to the task of handling VPN encryption with ease.

But on a positive note, this is starting to change with some of the better routers on the market – see the Asus ASUS RT-AX88U for example.

Sabai Technology has a unique solution for this problem with the Sabai VPN Accelerator, discussed further below.

Lastly, the Vilfo router also solves the speed problem. We were able to get 268 Mbps using a Vilfo router with NordVPN.

We’ll examine the fastest VPN routers in more detail below.

Checklist: How to get the best performance with your VPN router

So how do you get the best performance with your VPN router?

Here is the checklist:

  1. You will first need a fast internet connection from your internet service provider. (A VPN cannot make your internet faster, unless your ISP is throttling your speeds.)
  2. Next, you will need a fast VPN service. The fastest VPN we have tested is NordVPN.
  3. Use a fast VPN router with a powerful processor, such as one of these:
    1. Vilfo router
    2. Sabai VPN Accelerator
    3. Asus RT-AX88U
  4. Connect to a nearby server that has enough bandwidth
  5. Use a wired ethernet connection for the fastest speeds and strongest security (don’t use WiFi).

Previously, it was very difficult to get above 100 Mbps with a VPN router. However, if you follow the checklist above, you should easily be able to get over 100 Mbps with your VPN router.

Preconfigured VPN routers

If you want to minimize the hassle, risks, and potential frustration of flashing your own router, then a pre-configured VPN router is a good choice. While it will be more expensive than your standard (non-configured) router, a pre-configured router will probably save you time and it also comes with dedicated support.

Here are the best three options for a preconfigured VPN router, which we’ll examine in detail below:

  1. Vilfo router
  2. Sabai Technology VPN routers
  3. Flashrouters

Let’s examine each of these in more detail.

1. Vilfo VPN router (fastest VPN router)

Vilfo router

The Vilfo VPN router is arguably the best VPN router on the market. It is based on OpenWRT firmware and offers numerous features and customization options. In terms of performance, it is the fastest VPN router we have tested (so far).

Below is a speed test we conducted for the Vilfo router review. It was conducted using a nearby NordVPN server:

fastest VPN router

The name of this product tells you all you need to know. The Vilfo VPN router, created by Vilfo AB of Sweden, is first and foremost designed to be a killer VPN router. We’ve seen reports that the router can get 500+ Mbps with OpenVPN encryption. Impressive to say the least.

From the ground up, this router was designed for VPN services. It has support for many of the leading VPN services built right in (including two of our favorites, ExpressVPN and NordVPN), and works with any VPN service that supports OpenVPN and exports their configuration information.

Aside from just speeds, this VPN router also packs in many other impressive features and options:

  • Feature-rich dashboard to monitor traffic and manage users, devices, and groups of devices
  • Split tunneling to route devices and/or websites outside the VPN tunnel
  • Support for multiple simultaneous VPN connections
  • Parental controls
  • Built-in kill switch to ensure all traffic remains encrypted

The company behind Vilfo is the same team that offers OVPN, one of the best VPN services based in Sweden. They offer live chat support and a generous one year hardware warranty. To find out more about the Vilfo VPN router, check out our in-depth review here. We have an in-depth Vilfo review here – or check out the website below.

https://www.vilfo.com


2. Sabai Technology VPN routers

Sabai Technology VPN router

If you are looking for a router that is both user-friendly and also offers great features, Sabai Technology would be an excellent choice. The Sabai OS firmware is based on Tomato, but with more features and regular updates.

One feature I really liked when testing out the Sabai OS device was the Gateways feature. The Gateways feature allows you to selectively route every device that connects to the network. In other words, you can route certain devices through your VPN and others through your local (unencrypted) connection.

The Gateways feature also functions as a kill switch. In other words, if a specific Gateway drops (such as the VPN router’s connection to a VPN server), traffic will be blocked for all devices assigned to the VPN router. This keeps you safe and helps prevent any IP address leaks.

You can also supercharge your VPN router speed using the Sabai VPN Accelerator, which is a Mini PC that connects directly to the router and handles all encryption for the VPN.

With the Sabai VPN router I tested, the setup and configuration process was quick and easy. Additionally, Sabai offers great support from helpful and responsive in-house technicians (no third-party support). And lastly, the Sabai OS firmware remains under active development with regular security updates.

https://www.sabaitechnology.com


3. FlashRouters VPN router

Flashrouters vpn router

FlashRouters is another great option that specializes in VPN routers that run Tomato and DD-WRT firmware.

FlashRouters relies on free and open-source firmware, which you can freely get online, rather than their own custom firmware. While there is a benefit to the firmware being open source, it may also suffer from less active development and fewer security updates.

You can also find routers that are specifically configured for certain VPN providers. Just visit the site and select your VPN service to see the available routers.

The FlashRouters website is also a good information resource if you’re looking to learn more about:

  • DD-WRT routers
  • Open source firmware

Flashrouters remains one of the most popular sources for a preconfigured VPN router. Check out their site for more info.

https://www.flashrouters.com


Conclusion on pre-configured VPN routers

While pre-configured routers are more expensive than some other options, they are still a good choice if you don’t want the hassle and risk of flashing your own router. The support is also very helpful for getting everything working correctly.

However, there is a cheaper option, and that is with VPN-ready routers.

VPN-ready routers

Aside from getting a pre-configured router, the next easiest option is to go with router that can be used with OpenVPN right out of the box, which I refer to as a VPN-ready router.

For VPN-ready routers that natively support OpenVPN (without any customization or flashing), you have these choices:

  1. Asus routers – Asus is my favorite option because it offers a huge selection of VPN-ready routers, with very good prices. Not all Asus routers are VPN enabled – see the Asus section below for a complete list of routers and specifications.
  2. Synology routers – Synology currently offers two routers that can be quickly configured with OpenVPN with little time and effort (no flashing): RT1900AC and the RT2600AC.

Note: There are also a number of smaller VPN router “boxes” being marketed by various companies. In general, these appear to be underpowered for OpenVPN use. Some of these boxes also appear to lock you into subscribing to their VPN service.

Tip: I’d recommend going with one of the larger manufacturers and using a firmware that is regularly updated for security fixes.

We’ll take a close look at each option below.

1. Asus VPN routers

If you’re looking for the best VPN router that you can use right away, then Asus is tough to beat.

Asus offers a great lineup of VPN-ready routers – from cheap to high-end. They offer several routers with powerful processors that can do exceptionally well with VPN encryption. As a matter of fact, NordVPN strongly recommends Asus routers for the best performance.

The fastest Asus router available now is the Asus RT-AX88U. It can hit speeds over 200 Mbps with OpenVPN.

Here is the best Asus router that supports OpenVPN encryption, the RT-AX88U AX6000:

VPN router with best speeds

One drawback with this router, however, is that it is one of the most expensive routers from Asus that supports VPN encryption right out of the box. You can see the current prices on Amazon here.

Easy to setup Asus VPN routers

The AsusWRT stock firmware natively supports these VPN protocols: OpenVPN, L2TP, and PPTP. Setup is a breeze (about 20 minutes or less) and you can load numerous VPN configurations onto your router (which is something you can’t do with DD-WRT).

To show how easy this is, I have put together this setup guide using the AsusWRT firmware, Ad Blocker on a Router with a VPN (with Perfect Privacy).

