Using Hybrid VPN on NETGEAR XR500 and XR700 Nighthawk routers


What's a Hybrid VPN?
We're big fans of open source projects for NETGEAR routers, such as DD-WRT and Tomato. More recently, Voxel's custom firmware and AdvancedTomato have also made a big impact for fans of NETGEAR hardware. But those looking for something different that doesn't require any flashing -- AND are concerned about security and privacy -- may want to take a second look at the XR500 and XR700 routers. "But those are gaming routers," you say. "I'm not a gamer." No matter! The hardware of both of these devices is a spectactular foundation, and the unique DumaOS helps to make them even more special. This includes the new Hybrid VPN feature!

EDITOR'S NOTE: It's worth noting that -- generally speaking -- using a custom open source firmware like Voxel's or something based on DD-WRT or Tomato will give you tons of flexibility for fine-tuning and setup, more than an out-of-the-box experience. If you want to give open source firmware on your NETGEAR router a try, remember that many of them do support OpenVPN client functionality and some very creative setups, and that a router with DumaOS is not required for this. You can check our Downloads section to get started if that's the route you go and to see if your router has available firmware. Also keep in mind that more tweaking options means more ways you can break stuff, and tinkering always comes with its own risks.

All of that being said, we love that there are other options for us networking geeks that are more accessible. Plus, we think this is a killer feature that may inspire great ideas and discussions in the community for developers and future open source releases.

A quick background on VPNs

If you're hanging out on MyOpenRouter, you might already be familiar with the concept of using VPN software or a device client. If this is new to you though, here's a primer on VPNs as well as some different ways to set up a VPN. For those who are familiar with VPNs or have scanned the primer, the most common way to use them is with client software -- such as a Windows or Mac client. They're easy to use -- and depending on the provider, very reliable -- but it requires you to install a client on every device on which you want to use the VPN functionality.

Another popular way is to install the VPN client on your router using open source firmware. There are several protocols supported, one of the most popular being OpenVPN. Setting this up can be quite tricky depending on the firmware you're using, if you don't have a guide to follow -- but you have more opportunities to tweak the experience. For more information on this, you can search our Articles for VPN guides.

What is Hybrid VPN, then?

One of the most common questions we've seen is how to get certain devices in a VPN, with all other network devices operating outside of the VPN. Or, vice-versa: VPN everything, but leave a few devices out, such as a gaming console or a streaming device that may block connections from VPNs. This is, generally speaking, possible -- but it tends to be tricky and involves setting up separate VLANs for the non-VPN network. We've tried it, and have had mixed results. (If any of the experts hanging out in the forums have a tip to share on how to easily do this, send us a message!)

DumaOS's Hybrid VPN feature, which is included in the latest firmware updates for both the XR500 and XR700, seeks to change that. Very much like other available firmwares for NETGEAR routers, DumaOS on these two specific routers has a VPN client built-in. This means that if your VPN service offers OpenVPN configuration, you should be able to connect directly from the router. Normally, this would mean that if enabled, all network devices would utilize the VPN. We talked about this feature in our review of the XR500. Note that the most current version now supports two providers right out of the box for easy setup: HideMyAss and PureVPN.

Hybrid VPN then takes it a step further, and allows users to easily select specifically which devices on the network should utilize the VPN connection. Furthermore, the admin can decide to have the device connect to the VPN for everything, or only for certain services, if desired. Here's how it works.

How to configure Hybrid VPN on NETGEAR XR500/XR700

Note: DumaOS's website also has instructions on setting up this feature.

DumaOS on NETGEAR XR500 - Hybrid VPN

Step 1: Sign in to your NETGEAR XR500 or NETGEAR XR700's DumaOS interface and click the Hybrid VPN tab in the sidebar. Then, click the VPN Setup button. If you do not see this tab, check if you have the latest firmware update.

DumaOS on NETGEAR XR500 - Hybrid VPN Setup

Step 2: The dialog box for the VPN client settings will appear and will default to Basic settings. This is what you would use if you have HideMyAss or PureVPN. Simply enter your username and password for your service of choice, pick a country and server, click Connect... and that's pretty much it.

DumaOS on NETGEAR XR500 - Hybrid VPN Advanced Setup

Step 3: For those not using one of the supported out-of-the-box services, you will need the OpenVPN configuration file from your provider to paste into the proper field. You may want to refer to DumaOS's guide for more detailed instructions; our testing was performed with PureVPN and HideMyAss.

DumaOS on NETGEAR XR500 - Hybrid VPN Device Setup

Step 4: IMPORTANT! If you only read one step in this guide, make sure to read this one.

Now, select from the list of network connected devices which ones are to utilize the VPN. Simply select them from the pick list. One confusing item here is the "Mode," which will default to "Do not VPN these services." Do not be alarmed. This default setting is intended to be used to VPN all services on that device -- unless services are individually specified to be excluded.

DumaOS on NETGEAR XR500 - Hybrid VPN

Alternately, selecting "Only VPN these services" reverses this functionality. Another way to look at it is that if "Only VPN these services" is selected, NOTHING on the device with this setting will use the VPN until services are defined. With this setting, all other services on the device that are not defined will NOT utilize the VPN.

For our testing, we chose to utilize the default setting for every device without specifying any services -- thus VPNing all services on every device added.

Step 5: If you choose to stay with the default setting described in Step 4, you can click the "Add Service" button to add services that you wish to be excluded from utilizing the VPN on that specific device. This can be done in a basic way by selecting a pre-defined service. Advanced users can specify start and destination ports for the services.

Step 6: Verify that the VPN is connected by looking at the status on the Hybrid VPN page and log. You may want to reboot your router as well.


While at this time, there is no well-tested open source firmware that we're aware of for these two routers, we remain big fans of these Nighthawk gaming routers. They're fast, look great, and perform even better with superior reliability. DumaOS continues to become more useful over time, especially with the addition of this Hybrid VPN feature.

Are you using this feature, or do you prefer DD-WRT/Tomato/Voxel or another open source firmware to accomplish this?

Do you know of an easy way to get "hybrid VPN" functionality in open source firmware that we haven't seen?

Tell us in the MyOpenRouter forums!

nf.martin's picture
Will the hybrid VPN function

Will the hybrid VPN function be supported on any other Netgear routers like, R6700, R7000, R8000 or R9000? This function would certain enhance the flexibilty of any of these routers. Thanks for your response!!

RobertRoth's picture

Is there anyone who can recommend the best product among the ones listed here?