Router with VPN

Discussion in 'Technical Corner' started by JOhnH, Nov 20, 2022.

  1. JOhnH

    JOhnH Touchdown! Greaser!

    Joined:
    May 20, 2009
    Messages:
    13,463
    Location:
    Florida

    Display name:
    Right Seater
    I'd like to install a VPN on my Spectrum router, but it apparently does not support that.

    I'd also like to have a router with more distance. My house is only 2,000 sq ft, but without some complicated wiring the router needs to go in one corner of the house. The master bedroom is in the other corner.

    Can someone suggest a router with good range and possibly a built in VPN? Or is it better to subscribe to a VPN service on a monthly basis? (Do routers with built in VPN require monthly payments?).

    I don't really have a lot of devices: Roku, 2 ipads, 2 iphones, a wireless printer, a garage door opener and occasionally a wifi enabled bbq thermometer.
     
  2. asicer

    asicer Final Approach

    Joined:
    Jan 1, 2015
    Messages:
    8,352

    Display name:
    asicer
    VPN on a router would be a client. VPN itself is a service for which you'd need to select a provider.
     
  3. Bob Noel

    Bob Noel Touchdown! Greaser!

    Joined:
    Jun 7, 2008
    Messages:
    20,089

    Display name:
    Bob Noel
    I'm assuming you mean a VPN server. And you don't need to have a VPN server on your router. You could setup your home network so that all traffic to/from the internet goes through your router to a device that runs a VPN server

    wrt range- there is a trade off between range and speed, especially when dealing with penetration through walls and such. it’s my understanding that 2.4Ghz will have more range but lower bandwidth

    do you want to configure and run your own server?
     
  4. cowman

    cowman En-Route

    Joined:
    Aug 12, 2012
    Messages:
    4,934
    Location:
    Danger Zone

    Display name:
    Cowman
    I’m assuming you mean a VPN for private browsing in which case you will need a service regardless. I have not used a router that has one built in but a word of warning- now and then you’ll run into websites or services that just don’t work right with the VPN and in that case you’ll want to be able to turn it off. It’s a lot easier to turn it off if it’s just running on your computer/phone/etc than having to go into the router setup.
     
  5. Hang 4

    Hang 4 Pattern Altitude

    Joined:
    Aug 18, 2017
    Messages:
    1,785

    Display name:
    Hang 4
    @JOhnH are you sure you don't mean a firewall instead of a VPN?
     
  6. mandm

    mandm Line Up and Wait

    Joined:
    Feb 7, 2020
    Messages:
    861
    Location:
    Chicago

    Display name:
    Michael
    Distance is always an issue with routers, the faster 5GHz and 6GHz do not travel far (maybe 20-25 feet), the 2.4GHz travels a bit further but speed degrades quickly. Mesh routers (aka multiple routers on one system) are expensive and have not been optimized just yet. Extenders significantly decrease performance and are difficult to find the optimal location to install.

    For best performance, you’d want high speed Internet and a modem that gives two wired outputs, your modem and service would need to support this. Modem to router both have to be top of the line, with Cat 6-7 Ethernet cables. Cat5 will degrade performance as it’s peak performance is less than what most city internet provides these days. Your first router would have a short Ethernet cable and wiring a Cat6-7 Ethernet cable to your second router location would give the best performance. Ideally one at each end of the home.

    Having multiple routers on the same WiFi network name causes performance issues and delays or confusion. Having different WiFi names or SSIDs causes delays on your phone or device swapping over to the stronger router when roaming about your home. There is no perfect solution, unfortunately. Once a phone is connected to WiFi it usually tries to keep connected there until performance is nill then it would swap to another one, in the meantime you have significantly slower service until your device works it out.

    For VPN, you have two options, do you want to host a VPN at home so when you are traveling your device can connect to your home network? (This you can setup for free) It would appear to the outside world that you are at home no matter where you are, your device would surf the internet using your home IP and you’d have access to whatever is on your home network.

    Or do you want a paid service, where you are using a variety of known VPN IP addresses. For best performance speed reliability and choice of locations you would typically pay $5 per month. These however do not always work with things like Netflix as they are known VPNs by their IP addresses and some services block all use via those IP addresses. Now if you did a home VPN server, since only you’d be using it then it wouldn’t be a known VPN so you would only face location restrictions.
     
  7. JOhnH

    JOhnH Touchdown! Greaser!