TIP: I would recommend upgrading your Asus router to the Asus Merlin firmware, which will improve speeds, security, and include more features. (We’ll discuss this more below.)

All Asus routers you can use with OpenVPN

Here are the Asus routers that are VPN-ready (support OpenVPN right out of the box) and can be set up with minimal time and effort:

  • ASUS RT-AC66U (AC1750)
  • Asus RT-AX56U AX1800
  • Asus RT-AX3000
  • Asus AC-1900 (RT-AC68U)
  • Asus AC2900 (RT-AC86U)
  • Asus RT-AC3200
  • Asus RT-AC87U AC2400
  • ASUS RT-AC88U
  • Asus RT-AC5300
  • Asus RT-AX88U AX6000
  • Asus RT-AX92U AX6100

Important Note: Do not be confused by the numbers, they do not always correspond to speed and performance (bigger number does not mean faster). A big factor with speeds is the specific processor the router is using, and whether it supports accelerated speeds for VPN encryption (AES-NI).

The fastest Asus routers from the list above are:

  • Asus AC2900 (RT-AC86U)  [Best value router, speeds of 150+ Mbps]
  • Asus RT-AX88U AX6000  [Fastest router with most features, speeds of 200+ Mbps]

I’ve found Asus routers to be very stable with good performance, while also being easy to set up. The stock firmware allows you to set up custom DNS and also block IPv6. Additionally, Asus routers are very versatile and can be used with lots of other firmware, such as Asus Merlin, DD-WRT, Tomato, AdvancedTomato, OpenWRT, and Sabai OS.

Here are some pros and cons of Asus VPN routers based on my experience with testing various models:

+ Pros

  • Large VPN router selection (all price ranges)
  • Stock firmware (AsusWRT) is very easy to use with VPNs
  • Router be used with other firmware: Asus Merlin, DD-WRT, Tomato, AdvancedTomato, OpenWRT
  • Very durable (difficult to brick)
  • Solid performance, especially the newer models

– Cons

  • Stock firmware (AsusWRT) has fewer features compared to Asus Merlin

Conclusion on Asus VPN routers

Asus routers are one of the best values you will find for a VPN router that you can unbox and use within minutes. With the models noted above, you can get many features and blazing fast speeds, which were previously not possible with consumer-grade routers. To get the most out of your Asus router, I would strongly recommend upgrading to the (free) Asus Merlin firmware.

If you are looking for the best-value VPN router, go with the Asus AC2900 (RT-AC86U), which is cheaper than many other models, but still offers amazing speeds.

2. Synology VPN routers

Synology offers two routers that natively support VPN use. Synology also does a good job with regular security updates. While the selection isn’t huge, both of the Synology VPN routers appear to be decent options:

Synology RT1900AC (1.0 GHz – dual core processor)
Synology RT2600AC (1.7 GHz – dual core processor)

The fastest of these two VPN routers is the Synology RT2600AC:

synology vpn router

In comparison to similarly-priced Asus router models, Synology is not quite as fast.

You can see the Synology router lineup on Amazon for more details.

Conclusion on VPN-ready routers

Setting up a VPN-ready router should be a fairly straight-forward process. This is particularly the case with Asus VPN routers. All you need to do is import the OpenVPN configuration files, add your VPN username and password, and then you should be able to connect the router to a VPN server. If you need

This guide covers setting up VPN enabled Asus routers using the stock firmware (AsusWRT): Ad Blocker on a Router with a VPN (with Perfect Privacy).

Another advantage with VPN-ready routers is that they are usually cheaper than preconfigured VPN routers. You can get a great model, such as the Asus AC2900, without spending a fortune.

VPN router firmware options (and flashing a router)

The next option is to flash a router you have with firmware that will support a VPN. This will be more complicated than getting a pre-configured router, or a VPN-ready router with native VPN support. The level of complexity will depend on the firmware and the specific router you are using.

In this section on flashing a router, we will discuss the following firmware:

  • Merlin AsusWRT
  • DD-WRT
  • Tomato and Advanced Tomato
  • OpenWRT
  • pfSense

The first option we’ll discuss is the Merlin AsusWRT firmware, which is relatively easy to install and use with a VPN.

Merlin AsusWRT routers

AsusWRT by Merlin is a third-party open source firmware that builds on and improves the AsusWRT firmware. AsusWRT by Merlin is one of the best options if you want a secure, user-friendly firmware with lots of features for use with a VPN. (It’s also free.)

A Merlin AsusWRT router offers the following benefits:

  • Enhanced security – Merlin AsusWRT is regularly updated to fix bugs and security vulnerabilities. You can verify the latest security fixes on the changelog. The developer is active, unlike with some other firmware.
  • Policy-based and selective routing – This allows you to select specific devices or destinations to use the VPN, with everything else going through the regular ISP connection. Merlin’s user-friendly policy-based routing feature is a distinguishing factor separating it from other VPN routers. Some people need this for bypassing the VPN, such as with Netflix or other websites.
  • Kill switch – A kill switch will block all internet traffic if the VPN connection is lost. Setting up a properly functioning kill switch can be tricky with some VPN routers. With Merlin AsusWRT, this is easy.
  • Multiple VPN clients and servers – Merlin AsusWRT allows you to configure two VPN servers and up to five VPN clients. You can also use different VPN clients at the same time with different devices (but I would recommend a higher CPU router in this case).

Merlin AsusWRT is a reliable, secure, and feature-rich option for Asus routers.

Combining a high-performance Asus router (such as the Asus RT-AX88U or Asus AC2900) with Merlin firmware and a high-quality VPN service is one of the best options around. You will be able to secure your home network without sacrificing performance.

Merlin AsusWRT supports the following routers:

  • RT-AC66U_B1 (same firmware as the RT-AC68U)
  • RT-AC68U  (including revisions C1 and E1)
  • RT-AC68P (same firmware as RT-AC68U)
  • RT-AC68UF (same firmware as RT-AC68U)
  • RT-AC87
  • RT-AC3200
  • RT-AC88U
  • RT-AC3100
  • RT-AC5300
  • RT-AC1900 (same firmware as RT-AC68U)
  • RT-AC1900P (same firmware as RT-AC68U)
  • RT-AC86U (starting with version 382.1)
  • RT-AC2900 (same firmware as RT-AC86U)
  • RT-AX88U
  • RT-AX56U
  • RT-AX58U
  • RT-AX3000 (same firmware as RT-AX58U)

Note: The U, R and W variants are all supported, as they are the exact same hardware and firmware, only different marketing SKUs or different case color.

Here are some general pros and cons of the AsusWRT Merlin firmware:

+ Pros

  • User-friendly interface
  • Kill switch and policy-based routing options
  • Support for multiple VPN clients
  • Active development with regular updates
  • Support via the SNB forum

– Cons

  • Limited to Asus routers (but with a good selection of models)

Additional resources:

  • Official Merlin AsusWRT website
  • Official Merlin Github page
  • SNB Forums (active community, with the developer offering direct support)
  • Youtube video demonstrating how to setup a kill switch and policy-based routing

DD-WRT routers

DD-WRT is a Linux-based firmware that was developed to enhance the functionalities of wireless routers. It is a popular option because it can be used with many different routers and it offers some good features.

