How to set up a VPN on a router | Kaspersky official blog
Credit to Author: Stan Kaminsky| Date: Fri, 09 Jun 2023 11:17:22 +0000
VPNs are getting more popular by the day: better privacy, access to the content you need, and other advantages have won over even those not much interested in technology. To enjoy these benefits on all home devices — including computers and smartphones, game consoles and smart TVs — the best way is to set up a VPN directly on your router (aka “Wi-Fi box”). That way, there’s no need to waste time configuring a VPN on each device separately, plus you get all the benefits even where VPN support is lacking, such as on a smart TV or game consoles. Sounds interesting? Then let’s get started!…
VPN requirements
To protect your entire home network with a VPN, both your VPN and your router need to support this option. The first thing to note is that most free VPNs don’t offer network protection at the router level. Nor will your VPN run on the router if the VPN exists only in the form of a browser add-on or mobile app. If you’re not sure whether your VPN supports router-based operation, read the manual or contact tech-support.
It’s important to find out the details from tech support, not just a “yes/no” answer. What specific VPN protocol can be used for the router (and the whole network)? Are all the VPN servers you need available using this protocol? Armed with this knowledge, next go to the technical support site for your particular router.
Router requirements
First of all, the router must support sending all home traffic through the VPN channel. These days even cheap models have this feature, but there are still cases when a router can’t work with a VPN, especially if it’s leased out by the internet service provider (ISP). What can also happen is that the VPN is already being used to create a channel from the router to the ISP and is a part of the standard home internet setup. This kind of “VPN service” usually doesn’t provide the core benefits that most users want.
You can check your router in three ways:
- Go to the web control panel (the address and password are usually shown on the underside of the router) and study the available settings
- Read the documentation on the router vendor’s website
- Contact the vendor’s technical support or — if you got the router from your provider — get in touch with its tech-support
If your ISP doesn’t offer VPN support, consider switching provider. If the problem lies with the router itself, check for an alternative firmware that has the functionality you need. The best known are DD-WRT and OpenWRT — the links point straight to a page where you can check your router’s compatibility. Replacing the router firmware can be technically challenging, so make sure you fully understand both the procedure and risks before starting.
After making sure that the router offers VPN support in the first place, next check which specific VPN protocols it can use. The most common are OpenVPN and WireGuard, with each having its own pros and cons.
OpenVPN has been around for a very long time and is widely supported by routers, but doesn’t usually provide maximum VPN speed, and also puts a heavy load on the router’s processor. For cheap routers with a weak processor, this can affect their performance and overall Wi-Fi speed in the home.
The newer WireGuard protocol is very fast and secure. If you have a really fast Internet connection, WireGuard will outperform OpenVPN in terms of speed and a lower load on the router’s processor. Among the disadvantages are the more involved initial setup (the user has to generate a pair of client keys) and fewer connection options: WireGuard binds the user to a specific server, OpenVPN — to a location, so the latter lets you switch to another server in the same location if the one previously used is down. Besides, not all routers recognize WireGuard.
And almost all routers support legacy L2TP/IPsec and PPTP protocols. We do not recommend them, because they fall short of the latest security standards and don’t encrypt traffic by default. However, if the two more modern options are not available, and a VPN is still needed, better to use L2TP/IPsec or PPTP with traffic encryption enabled than no VPN at all.
How to activate VPN on a router
The specifics differ from provider to provider and from router to router, so we can only describe the setup in general terms.
The first step is to download the right VPN profile from the VPN website. The profile is usually individual, so you need to go to your personal account on the website and find the page with VPN profiles. This might be a list of protected devices where you can add a router, or a special Add Router section, or a section for managing specific VPN protocols (OpenVPN, WireGuard) where you can generate the desired connection profile.
For example, for Kaspersky VPN Secure Connection, you can create a router profile on the My Kaspersky site in the Secure Connection section in three simple steps. Currently, only an OpenVPN profile is offered for routers, but by end of 2023 we plan to provide WireGuard support as well (note that WireGuard is now available in our VPN for Windows).
When adding a new profile in your personal account, you need to answer certain questions. These include the profile name, your choice of server, and so on. The same window often provides space for technical details — such as private keys, names and passwords — but most providers support automatic generation of all this, in which case they can be left blank. Next, a link appears to download the .ovpn file for OpenVPN or .conf file for WireGuard.
For L2TP and PPTP, you don’t need to download anything. Instead, you need to write down some information from your personal account:
- server address for connection
- username and password
- an additional encryption key (pre-shared key, PSK, secret key)
- authentication type (PAP, CHAP)
Having gotten hold of this information, go to the web control panel of the router. Depending on the vendor’s… imagination, you may have to wander through a maze of subsections to get to the VPN properties:
- Asus routers usually have a VPN → VPN client section
- Keenetic routers hide VPN connections under Internet → Other Connections
- in Netgear routers, go to Advanced Setup → VPN service
- in TP-Link routers, open the Network → WAN tab
Take care, because routers can show VPN connections in two forms: as an external VPN connection to your home network (here the router acts as a VPN server and provides secure external access to your local network) and as a secure connection to a remote VPN server (here the router becomes a VPN client that connects securely to the VPN service). You need the second option.
Having found the right section, create a new connection and name it (say, for the VPN service and/or the location of the server), then enter the information retrieved from your personal account with the VPN provider.
For PPTP and L2TP/IPSEC, all information is required, including server addresses. For OpenVPN and WireGuard, attaching the OVPN/CONF profile file is usually enough, but sometimes you might also need to specify a username and password.
For some router models (for example, Keenetic), instead of a profile upload button, there’s a window for entering the VPN configuration; in this case, open the OVPN/CONF file in a text editor (yes, it’s a plain text file, and you can change its extension to .txt if you like), copy all the information from it, and paste it into this window. If you have any doubts about the correct settings, take a look at the router’s setup help pages — they’re usually found right in the Settings window.
Then click the Save button and look for the Activate button or On/Off switch for the VPN connection. That done, the VPN should in theory be on all the time and even activate itself automatically after a router restart. It’s a good idea to check this by going to a site like whatismyipaddress.com or iplocation.net on any home device: they’ll show you which region of the online world you’ve tunneled through to. That’s the VPN setup basically done — all devices connected to the router will now access the internet through an encrypted connection. And some routers even allow you to choose which home devices will connect directly to the internet and which will go through a VPN.
If for some reason a VPN can’t be set up on your router, you can protect your internet access by setting up secure DNS on your router. This won’t give you all the benefits of a secure VPN connection, but it can give you some — such as protecting kids from inappropriate content and blocking ads on all devices.
For maximum protection on up to 10 of your family’s devices, we recommend a Kaspersky Premium subscription, which, alongside protection against viruses, hacking, phishing, and data leaks, includes a fast and unlimited Kaspersky VPN Secure Connection, secure password manager and vault, a one-year free Kaspersky Safe Kids subscription, and many other benefits.