A VPN Primer -- Plus, How to Get a VPN on your NETGEAR R9000


Net neutrality and an "open Internet" are considered sacred, but the recent ruling by the FCC in the United States has left many consumers shaken. It's a divisive, controversial topic -- with many concerned that their private data collected by ISP's is now for sale to the highest bidder, while others say that essentially, nothing has changed. ISP's are saying that they respect net neutrality and won't sell personally identifiable data, but most people are inclined not to trust that, or at least take it with a grain of salt.

All of that said, we're not here to express our opinions on the matter -- except for that we do believe that consumers have a right to personal privacy, and control over their personal data, e.g. browsing history and such. While it's not a perfect or undefeatable solution, many are choosing to investigate private VPN services as a way to protect their personal data (along with other benefits, such as encrypting traffic, etc.) Some examples are HideMyAss, NordVPN, SecureLine, PrivateInternetAccess, VyprVPN, and countless others -- I can't list them all here (so many)

Most of these services offer client software that allows even the most inexperienced user to be up and running on a secure connection within minutes. The good part is that it's easy, the bad part is that it comes with limitations -- it has to be per device, and often services limit the number of active devices to a certain number, e.g. 3 or 5.

How do you overcome this, and get the most from your VPN client connection?

What's the difference between VPN Client, VPN Server, and VPN Passthrough?

If this is all completely new to you, we understand how confusing this all is. When it's said that a router "can do VPN," that can mean a number of different things.

  • VPN Passthrough: Consumer routers need special support to allow VPN client connections to a remote network. If your router supports VPN Passthrough (most NETGEAR routers do, for example) then this means that you'll be able to install your work VPN client and connect to your employer's network remotely, for example.
  • VPN (OpenVPN) Server: This means that your router, NETGEAR in this case, can act as a VPN server, allowing you to connect to your home network securely from a remote connection. Like the above, but in reverse, and for your home network. You'd enable OpenVPN on your supported NETGEAR router (see this KB) and then install the client software on your laptop or mobile device, in order to access your home network from outside the home.
  • Personal VPN or VPN Client: This is the scenario we referenced above. What happens in this scenario is that the user would have an account with a VPN provider, and using a client, would create a connection to the Internet that is (essentially) routed through those servers. This means that your public IP address is no longer the IP address of your modem, for example, and rather the IP address of the VPN server you are tunneling to. Thus, preventing the ISP from harvesting your browsing activity -- or at least that's the intent. This comes with many other benefits, such as protected connections on public Wi-Fi, circumventing georestricted content blocks, etc.

So how do I get a VPN?

The service you decide to use is your choice alone. BestVPN is a good resource. This is too. In making your selection, do careful research and ask questions like:

  • What is the country of jurisdiction?
  • Do they log? If so, what?
  • How much does it cost? Does it seem too good to be true?
  • What device(s) do the client software work on, and does this meet your needs?
  • How many servers are offered, and where are they located?
  • Do they provide open source router support? (You may not need this, but you are on MyOpenRouter...)

I see what you did there. So how do I get a VPN client on my router?

We've written articles in the past on how to use DD-WRT firmware to enable an OpenVPN client on your router, and you can find several tutorials here.

In older times, this was somewhat cryptic and hard-to-find information, but now, most major VPN providers list instructions right on their website on how to do this -- take PIA and NordVPN for example. They provide detailed, up-to-date instructions on how to configure the clients on your DD-WRT router, and how to obtain the certificates/etc needed to make it all work. In addition, newer builds of DD-WRT support username/password authentication, and in many cases don't even need scripts or startup configurations any more (although again, of course, this will depend on provider)

This solves some of the problems we identified initially by making ALL connections through the router go through the VPN tunnel, meaning you don't have to worry about installing clients, seeing if they are working, covering all 50 devices you have in your house, and so on. The important factor here is that stock firmwares in consumer routers usually don't support running as an OpenVPN client; rather, they usually support OpenVPN Server and/or VPN Passthrough, and this is where DD-WRT comes in.

So in general, you could do the following:

  • Get yourself an open source compatible router
  • Flash it with a firmware build that supports OpenVPN Client
  • Sign up for a VPN service that offers open source router compatibility
  • Follow the VPN provider's instructions -- which will likely be unique to that provider, but here's one example to give you an idea  -- to enable the client on your router

Does a faster router make a difference in my VPN performance?

In a word: yes.

We've been testing OpenVPN client performance on routers for many years now, from the WNR3500L to the R9000, all of which have worked very well. The difference is in the processing power. The R9000 is one of the - if not the - fastest consumer routers available. This power can be leveraged with the most recent build of DD-WRT from Kong for the R9000, which also enables hardware crypto acceleration.

Of course, this will depend quite a bit on the server you're connecting to, and the speeds the VPN service you are subscribed to can handle, but we're seeing faster speeds on the R9000 through OpenVPN than we've seen on any consumer router, ever.


If you have any questions about running a VPN on your router, post your question in the community forums!