Despite it’s popularity, however, DD-WRT does have some drawbacks. First, you can only load one VPN configuration on the router. This prevents you from easily switching between different VPN server locations.

Another issue I’ve noticed is that the development community seems to be less active. This means fewer updates and less-regular security patches. DD-WRT can be somewhat tricky to setup if you are flashing your own router. You also run the risk of bricking your router (some models are more durable than others).

For some people, ordering a preconfigured DD-WRT router from FlashRouters may be the best bet – see their lineup of DD-WRT routers here.

Flashing a DD-WRT router

You can also try flashing a router you already own with DD-WRT firmware. Here are the two main resources you need:

  • Supported DD-WRT devices list
  • DD-WRT installation guide

If you are considering flashing with DD-WRT, just beware of the risks (permanently breaking your router). Also be sure to follow the official DD-WRT guidance for your router model.

+ Pros

  • Huge number of routers supported (see here)
  • Good Quality of Service (QoS) controls (for bandwidth allocation)
  • Ad blocking feature

– Cons

  • Only supports one VPN configuration
  • Less active development with fewer security updates
  • More difficult to install than other firmware options

Additional resources:

  • Official DD-WRT Wiki
  • DD-WRT tutorials
  • DD-WRT forums
  • Preconfigured DD-WRT routers
  • r/DDWRT (reddit)

Tomato and AdvancedTomato routers

Tomato is another alternative, open source firmware for routers. Tomato firmware has many similarities to the AsusWRT Merlin firmware. It gives you the option to use up to two VPN servers and two VPN clients, while also having features for policy-based routing.

Unfortunately, the original Tomato firmware seems somewhat outdated, especially when it comes to supporting newer routers. One alternative would be AdvancedTomato firmware instead of the original Tomato firmware.

Tomato VPN router

 

AdvancedTomato offers some good improvements over the original. The overall design is better, which gives you more control over your router’s features.

Sabai OS (based on Tomato) – Finally, the lineup of VPN routers from Sabai Technology all have the Sabai OS firmware, which is based on Tomato. To use Sabai OS on an existing router you own, you would need to purchase a license. However, Sabai OS offers the benefits of regular security updates, great support, ease of use, and good features.

See the full lineup of Sabai VPN routers here.

Pros and cons of Tomato and AdvancedTomato firmware:

+ Pros

  • User-friendly layout (especially with AdvancedTomato)
  • Supports 2 VPN servers and 2 VPN clients
  • Quality of Service (QoS) options for bandwidth control

– Cons

  • Original Tomato firmware outdated
  • Installation can be more complex
  • Many of the supported routers are outdated and/or underpowered for VPNs

Overall, Tomato is a decent option for VPN routers, although AdvancedTomato seems to be the better option.

Additional resources:

  • Original Tomato website
  • AdvancedTomato website
  • AdvancedTomato supported devices
  • r/TomatoFTW (reddit)
  • Sabai OS VPN routers (based on Tomato)

OpenWRT routers

OpenWRT is another open source firmware to enhance and secure wireless routers. It has many great features while also supporting a large number of devices.

Development of new versions of OpenWRT continues, although not at a rapid pace. The OpenWRT forums are likewise still active, with around 200 messages a week in total.

OpenWRT offers some nice features. Aside from VPN capability, it also provides QoS options, BitTorrent client configuration, server software, and traffic analysis features.

ExpressVPN has a great router app that is based on OpenWRT. You can get more information from the routers section of the ExpressVPN website.

+ Pros

  • Support for many devices
  • Good Quality of Service (QoS) controls
  • BitTorrent client configuration

– Cons

  • Less active development with fewer security updates
  • Limited support for newer routers

Additional resources:

  • Official OpenWRT website
  • OpenWRT supported devices
  • OpenWRT wiki
  • r/openwrt (reddit)

pfSense routers

pfsenseA PC router running pfSense will be more complicated to setup, but it does offer some great features. pfSense is an open source firewall/router computer software distribution based on FreeBSD.

Unlike some router firmware, pfSense continues to gain popularity with active development and new features being added.

While pfSense gives you very powerful tools and features, setup can be difficult if you lack the necessary technical and security background. Ultimately, these complex and powerful features can end up being worse than less secure options that are easy for anyone to set up. It all depends on the user.

pfSense router performance with OpenVPN

With a very basic and cheap PC that is properly configured with pfSense, you could get a high-performance router.

The main difference here is processing power (CPU). Nearly any PC will outperform even the high-end router models. Two popular options when using a PC for a router include:

  1. A mini-PC with pfSense (often called a pfSense box)
  2. An old PC (see this video)

With these two options, you will still need an access point for devices to access the network. This usually means your PC will be hooked up to a regular router, which will serve as the access point for the PC.

The pfSense forums are a good resource for VPN router setup advice. But be careful: if you lack the background in this area, setting up a pfSense VPN router can be especially difficult, frustrating, and time-intensive.

+ Pros

  • Very secure
  • Numerous features
  • Highly configurable
  • Solid performance

– Cons

  • More difficult to setup
  • With PC routers, you will also need an access point for the wireless

Additional resources:

  • pfSense official site
  • pfSense forums
  • List of pfSense features
  • pfSense wiki
  • r/pfsense (reddit)
  • Great video series introduction to pfSense

Policy-based routing (selective routing)

One issue that often comes up with VPN routers is policy-based routing. This entails routing specific clients (devices) or connecting to certain websites outside the VPN tunnel. This is usually important for accessing sites that block VPNs, such as banking websites or perhaps Netflix.

How to set up policy-based routing depends on the firmware you are using.

Vilfo VPN router – This router takes policy-based routing to a new level. You can have 10 simultaneous groups, each of which is connected to its own separate VPN service, or none at all. Within a group, you can disable the VPN connection temporarily giving you total control over routing.

Clicking the Bypass button of any device in any group causes that device to bypass the VPN tunnel.

Sabai OS – As mentioned above, all Sabai OS VPN routers have the option to selectively route each device that connects to the network. This can be simply controlled through the Gateways feature.

vpn router kill switch
The Gateways feature will allow you to selectively route the traffic for every device. It also works as a kill switch.

AsusWRT Merlin – Another easy option for policy-based routing is to use the Merlin firmware on a compatible Asus router. This video clearly explains creating a kill switch and policy-based routing for your VPN with AsusWRT Merlin:

Tomato and AdvancedTomato – AdvancedTomato firmware provides policy-based routing support. Instructions for standard Tomato firmware come from VPN.ac. Their TomatoUSB Policy-Based Routing guide includes detailed instructions for different scenarios.

DD-WRT – Setting up policy-based routing with DD-WRT is relatively straightforward. FlashRouters put together an excellent guide for DD-WRT routers, see Dual Gateway VPN Blacklist by Device for more information.

Dual VPN router – Another option for separating traffic between your VPN tunnel and regular ISP connection is to use a dual VPN router setup. With this, you will be able to easily switch back and forth. The main drawbacks, however, are increased power consumption and the possibility of wireless interference.

Kill switch on a VPN router

A kill switch is an important feature to block internet traffic if your VPN connections drops. This prevents your real IP address from being exposed.

