I hear a lot of talk in the pfSense community about running a VPN from the pfSense instance, including whether to invest in hardware more suited for that as opposed to just any old SBC or basic computer (namely, whether the processor has hardware encryption). Does it actually provide that much more protection for your devices to connect to the VPN at the router level as opposed to the device level to make it worth the extra hardware requirements? What benefits does it give privacy wise, and how do you juggle switching from on-device VPN when you’re not connected to your main network and using the router’s VPN when you are?

CHEF-KOCH
link
42M

Router based VPNs are more reliable because the OS upgrades and then something can happen or even leak. Let us assume you use Windows and use some Insider Builds as daily, then this is a realistic scenario. Router firmware also receive updates, but their implementation does not often create bigger problems regarding the VPN connection itself. On-device VPN waste more resources because you need to install the VPN on each single device, while on router side the whole network which is connected to the router is covered. It is similar like Pi-Hole / AdGuard Home vs. software based (extension based) ad-blockers. You cover more devices at the same time.

Your question is more what the best practice is, and this is router based. The benefit is that it’s easier to handle and to monitor because if you need another connect because e.g. Netflix blocked your VPN you then simply can install a VPN on the PC/device and only active enable/disable it quickly when needed without losing a connection to a network wide VPN. Most people prefer a router to avoid wasting device resources and because a router is normally harder to access since most routers enforce a password lock, while a lot of people, especially on their home devices, even ditch password based locks (not a good idea but some people do it if the device always stays at home).

Privacy wise there is absolute no benefit if you run the same VPN on your router or on the device except that (as said earlier) it covers your whole network.

Speed wise (assuming your router has a “good” CPU) wise it is also a wise decision to handle the VPN part of the router because if your PC is not the best your connection gets slowed-down when you are low on network/CPU resources. This depends on what algorithm/VPN is used (OpenVPN/WireGuard based and how well the driver performs and some other small variables). OpenVPN is more “CPU heavy”.

@loki
link
3
edit-2
2M

For Privacy, I think it is almost the same. You could make an argument a router may be more stable, less code, less services which offers more reliability.

The only thing I can think of currently is, on other devices, apps and software may be able to detect a VPN app running but then again most VPN IP are already detectable because they run on non-residential servers.

At the end of the day, it’s connecting to the same VPN.

It’s beneficial in a sense router counts as a single device. VPN providers usually have a device limit. So if you have multiple devices at home, and the VPN is setup on the router, it frees up slots for other devices when anyone is outside. And needs less configuration on all the other home devices including smart-home devices.

@ree
link
2
edit-2
2M

It has no impact privacy wise : it’s just less work and it allow to route device trough the vpn that wouldn’t otherwise. And it’s not always about privacy some setup relies on VPN to connect remote resource.

Honestly I don’t see the point to vpn my whole network trough a third party but everyone lives different situation.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 15 users / day
  • 48 users / week
  • 160 users / month
  • 574 users / 6 months
  • 3.95K subscribers
  • 2.06K Posts
  • 9.68K Comments
  • Modlog