    Joined:
    May 20, 2009
    Messages:
    13,463
    Location:
    Florida

    Display name:
    Right Seater
    I posted the question because I am not as technically savvy as I was when I was in tech support 40-50 years ago. One or two things have changed since then, but maybe this will help explain what I want:

    Other than the fact that I keep hearing that a VPN is rather essential for security purposes (and I don't claim to know all the reasons why), but I am also looking into a VPN so that I can stream football games and other sporting events that are blacked out in my area. And my ROKU device does not support a VPN. I don't think a firewall will help, although I am sure it is a good security measure.

    I was at a friend's house and he had a VPN on his Ipad, so he could watch a football game that was blacked out. But it was a pain for both of us to watch it, and the VPN would not allow him to cast or mirror the game to his TV like he often does.
    HECK NO! I can barely configure and run my Ipad and Windows 10 system.
     
  8. Hang 4

    Hang 4 Pattern Altitude

    Joined:
    Aug 18, 2017
    Messages:
    1,785

    Display name:
    Hang 4
    I'm not as tech savvy as many on this board, but I think that explanation will help others give you some good advice. The part I don't know is how to get your Roku routed through the VPN.
     
  9. mandm

    mandm Line Up and Wait

    Joined:
    Feb 7, 2020
    Messages:
    861
    Location:
    Chicago

    Display name:
    Michael
    Using a VPN is not a necessity for security purposes. Yes if you have a static (fixed) IP address then websites you visit and large companies such as Google, Meta, YouTube etc will collect and sell data on you. Also cookies in your browser do this as well. You can clear those regularly or use private browsing to help but everytime you go online you’d have to re-enter in your data, nothing would be saved or pre-filled.

    Keep in mind that using a VPN runs more data traffic through your modem. Check that you have unlimited data. Also running data through twice and via another channel that you do not control is another avenue to slow down your service. Even if you did control it with the best equipment, your performance would degrade.

    I would recommend getting a VPN subscription on your computer or iPad and paying the $5 per month, you’d be able to swap location settings if one VPN IP didn’t work (if 1000 people are watching the game from one IP address it’s a red flag that providers can easily block), and you can turn it on and off as needed to access what you’d like to instead of creating a bottleneck in your home network. Setting up a VPN on your router would involve some technical skill, even for me as someone experienced I’d have to do some research to figure out how to do it and buy equipment that supports it. There are also VPN boxes supposedly that you can hook up to your router and log onto those separately to utilize their VPN, that might be a little easier to get into, but unsure of their performance.
     
  10. mandm

    mandm Line Up and Wait

    Joined:
    Feb 7, 2020
    Messages:
    861
    Location:
    Chicago

    Display name:
    Michael
  11. Bob Noel

    Bob Noel Touchdown! Greaser!

    Joined:
    Jun 7, 2008
    Messages:
    20,089

    Display name:
    Bob Noel
    to get around local blackouts, one way would be to use a service that will look like a different location. Running a VPN yourself on your router, or some other device in your house, won't do that (unless I'm missing something).
     
  12. mandm

    mandm Line Up and Wait

    Joined:
    Feb 7, 2020
    Messages:
    861
    Location:
    Chicago

    Display name:
    Michael
    Using a VPN you access the internet from the host or server and to the world it looks like you are at that location. Now if a service required both access to your WiFi (can ping location from multiple nearby WiFi routers), GPS, then it becomes more complicated as you have more items to essentially spoof.
     
  13. asicer

    asicer Final Approach

    Joined:
    Jan 1, 2015
    Messages:
    8,352

    Display name:
    asicer
    Here's the thing: A VPN will make the client (and anything that the client serves) look like it is on the same LAN as whatever the VPN provider is on. So if your buddy runs a VPN service on his router and you connect it to a VPN client on your router, everything on your LAN will look like it's on his LAN and any requests the machines on your LAN that go out on the World Wide Internet will go out on your buddy's ISP. The opposite is true if you run a VPN server and your buddy runs a VPN client. If you get your VPN service from a larger commercial provider, those have the ability to randomize the location from where the requests goes out.
     
  14. JOhnH

    JOhnH Touchdown! Greaser!

    Joined:
    May 20, 2009
    Messages:
    13,463
    Location:
    Florida

    Display name:
    Right Seater
    You are making my head hurt. I am giving up totally on ever even thinking about a VPN again.
    But by the way, when I said my buddy had a VPN, he had it on his Ipad, not his router.
     