Vilfo VPN router – The Vilfo router has a built-in kill switch that is active for all devices, and controlled from the OpenVPN settings page.

Sabai OS – The Sabai OS firmware includes a built-in kill switch when you set up the Gateways feature. This is probably the easiest option available for a VPN router kill switch.

Merlin AsusWRT – The video above covers setting up a kill switch.

Tomato and AdvancedTomato – Setting up a kill switch for Tomato VPN routers just requires creating a rule. Using the rule below, traffic will only be forwarded through an active VPN connection.

In Administration > Scripts > Firewall tab, add the following rule:

iptables -I FORWARD -i br0 -o `nvram get wan_iface` -j DROP

Save the rule and reboot your router.

DD-WRT – Just like with Tomato, to add a kill switch on a DD-WRT router you just need to add a rule. Again, this only allows traffic if the VPN connection is active.

In Administration > Commands > add the following rule:

iptables -I FORWARD -i br0 -o `nvram get wan_iface` -j DROP

Select “Save Firewall” to save the rule and reboot router.

Conclusion on VPN routers

While there are many reasons for using a VPN router, security and privacy are two of the most important factors.

If you have a standard (non-VPN) router now, replacing its stock firmware with one of the alternatives in this guide is a good idea from a security perspective.

An even better idea would be to replace your current router with a VPN router such as the Vilvo VPN router, or one of the many offerings from FlashRouters or Sabai Technology.

Over the last few years there have been endless articles written about how intelligence organizations like the CIA have exploited security vulnerabilities in routers to spy on people.

Another tip for securing your network is to simply stop using wireless and go back to wired-only (ethernet) connections. Ethernet connections are vastly more secure than WiFi, and a connection using a high-quality ethernet cable can be much faster than a wireless connection.

In the era of COVID-19, many of us are working from home (perhaps permanently). That often means things like connecting to the company network from your living room, and downloading proprietary information rather than just cat videos. This make the information running through your home internet connection vastly more valuable to hackers and other creeps than it used to be.

Failure to secure your internet connection with a VPN could cost your company a fortune.

vpn router

And finally, there’s also the convenience factor.

Using a VPN on your router will extend the benefits of a VPN to all your devices, without having to download VPN software on each device.

As you can see in this guide, a VPN router is a powerful solution that you can implement. Whether you’re a tech newbie or a super geek, using a good VPN router is a smart choice to protect all of your devices.

Fully revised and updated on August 13, 2020.

Sven Taylor

About Sven Taylor

Sven Taylor is the founder of Restore Privacy. With a passion for digital privacy and online freedom, he created this website to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics. His focus is on privacy research, writing guides, testing privacy tools, and website admin.

Reader Interactions

Comments

  1. Avatarmato

    August 11, 2019

    Hi, I’d like to brought to your attention Turris routers from CZ.NIC — https://www.turris.cz/en/ — powerful, flexible, open-source, active development, growing community. There’s a lot to like for regular users, enthusiasts, nerds, hackers.

    Reply
  2. AvatarSrini

    August 4, 2019

    Hi Sven,

    Great article…giving good insights. Loved it.

    Quick Question: I have an expressvpn subscription that I have loaded onto my RT-AC88U that’s running the latest Merlin firmware. I have a 100 mbps connection but OpenVPN maxes out at 31 – 34 mbps.

    Do you think this latest RT-AX88U will help my cause? Will it give me speeds around 80 to 90 MBPS? I read on [http://privateinternetaccess.com] that this ax88u has an encryption chip and that the CPU is not overloaded with encryption / decryption. Instead it is offloaded to this new encryption chip, thus allowing for faster speeds. Is this true? Will it help?

    Also, does ax88u support AES-NI? If not, is that a deal breaker?

    Thanks a million for your great work that you do for the community!!

    Reply
    • Sven TaylorSven Taylor

      August 4, 2019

      Hello, not sure about this as I have not tested or researched that router. You may also want to check out the SmallNetBuilder forums, as I’m sure it’s discussed there.

      Reply
  3. AvatarWade

    July 4, 2019

    Hey Sven .. great article.
    I am looking at protecting my Apple TV with VPN. The Apple TV is currently hardwired (Ethernet) to a standard non-VPN-enabled router.
    If I get the VPN-enabled Asus RT-AC86U router will that provide me with the VPN protection necessary or will I still need subscribe to Express VPN and upload the Express VPN software to the new PN-enabled Asus RT-AC86U router?
    cheers

    Reply
    • Sven TaylorSven Taylor

      July 4, 2019

      Hi Wade, just for clarification, none of these routers come with a VPN subscription, that needs to be purchased separately, then you load your VPN’s config file(s) onto the router and you’re good to go.

      Reply
  4. AvatarMarc

    June 27, 2019

    Hi Sven, a question. Have you tested or think would be easier to me to setup the vpn directly at the swisscom box ? Would be safe ? They put at their instructions all data if a client want to do it. Thanks as always.

    Reply
    • Sven TaylorSven Taylor

      June 28, 2019

      Hey Marc, sorry I’m not sure on that as I’ve never dealt with a Swisscom box.

      Reply
  5. AvatarGhost Warrior

    June 21, 2019

    Thank You Sven for your quick reply.
    I just ordered the Asus RT-AC86U (AC2900) router and plan on installing the ASUS Merlin Firmware and getting an ExpressVPN account and selecting a server near me in the Southeast United States. I also ordered a new DOCSIS 3.1 Gig-speed cable moden (Motorola MB-8600).

    I have a couple quick follow up questions.
    (a) From your thread; it sounds like OpenVPN uses a single thread and will only use 1 CPU core. Based on that, having the ASUS GT-AC5300 with 1.8 Ghz quad cores would not likely significant increase my VPN speeds over the ASUS RT-AC86U that has 1.8 Ghz double cores and likewise has AES-Ni.
    Is my understanding / previous statement Accurate?

    (b) If I use something other than OpenVPN, like L2TP, PPTP or other encryption protocol; Will I be able use more than one core so that I utilize more of the Router’s processing power?

    (c) Similar to question #b above; if I use an alternate firmware other than the factory AsusWRT or Merlin; Will I be able use more than one core so that I utilize more of the Router’s processing power?

    (d) Do you know the realease dates regarding which of the following ASUS routers are the newer for the following route
    GT-AC5300:
    RT-AC5300:
    RT-AC86U (AC2900):

    (e) Similar to question #d above; do you know if there is a newer more powerful VPN capable router than the three ASUS Routers indicated above?

    (f) Do you if using the ASUS Merlin Firmware on the ASUS RT-AC86U will allow me the option to select specific devices to not use the VPN to access the internet while everything else uses VPN? (ie: I want to exclude my sons computer that he games on, Xbox One game system & Roku media player, so that they don’t have a reduction in internet speed by going through the VPN.)

    (g) SABAI Question: Would there be a significant increase in VPN speed / benefit to getting the Sabai Passport and flashing the RT-AC86U router?
    Currently my ISP says I get & pay for 150 Mbps speeds, so maybe Sabai would only be beneficial if I paid for higher internet speeds or Gig-bps speeds.

    Sidenote, while my ISP says that I get 150 Mbps; with my current cable modem & ancient non-VPN router without any VPN services, I typically only see 15 Mbps or less for download and my upload speed is typically a few Mbps higher than my download speed, based on when I run a speedtest online. But, I am hoping that Docsis 3.1 Motorola MB8600 cable modem & ASUS RT-AC86U router make a difference, otherwise any hit to speed due to adding a VPN service may be unbearable.

    Thank You in advance for your guidance.
    Best Regards,
    Ghost Warrior

    Reply
    • Sven TaylorSven Taylor

      June 23, 2019

      a) Yes, OpenVPN is single threaded.
      b) You could perhaps get better speeds with other protocols, but OpenVPN is still the best choice from a security standpoint.
      c) I don’t think so.
      d) No idea on release dates.
      e) I’ve heard of the Vilfo router but have not tried it.
      f) Yep, selective routing is possible with the Merlin firmware.
      g) No, I don’t think Sabai OS would affect speeds, it’s just a router firmware, but speeds are determined by the router’s processor. Sabai OS might be a good fit if you don’t like Merlin.

      Reply
  6. AvatarGhost Warrior

    June 21, 2019

    Great article Sven and very helpful.

    Please Help Me.
    I am looking to setup a VPN on a Router and I am have trouble deciding if I should get an Asus RT-AC86U (AC2900), or RT-AC5300, or GT-AC5300. The key items / features that I want to achieve in order of priority are as follows.
    Priority Items / Features:
    ● VPN at router level so that all devices go through VPN.
    ● Router powerful enough to minimize any reduction to internet speeds due to using a VPN.
    ● Option to have select devices not use VPN to access the internet while everything else use VPN. (ie: I want to exclude my sons computer that he games on, Xbox One game system & Roku media player, so that they don’t have a reduction in internet speed by going through the VPN.)
    ● Dual Wan support. (I have checked and all 3 Asus routers support Dual Wan.)

    Seconday Items:
    (Features / items that I would like but can compromise on in order to get the priority items indicated above):
    ○ Extended WiFi coverage & speed.
    I do have CAT6 cables wired throughout the house, but I use WiFi on select device anyway due to lightning frying all my devices connected to via RJ-45 CAT6 cables, plus my wife & son use WiFi on there Phones constantly to stream videos & download.
    ○ I am not sure if I will use Merlin firmware or the extent of its advantages, but it seems like for a lot of people that not having the Merlin option is a deal breaker, so I would like to have the option, but not at the expense of overlooking the GT-AC5300 if the 1.8Ghz quad processors will mean that the Internet through the VPN will be faster than the RT-AC86U’s dual 1.8 Ghz processors. The kill switch & multiple VPN client option in Merlin seems beneficial, but I mostly want as little reduction to internet speed as possible & being able to have select devices not use VPN at all in order to not impact gaming and streaming.
    ○ As many ‘useful’ additional features / options as possible, but not at the expense of the priority item indicated at the top of my comment.

    It seems like the GT-AC5300 is the best, but various online comments from GT-AC5300 owners have indicated troubles with being able to setup / use VPN client services and/or the number of supported VPN available are limited, (trouble using Nord, ExpressVPN, PureVPN, etc…). So I am concerned that the selection of available VPNs will be limited and possibly won’t be able to use the fastest & most reliable VPN service. Also, the GT-AC5300 doesn’t work with Merlin, but I am not sure if thats a big deal or not, so I can live without it, I think.

    The RT-AC86U seems like its more powerful than the RT-AC5300 but less powerful than the GT-AC5300. The 86U also has the A53 chip for decoding, as does the GT-AC5300, but may have less WiFi coverage & speed than both the AC5300s and possibly less features.

    I am leaning towards the GT-AC5300 for max processing power & B53 chip and option to exclude devices via VPN Fusion, but concered about limitations on VPN services. The RT-AC86u seems like the second best option and uses A53 chip, but I am not sure I have the option to exclude gaming devices from using the VPN in order to optimuze speed. It also likely as less WiFi coverage but I can alway create a second or third hot spot on with my older routers acting as a switch/hot spot.

    I have no experience with VPN’s, nor VPN capable routers, so Please help me decide if I should get the GT-AC5300, RT-AC5300 or RT-AC86U (AC2900)? Which one will provide the fast VPN throughput while allowing me to exclude devices from going through the VPN and be compatible with some of the VPN service providers that are fast & reliable.

    Also, which VPN services are known for speed, reliability & anonymity at a reasonable monthly cost?

    Thank You in Advance for your help.
    Best Regards,
    Ghost Warrior (aka VPN Newbie)

    Reply
    • Sven TaylorSven Taylor

      June 21, 2019

      Hi there, I can’t give a detailed comparison between the AC86U and the AC5300 because I have not tested them, but the AC86U seems to be a favorite for VPN users from what I’ve seen. I’ve been testing VPN speeds a lot lately and ExpressVPN comes out on top by a long margin. VPN.ac is also pretty good to for speeds, along with Perfect Privacy. Choosing the closest VPN server to your location should also help give you the best speeds.

      Reply
  7. AvatarSN

    April 26, 2019

    Hello Sven,
    I read your article and after searching for speeding my VPN, it is well thought out and complete. The thing I didnt find, or missed, is the speed difference between using a VPN’s app and adding a VPN to a router. I have an ASUS AC68U running Merlin & have been using Private Internet Access for several years. Speeds using the PIA app are only slightly slower (105 Mbps verses 125 Mbps). When configuring the router my speeds drop to around 35 Mbps. I have read that this is due to the router not having sufficient CPU capabilities to handle the VPN effectively. I am guessing that is why the VPN accelerator in your article is far faster than the other options, in your accelerator review this is also indicated. Can I make my own accelerator? I have been unable to find any articles or resources to accomplish this. Thank you for any replies.

    Reply
    • Sven TaylorSven Taylor

      April 26, 2019

      Hello. Everything you said is basically correct. 35 Mbps is to be expected with the Asus AC68U and the processor it has, and yes, the PIA app on your computer will have much better speeds due to more processing power. With your last question, yes, you could make your own accelerator, because all that is doing is offloading the encryption onto the mini-PC, with the router acting as the access point. Regarding setup, there are lots of different setup options, firmware, hardware, etc. to consider. You may want to check out pfSense.

      Reply
  8. AvatarGlynn Taylor

    March 19, 2019

    1. Million dollar question: Do you feel this 2017 article is still up-to-date for 2019?
    2. Important question: a) Are two-in-one ‘router modems’ (modem with the router built-in) being taken into consideration?
    b) Are they more or less secure than a seperate modem and router setup and why?
    c) What is your reccomendation?
    3. Do you feel ASUS still makes good routers?
    4. Would you still reccomend the routers you listed in this article?
    5. What newer 2019 ASUS routers would you reccomend?
    6. What current alternative router would you reccomend instead of ASUS?

    Reply
    • Sven TaylorSven Taylor

      March 19, 2019

      Hi Glynn, I still think the Asus 86U is a great all-around router. I’m planning on updating the guide soon and will answer all these questions with the next update.

      Reply
  9. AvatarExpressvpn

    January 28, 2019

    Will I still need to subscribe to a VPN service like Nord or expressvpn to use the VPN on the router? My use case is that I now have a expressvpn subscription that I use with my desktop laptop and mobile phone. Since there are other devices on my home like smart TV tablets etc which I’d also like to route through VPN will getting a ac86u work ?