  15. asicer

    asicer Final Approach

    Joined:
    Jan 1, 2015
    Messages:
    8,352

    Display name:
    asicer
    Right, he was running a VPN client on his iPad. That made his iPad look like it was on the same LAN as the VPN server rather than your buddy's actual LAN. Hope your head hurts a little bit less.
     
  16. JOhnH

    JOhnH Touchdown! Greaser!

    Joined:
    May 20, 2009
    Messages:
    13,463
    Location:
    Florida

    Display name:
    Right Seater
    Yeah, that helps a little.
     
  17. Hang 4

    Hang 4 Pattern Altitude

    Joined:
    Aug 18, 2017
    Messages:
    1,785

    Display name:
    Hang 4
  18. guest user

    guest user Pre-takeoff checklist

    Joined:
    Dec 16, 2021
    Messages:
    310

    Display name:
    just passing through
    @JOhnH allow me to provide a bit of an initial primer on a VPN and then how it applies to your buddy's use. A lot of this you probably already know, but bear with me.
    VPN = Virtual Private Network

    You either HOST the VPN or you're a CLIENT of the VPN.

    If you host the VPN you're allowing devices outside of your local network to connect and act like they are internal to your network. Any communications to the outside world will appear to come from your location. VPN hosting is usually configured on a server or router level.

    If you are a client to the VPN, you are connecting to some other local network. You can do anything local machines on that virtual network can do. Any communication to the outside world (public internet) will appear to come from their location. In the vast majority of cases the VPN client is on the device level instead of the router level.

    In your buddy's case he's connecting to another network and from there able to appear out of market and thus able to stream the game. Simple as can be, right?

    So why did you had a horrible experience with it? Because we now need to talk about some of the underlying realities. VPNs can be a simple <you> connect directly to <them> connection. However, the problem there is that if <them> is compromised, the bad guys can see who is connecting and what they are connecting too. Obviously, this is bad from a security point of view. So, many VPN services route you through many intermediary points so that now the bad guys would have to compromise 4 or more VPN hosts to be able to track what you're doing. Also, some VPNs switch up the routing after x amount of time for the same reason.

    Ok, so you might get some inconsistency during the switch over time, but some extended times were bad also. Why was that? Because you now have to look into the bandwidth of each connection. You might have a 1gb internet connection, but what does each downstream connection have? How saturated are they? What is the quality of their connection? As you can imagine, a lot of VPN points are hosted in lesser quality areas of the world. Especially the free VPN stuff.

    So you now have to decide if the benefit of the VPN is worth the hassle. Yes, you can get high quality VPN access, but it will cost you a subscription. Yes, you can get free VPN access, but it will cost you as well in dubious quality and performance.

    Hope this wall of text was of some benefit.
     
  19. JOhnH

    JOhnH Touchdown! Greaser!

    Joined:
    May 20, 2009
    Messages:
    13,463
    Location:
    Florida

    Display name:
    Right Seater
    Thanks. That helps too.
    As I learn more, the comments in the earlier posts make more sense.
     
  20. mandm

    mandm Line Up and Wait

    Joined:
    Feb 7, 2020
    Messages:
    861
    Location:
    Chicago

    Display name:
    Michael
    You are either a pilot in your airplane (normal), you are a pilot in a friends airplane (your friend is the host and you are the VPN client in your friends airplane, to the outside world people see your friends airplane), or your friend is flying your airplane (you are the host and your friend is the client). Same goes for VPN.
     
  21. cowman

    cowman En-Route

    Joined:
    Aug 12, 2012
    Messages:
    4,934
    Location:
    Danger Zone

    Display name:
    Cowman
    Some people are discussing remote access VPNs but I’m pretty sure OP is talking about modern privacy VPNs.

    The privacy VPNs(I use NordVPN but there are others that are just as good) are like this: say you have a nosy mailman who is looking at all your mail. He can’t see in the envelopes but he can tell where the mail is from and maybe even hold some envelopes up to the light and read a bit. So, you sign up with Mr VPN and all the mail goes to his house, he boxes it up, and forwards it to you. Now all your nosy mailman can see is that you’re getting a plain box from Mr.VPN and he won’t know about all those blue pills and porno mags you ordered.

    Also Mr VPN has houses all over the world so if you want to order some “films” that aren’t allowed in your country you can have Mr.VPN forward that stuff to you. As far as the sender knows you’re in whatever country Mr.VPN’s house is.