    Reply
    • Sven TaylorSven Taylor

      January 28, 2019

      If you have an existing subscription to ExpressVPN, you can use the VPN on your router, which will count as one connection. Note: you can use ExpressVPN on as many devices as you want, but only three simultaneous connections are permitted. Once you get ExpressVPN loaded on your router, it will protect every device that you use on your network, from tablets to smart TVs – a good idea.

      Reply
  10. AvatarJohn Navas

    January 25, 2019

    >Stock firmware (AsusWRT) less secure due to irregular updates (solution: upgrade to Merlin)

    With respect, frequent updates do NOT increase security; in fact, just the opposite. It takes time to carefully design, implement, and test firmware properly. Plus there is the issue of the user time it takes to properly test and qualify new firmware releases. Stable releases of Merlin are not demonstrably more secure than stock ASUS. For every bug fixed, there’s a substantial risk of introducing other bugs, yet another case of the Law of Unintended Consequences. As a networking and security professional, all my ASUS deployments are stock firmware. I would only use Merlin for an essential feature not in stock ASUS, and only after careful testing and qualification.

    Reply
    • Sven TaylorSven Taylor

      January 26, 2019

      Hi John, good points, every new update can create new issues and vulnerabilities.

      Reply
  11. AvatarPennywise

    January 15, 2019

    Hi Sven,

    I am really tempted by either the AC86u or the AX88u (the AX mainly because I do not like that the AC needs to stand up). But: Both do not support WPA3 even though the AX88 is a very new router and very expensive also. Would you consider this a major drawback down the line for personal use or not so much?

    Thanks.

    Reply
    • Sven TaylorSven Taylor

      January 16, 2019

      Well, I’m not a fan of using WiFi at all due to security risks, and instead just using ethernet cables, which also give you better speed.

      Reply
      • AvatarRichard Clegg

        April 9, 2019

        All great comments Sven (& from commentators). Trouble is, many (most?) of us on here don’t have the Net/Security skills/experience of some, so grateful if the recommendations also always take that into account. Tks. all for this invaluable knowledge exchange.

        Reply
  12. AvatarMICHAEL I RANSIER

    January 3, 2019

    Since this was published has there been a update concerning the following portion of this web site,

    • ExpressVPN (review) – installation guide and router review forthcoming ?

    Reply
    • Sven TaylorSven Taylor

      January 3, 2019

      Hi Michael, thank you for the reminder. I need to get the router and write up an installation account on that, I’ll add that back to the content schedule.

      Reply
  13. AvatarDavid

    January 2, 2019

    I want to bypass clixsense with a VPN and I found out that clixsense still dectect am using VPN and block me and I want to prevent clixsense from dectecting me what should I do

    Reply
  14. AvatarJason

    December 6, 2018

    What about Vilfo.

    Reply
  15. AvatarMatt

    October 14, 2018

    Hi Sven
    After reading your excellent articles i decided to purchase the ASUS RT-AC86u and took out a supscription to VPN.AC. I can easily hit speeds of 50 MPS using 128 bit Open VPN with selective routing enabled using Merlin Firmware. It has been a fantastic piece of kit and i can stream HD Netflix and Amazon Prime through the VPN without issue.

    One thing to note though and one i would like your opinion on. The ASUS RT-AC86u router comes with Trend Micro Air Protection enabled as standard. This might be a privacy concern as the only way Trend Micro can be providing this service on this router is sending the DNS results of your internet usage to their DNS malware database. There is an option to opt out of this service but when enabled it will still work regardless of if you have the Open VPN client setup or not. Same goes for the parental DNS blocking as well which is actually good as you can have a secure VPN connection and AI protection in tandem.

    It’s actually a pretty useful and powerful security feature and while i am happy for it protect my devices behind the VPN Router not everyone will be.

    I think the only way to bypass the Trend Micro AI protection (while not constantly turning it on and off) is to have a seperate VPN client enabled on a device. So for example my Smartphone would go through the router VPN tunnel and then its own seperate VPN tunnel using the VPN app software.
    Would you think this is a good set up?

    Reply
    • Sven TaylorSven Taylor

      October 15, 2018

      Hi Matt, the Trend Micro issue is interesting. I’m looking into this more – no clear answer yet.

      Reply
      • AvatarRich

        April 29, 2019

        I greatly appreciate your site, it’s been extremely helpful. I found this article on trend micro in ASUS routers and thought you might be interested.
        [https://www.ctrl.blog/entry/review-asuswrt]

        Reply
    • AvatarJust a Guy

      October 25, 2018

      Hi Matt.
      I do not agree on Trend Micro services. It’s an Opt-In feature, thus not enabled by default. Once you try and enable any of the services, it will ask you to accept the terms and conditions. I bought the device in Spring 2018, and still haven’t enabled any of the services, and it works fine with VPN (also VPN.ac by the way).
      Regarding the feature itself, I would not put much trust in it if I were you (or in Trend Micro whatsoever). One of the reasons why can be seen here:

      Here is a more detailed view:

      Better make good use of Firewall section of the router instead, which allows you to basically block traffic for specific IPs on your LAN to specific services. The only thing is, you’d have to either populate that list in time, or search for one on the net. It might be easier to simply use some kind of ad-blocker. I’d suggest either using AB-Solution, designed specifically for some ASUS routers, or buy some IoT device like Raspberry Pi and install Pi-hole on it. The drawback of AB-Solution is the fact that you’ll need to set DNS servers explicitly, so it’s somewhat leaking DNS (though you can set it to VPN provider’s DNS servers), whereas the drawback of Pi-hole is very minor delay due to the fact that the router will have to make a cyclic call (Router -> PI (to block certain domains) -> Router -> VPN DNS). In both cases, traffic will be routed through VPN.
      Hope that helps =)

      PS: When I was looking into routers, I was choosing between ASUS RT-86AC and LinkSys WRT3200ACM and due to lack of actual VPN speed tests between the two, ended up buying the one that had more reviews and somewhat better reviews on Amazon. The biggest advantage of LinkSys is OpenWRT support, where you can “science (configure) the shit out” of it and forget about the bloatware which is present on Asus. I might actually end up buying LinkSys for the sake of VPN speed tests, if I don’t end up configuring some mini PC with pfSense (which is basically the best solution in terms of speed, security and privacy IMHO).

      Reply
  16. Avatardaz

    September 24, 2018

    Great article very informative, yet, I’m still puzzled.
    My router LinkSys WRT3200ACM has a VPN Client option, it can also be flashed with DD-WRT and OpenVPN *server*.
    Now, I want to prevent my ISP from snooping, blocking content, hide my IP and son on; what I dont undertstand is if I’m running a VPN *Server* on the Router, why do I need a VPN Server in the cloud (a VPN “Service”)? Isnt the VPN Server on the router doing this? If not then what’s the difference between Server on the Router and Client on the Router?
    If i do need a VPN Service, in the cloud, would it not be better for me to have a small hosted server in the cloud, something like Digital Ocean’s “droplets” and install OpenVPN server in that. This way I’d have a VPN of *my own* AND be able to have static IP and so on. The cheapest way would be 1GB RAM, 1xCPU, 25GB SSD, 1TB transfer droplet at $0.007 per/hour. I only use it maybe 8 hrs a day.

    Reply
    • Sven TaylorSven Taylor

      September 25, 2018

      What this guide is discussing is using the router as a VPN client. In other words, the router is establishing an encrypted connection to a VPN server (one of the servers in your VPN’s network, such as in New York for example). Then, any device that connects to your router on your home network will go through that encrypted VPN tunnel and utilize the IP address and location of the VPN server in New York, for example. The graphic in this guide shows this.
      Using your router as an independent VPN server is something different. That feature allows you to connect back to your home router/VPN server from other locations outside of your home network. That’s not the subject of this guide, however.

      Reply
    • AvatarJust a Guy

      October 25, 2018

      I think static IP is quite a drawback from the point of view of privacy.
      Moreover, the number of devices connected to this host is going to be limited to your personal devices, thus “hiding in the crowd” won’t apply.
      In addition, VPN service security is going to be a burden.

      But hey, it’s your choice =)

      Reply
  17. AvatarSabyasachi Bose

    September 14, 2018

    Hello Sven. Comprehensive and insightful review.
    I installed a ASUS RT-AC5300 router and configured VPN with ExpressVPN. Using OpenVPN protocol my download speed degrades from 500mbps (from fiber ISP) to 25mbps. The speed degradation is less severe with L2TP protocol. In your opinion would i achieve better OpenVVN performance from one of these options below:
    1. Switch to ASUS RT-AC86U that supports AES-NI
    2. Add a VPN server like pFsense on a standalone PC with a AES-NI processor to offload VPN processing.
    3. Add a VPN accelerator like Sabai Technology.
    Which of these above options may yield the most performance gains.

    Reply
    • Sven TaylorSven Taylor

      September 14, 2018

      Hi Sabyasachi, all three options should give you better speeds. I hit over 100 Mbps with the Sabai VPN accelerator (see review) – essentially maxing out my internet provider connection. Their newer VPN Accelerator model is more powerful than the one I tested last winter. I’ve also heard that performance with the Asus RT-AC86U is quite good (over 100 Mbps).

      Reply
  18. AvatarJacob

    August 28, 2018

    Thanks for this review as I found it really informative. I am quite green about VPN’s so I got one question for you all. I just subscribed Surfshark and thinking of using VPN through my router. Would that Linksys router would work on my VPN? Thanks in advance for everyone 🙂

    Reply
    • Sven TaylorSven Taylor

      August 28, 2018

      Yep, just upload the OpenVPN configuration files for the server locations you want. ExpressVPN has a good router app for a few of the Linksys models. This will allow you to use their split tunneling feature and also easily switch server locations within the app.

      Reply
  19. AvatarVPN solutions

    August 17, 2018

    Hi Sven, have a question. What can you recommend – lower price router and better VPN service, premium router and any VPN service or router with integrated VPN service? What combination is safer, faster for home network and 5+ devices?

    Reply
    • Sven TaylorSven Taylor

      August 18, 2018

      If you don’t have a good VPN that offers adequate bandwidth and reliability, the router won’t matter and the performance will still suffer. For what you describe with a home network and multiple users, the Linksys WRT AC3200 with the ExpressVPN router app may be the best fit. This allows you to selectively route devices to either go through the VPN or not. And with ExpressVPN, you will also get top performance.

      Reply
  20. AvatarLitho

    August 4, 2018

    Greetings. Loving your site. One question though. You seem to rate Sabai routers quite highly. One thing that bothers me is thier track record with regards to security and feature updates to their routers. I can’t seem to find anything related to that on their website. We’re getting all sorts of vulnerabilities with routers these days, mainly due to their OEMs running outdated/vulnerable libraries or kernels. Even the most security minded corporate routing providers often have to release monthly firmware updates to keep their users safe. How does Sabai fare on that front? What has their track record been like (like how fast they move to fix vulnerabilities) relative to open source projects like OpenWRT/LEDE/etc or corporate/commercial providers like UBNT?. Have Sabai communicated any of these support promises in writing on their site?

    Reply
    • Sven TaylorSven Taylor

      August 4, 2018

      I asked Sabai about this topic before and they said they typically update their Sabai OS firmware 3-4 times per year, as necessary, depending on any security issues they become aware of.

      Reply
  21. AvatarJason

    August 3, 2018

    Hi Sven,
    I’m looking at the Asus RT-AC68U Router x 2, one as a VPN server at my house and one as a VPN client at my daughters house.
    My WAN is a standard ADSL 2+ router running a DHCP server.
    My question is that once the tunnel is established, will the devices (a camera and laptop) that will be plugged into the AC68U at my daughters house automatically be assigned IP addresses in my LAN’s range therefore become part of my home LAN or will a form of NAT be applied across the tunnel?
    Thanks for your time.
    Jase

    Reply
    • AvatarMarty

      August 7, 2018

      Hi Sven
      I’m completely new to all this so I probably need vpn for idiots help. Having read your best vpn guide I’m considering using expressvpn. My dilemma is Due to my location I have pathetic internet speed (about 6 mbps download) so would I be better just using Mac app or going for something like Asus RT-AC68U router to minimise any loss of speed?

      Reply
      • Sven TaylorSven Taylor

        August 8, 2018

        Hi Marty, I would recommend using the Mac OS app because it will give you more features, better speed, and easy server selection, as compared to using the VPN on a router. ExpressVPN is also offering a coupon for three months free (applied on checkout page). The RT-AC68U is a decent model, but if speed is your primary concern, I’d recommend using ExpressVPN’s Mac OS app instead.

        Reply
  22. AvatarPaul Gadsdon

    July 28, 2018

    Great farticle, but you didnt mention the fact that none of these routers come with a vdsl modem, so all will need one?

    Reply
    • Sven TaylorSven Taylor

      July 28, 2018

      You can run any of these routers behind the modem or router you need for your ISP.

      Reply
      • AvatarPaul

        July 31, 2018

        Is this in bridged mode as I have read that my ISP vodaphone router cannot be run in bridged mode

        Thanks for the reply

        Reply
  23. AvatarPat

    July 11, 2018

    Also (sorry for the two questions), it’s hard to find a computer these days with a PCMCIA slot, so what is the alternative so that one can have that extra NIC connected?
    Thanks.

    Reply
    • Sven TaylorSven Taylor

      July 12, 2018

      I’ve never gone with the old computer/pfSense router option, but for adding a second NIC, this article may be of assistance…

      Reply
  24. AvatarPat

    July 11, 2018

    Hi.
    The video about setting up the PfSense router is very good. The only problem with this method is that all devices need to be plugged into the switch.
    Is there another way – while still using PfSense – to securely access the internet while using our wireless devices?
    Thanks.

    Reply
    • Sven TaylorSven Taylor

      July 12, 2018

      You would need to add a wireless access point to the switch. I see in the comments that these guys recommend Ubiquiti Unifi devices for an access point.

      Reply
  25. AvatarJohn Souvestre

    June 26, 2018

    > Therefore, with a VPN, a 1.0 GHz dual-core router (500 MHz per core) may be faster than a 1.4 GHz quad-core processor (350 MHz per core).