    I hope this analogy helps.
     
    Lycosaurus and D.B. Cole like this.
  22. Brad Z

    Brad Z Final Approach

    Joined:
    Dec 28, 2007
    Messages:
    6,520
    Location:
    Alexandria VA

    Display name:
    Brad Z
    Sounds like the OP has watched enough sponsored YouTube videos to be convinced he needs a VPN.
     
  23. JOhnH

    JOhnH Touchdown! Greaser!

    Joined:
    May 20, 2009
    Messages:
    13,463
    Location:
    Florida

    Display name:
    Right Seater
    Not really. I just want to watch some college football games that are blacked out in my area.
     
  24. Brad Z

    Brad Z Final Approach

    Joined:
    Dec 28, 2007
    Messages:
    6,520
    Location:
    Alexandria VA

    Display name:
    Brad Z
    Roger that. I watch a lot of YouTube content and it seems like nearly every content producer shills for NordVPN at some point. That and squarespace.
     
  25. Spring Ford

    Spring Ford Line Up and Wait

    Joined:
    Jul 11, 2018
    Messages:
    623

    Display name:
    SpringFord
    In my experience, with networking a picture is worth a universe of words. The two images show first of all what I think you are wanting to do, illustrated with two routers and two internet connections. The second shows a practical, cost effective, implementation. (I'll bet a cheap broken watch that there are loads of comments saying that two internet connections are not practical, affordable, or necessary;)

    I though have no concrete suggestions as to home use (cheap) router brands/models. Cisco definitely works but obviously crazy expensive and likely impossible to configure for an inexperienced person. Netgear, Draytek likely good. Many others.

    1. Choose a router supported by your VPN provider.
    2. Make sure the Internet port is the right kind. DSL/Ethernet
    3. Check port/WiFi speeds match your needs
    4. Check number of inside ethernet ports sufficient.
    5. Make sure it supports multiple SSIDs with Vlans.
    6. Try to figure out if the VPN implementation allows the separation you want. I think they all will but I am not sure.

    If you have a particular router that interests you, post the EXACT model number, maybe a link and page no. to documentation that shows that it has the required features, and I will try to check it out.

    PoA-VPN-Internet-1.png



    PoA-VPN-Internet-2.png
     
  26. TrueCourse

    TrueCourse Line Up and Wait

    Joined:
    Dec 10, 2019
    Messages:
    691

    Display name:
    TrueCourse
    Everything is covered in the comments above, but I’ll add the following. When traveling more frequently a few years back, especially to Canada, I used my subscribed VPN service to outfox the media provider and watch the show or game I wanted to see. Lately I’ve had more difficulty doing that. Seems like more media providers also get my actual location either thru the GPS on my iPad or some other means. Or, I simply don’t try to watch as many blacked out games as I used to. My wife still can use the VPN to get Canadian shows that aren’t freely shown in the USA.

    You can easily subscribe to a VPN service and give it a try, then cancel if it doesn’t meet your needs of watching the games. Device setup is usually covered well, or your buddy can help you. Sometimes paying for an individual service (ESPN, Peacock, Paramount, etc.) may be similar in price to having a VPN service. However, that can be like whack-a-mole if you have various sports interests like I do. You’ll end up needing multiple providers.

    I was surprised the other day when after some futile efforts to view a blacked-out NCAA football game I simply searched “[Team A] vs [Team B]” on YouTube and, poof, there were multiple live streams of the game by several YouTubers. Watched about 3/4 of the game until the livestream was shutdown (by YouTube?).

    I’m not as tech savvy as I’d like to be but have learned through trial and error. For the technical side of this thread, I have good broadband (300mbps?), have a 2G/5G router next to it, run another cable to an identical router down the hall to more open space. It’s setup as a Wireless Access Point (WAP). I run both a 5G signal and 2G signal. The cameras outside are assigned the 2G that gets through the walls pretty good. The video feed is good enough, but a little choppy. I can also still get a signal on my phone if I’m walking around outside. When inside my phones and tablets are locked onto the 5G signal. For some reason when trying to run the VPN service on my PC it can get a little wonky when I go from VPN on to VPN off. Haven’t figured why yet.
     
  27. guest user

    guest user Pre-takeoff checklist

    Joined:
    Dec 16, 2021
    Messages:
    310

    Display name:
    just passing through
    I'll claim that watch. :stirpot:

    Connecting to an external VPN as a client does not require a dedicated router. The only benefit to having a second router / network on the home router is if you have multiple users who need the VPN and cant be bothered to use an app on their personal device. The flip side is you now need to remember to connect to the correct SSID.

    From the hosts point of view, NORD-VPN-HQ in this case, all they care about is whether the connection incoming has the correct login protocol and credentials. Nothing else.

    Also, unless you are calling individual LANs an internet connection, then indeed, "two internet connections are not necessary" and add monthly unnecessary cost. One will suffice just fine, even if you want to have two LANs with specific destination routing.
     
  28. TrueCourse

    TrueCourse Line Up and Wait

    Joined:
    Dec 10, 2019
    Messages:
    691

    Display name:
    TrueCourse
    Not sure it’s accurate or not, but I’ve read that free VPN and some inferior paid VPN services don’t guarantee “no logging” services which may mean you can be targeted for advertising such as Google and others do. Pick your VPNs wisely.
     
  29. Sifossifoco

    Sifossifoco Pre-takeoff checklist

    Joined:
    Oct 12, 2021
    Messages:
    160

    Display name:
    Sifossifoco
    I won't give you any complicated information. I use ProtonVPN (paid version, but it's also free) on my iPad. I have a cable that connects it to the TV because streaming is often a pain but the cable works flawlessly every time (and I can connect it to any hotel tv if I am away). I can set the country I want to connect to, and I have no problems watching Netflix, HBOMax, BBC and more from everywhere. There is no need to get more complicated than that (and as an added bonus you get no ads while browsing)
     
  30. Rgbeard

    Rgbeard En-Route

    Joined:
    Aug 26, 2017
    Messages:
    3,842
    Location:
    Phoenix, AZ and Ensenada, Mexico

    Display name:
    rgbeard
    At my home in Mexico, I have the phone company-provided fibre optic router, plugged into a Sabai VPN Router, that I purchased from StrongVPN.

    https://www.sabaitechnology.com/strongvpn/

    It's been flawless.

    Now that Amazon has taken the heavy-handed approach on Prime Video, it doesn't give us the value it used to.
     
  31. genna

    genna Pattern Altitude

    Joined:
    Feb 5, 2015
    Messages:
    1,683

    Display name:
    ТУ-104
    Most of what needed to be covered has been. But I'll add something. I understand that you want this to be a seamless integration for your Roku. I don't know anything about Roku. However, many VPN clients have Android apps that can be installed on just about anything "smart" that can be "jailbroken" these days as most of those run Android OS. Fire TV is a good example. It's all about ability to install such apps as not all "official" app stores for devices allow it. Side loading is usually an option. Seems like this may not be an option for Roku. Fire TV stick is really cheap and supports tons of VPN clients.

    Personally, I would not install(or more accurately run a 24/7) VPN client on your primary router. You would not like the experience.
     
  32. Albany Tom

    Albany Tom Pattern Altitude

    Joined:
    Jul 23, 2021
    Messages:
    2,203

    Display name:
    Albany Tom
    Wanting to watch a blacked out local game, or content blocked to US IPs, is the only reasonable reason I've heard for using a personal VPN.

    If I were going to do that, I wouldn't use separate routers. I'd just get a modern client device, with as little as possible personally identifiable on it, and put the VPN client on that. I'd probably use a chromebook, and figure out how to chromecast the game to the TV. That's assuming you can watch the game on a browser. Setting up a client VPN on a router sounds like a PITA.

    If you did want to use a router for the VPN, you still shouldn't have to use two separate network connections. Just run your primary router copper to your ISP's router, and either put the second router right to another port on the ISP router, or hang the VPN configured router off your router. Double NAT shouldn't be a big deal for any of that gear, and it shouldn't matter at all what is or isn't supported by the ISP. It's just a router. Current router I'm using is a Synology, connected to the ISP's router via copper. Doing that because the wireless on the ISP router is pretty crappy, and also to put all the slow/miserable things on the ISP wifi to leave the Synology wifi for the newer devices with faster protocols.
     
  33. Lindberg

    Lindberg Final Approach

    Joined:
    Sep 25, 2013
    Messages:
    5,425
    Location:
    North Texas

    Display name:
    Lindberg
    I think this covers what you're looking for. Specific router suggestions are at the bottom of the page.

    https://nordvpn.com/flashrouters/