    I believe this is incorrect. All of the cores run at the stated clock speed. So in the single-treaded VPN case, a 1.4 GHz processor will run the VPN faster than a 1.0 GHz processor, regardless of the number of cores.

    Reply
    • Sven TaylorSven Taylor

      June 26, 2018

      Hi John, agreed, I have removed that sentence. OpenVPN can only be single threaded with one core, and QOS also affects performance, but raw CPU is still the determining factor, regardless of the number of cores. The guide is now updated.

      Reply
  26. AvatarGeorge

    June 2, 2018

    Has anyone tested Linksys WRT3200ACM with OpenWrt or or Netgear X8000S a VPN service on it?
    What are the results?
    As far as I see, the both have a 1.8GHz dula-core CPU (as ASUS RT-86AU has), so the performance should be similar I guess… Netgear has additional load-off CPUs…
    Thanks.

    Reply
    • AvatarJust a Guy

      October 25, 2018

      Hi George.
      My choice was between Asus RT-86AC and Linksys WRT3200ACM, because Netgear X8000S was rather expensive in comparison with the 2 mentioned above.
      I ended up buying Asus just because it seemed to be more durable judging from the reviews on Amazon and Linksys seemed to be dying out after 6 months, and I wouldn’t be able to apply for warranty, as I bought it in US, and I left US without being sure I’d come back =)
      Big advantage for Linksys is OpenWRT support, which gives you freedom to configure everything. Asus is nowhere near that flexible with either stock or Merlin firmware.

      Reply
  27. AvatarHS

    May 11, 2018

    Hey Sven,

    Very informative article! I had a question.

    I have an Asus AC-68U router and wanted to run vyprvpn through it. was wondering if it’s possible to create 2 different separate wireless networks on same router: 1 network running through vpn and other network running without vpn?

    I don’t want every device running through the vpn. Phones and smart devices around the house are not necessary to run through vpn. Computers/laptops and streaming devices like NVIDIA Shield are the essential things I need running through vpn (due to obvious reason – kodi). There are more than 5 devices so I am at the limit if I was to run each device separately through the vpn.

    I thought about putting vpn on router itself and running everything through the vpn. The problem with running everything through router vpn is that things like banks are somehow able to detect I’m using a vpn & deny access so I can’t run everything through the vpn. I need to have a secondary network without vpn I can switch my device to and bypass the vpn.

    Would I need 2 separate routers to accomplish that? Is that the only way?

    Thanks!

    Reply
    • Sven TaylorSven Taylor

      May 11, 2018

      Hi HS, you could do this by flashing your router with Merlin firmware, and then configuring which devices go through the VPN and which do not.

      Reply
      • AvatarHS

        May 12, 2018

        I see. Is it this firmware?: Asuswrt-Merlin from https://asuswrt.lostrealm.ca/

        Thanks!

        Reply
        • Sven TaylorSven Taylor

          May 12, 2018

          Yes.

  28. AvatarPatrick

    May 6, 2018

    Hi Sven.

    I was sitting here, wondering…
    VPNArea is now supporting IKEv2, however, they mention that OpenVPN is the safer choice whereas IKEv2 offers 50-100% faster speeds.
    OpenVPN already seems rather fast, but…
    What would you recommend yourself, and why?

    I also think that this would be a good idea to write a blogpost about for future reference, however, for now a quicker answer would be awesome.

    Thank you in advance 🙂

    Reply
    • Sven TaylorSven Taylor

      May 7, 2018

      Hi Patrick, thanks for the feedback. Each protocol has pros and cons, but I agree that OpenVPN is probably the best all-around option. IKEv2 can be a good choice with mobile devices, particularly iOS, because you can configure it to be “always-on” and leak-proof without any VPN apps. IKEv2 can also be used natively without apps on Windows and Mac OS. Both OpenVPN and IKEv2 appear to be very secure VPN protocols, but OpenVPN has the advantage because it is an open source project.

      Reply
  29. AvatarTheodore

    May 3, 2018

    Hi Sven,
    Thanks for this incredible website, and your blog as well, which is essential reading.
    I have an Asus GT-AC5300 and want to set up the Rapture Fusion VPN. I also have the RT-AC5300 in a box on the floor, not using it. I am familiar w/the setup for that, but have not set up a VPN.
    When I got the new router I signed up w/NordVPN and paid for several years, without calling them first, When I called them, they told me they don’t support the GT-AC5300. They seemed to be saying it wasn’t possible to set up a VPN w/them w/this router, yet a couple of other VPN providers told me they could do it. I also called Asus, who said it is possible, but they wouldn’t walk me through it. 😉
    Since I had already paid NordVPN, I was persistent, certainly it must be possible, right? It got pretty nasty and that was that. I gave up for months after tinkering more with it myself. But I have a NordVPN login, their servers, and I’ve paid, so I want to just log in with the VPN and if they challenge me I will point out that I’ve paid (or bite the bullet and sign up w/a different VPN provider).
    My question: How do I set the GT-AC5300 up as a (Fusion) VPN? Can you provide as much detail as possible and links if you have them? Thanks very much.

    Reply
    • Sven TaylorSven Taylor

      May 3, 2018

      Hi Theodore, this looks like an interesting case because one of the product features for the Asus GT-AC5300 is VPN support. However, it looks to be different from other routers and is not supported by Merlin firmware.
      Perhaps this support page may help, but unfortunately I do not have this router and can’t offer any concrete tips.

      Reply
  30. AvatarJosh

    April 30, 2018

    So, if we take the price range of 200$ (relative mid-high-end), and the advice of having greater clock speed with less cores (encryption), I found a battle between 3 routers:
    1. Asus RT-AC86U
    2. Linksys WRT3200ACM
    3. NETGEAR Nighthawk X6S AC4000 (or even lower-end Nighthawk X4S AC2600)
    I also haven’t found any confirmation that Asus has AES-NI encryption acceleration. Moreover, haven’t found any descriptive info about the processor those models have. Netgear says it has 64-bit Dual-Core 1.8GHz Processor with 3 Offload Processors, which seems like it should outperform the rest, but who knows.
    Speaking of the VPN, I have VPN.ac (but I’ll probably be switching to NordVPN on next subscription).
    Speaking of my current router, it’s TP-Link Archer C7 with OpenWRT on it (not goot vor VPN client with OpenVPN)

    In these circumstances, what do you suggest?

    Reply
    • Sven TaylorSven Taylor

      May 1, 2018

      Hi Josh, yes it is annoyingly difficult to get processor information on different routers. Even the official site for Asus is lacking in regard to these details.
      I was mainly going off the Merlin firmware developer who works with Asus and knows the specs. His early testing of the Asus RT-AC86U when it first came out was surprising with the speeds. Many others have confirmed similar speeds with different VPN providers – see this forum thread.

      Reply
« Older Comments
Newer Comments »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended Privacy Setup

  1. Private and secure browser: Modified Firefox or Brave
  2. VPN: NordVPN with [68% off coupon] or Surfshark with [81% off coupon]
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or ProtonMail
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Swisscows
  7. Password manager: NordPass or Bitwarden

Support this Project

Restore Privacy was created to provide you with honest, useful, and up-to-date information about online privacy and security topics. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others.

You can read our mission here.

Restore Privacy is also on Twitter

COPYRIGHT © 2021 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP