Should I Use a VPN on My Router?
Does your VPN not provide enough devices in your subscription? Want to use a VPN with a smart TV? Want to prevent an ISP from monitoring what kind of IoT devices you have in your house? The common solution to all of these problems is to configure your router to use a VPN. While it makes sense in theory, I've always felt it is more trouble than it's worth.
Now, in fairness, I've never actually tried to manage a router that's hooked up to a VPN. I have, however, consulted some experts who've done so. While it does solve some problems, it has always been an outlier use case and I've focused on more mainstream topics.
Why Should I Use a VPN on My Router?
The major benefit of configuring your router to use a VPN is that all the devices on your network—from a smart fridge to phones—are protected behind the VPN. That's useful, since there are plenty of smart devices in our homes that can't run software on their own, can't be configured to use a VPN, or don't even have screens. By routing all these devices through the VPN from the router, an ISP or any other entity on the web won't be able to see the traffic these devices generate.
The VPN-via-router trick also helps you get around device restrictions from VPN companies. Most VPN companies allow you to connect up to five devices to a VPN at the same time, and some will sell you more slots for more devices. When your router is using a VPN, however, everything on the network counts as only one device. Many VPN services provide instructions on configuring your router to use a VPN. This isn't as simple as just installing an app on a desktop computer. That's probably why some VPN companies sell routers that are configured to use their VPN out of the box. A quick glance at the (very thorough and quite helpful) instructions from ExpressVPN gives a sense of the challenge you'd face doing it yourself. This is a lot to ask of even a generally knowledgeable individual, and far more than someone new to using security tools. It's the kind of challenge that could easily turn a person off from using a VPN at all. While I haven't used a router with a VPN, my colleague Chris Stobing is an expert on routers, VPNs, and routers using VPNs. He tells me that once the router is configured, it's accessed through the same dashboard similar to the one you use to manage your other router settings. That alone is a red flag that a VPN on your router isn't practical. I would hazard a guess that most people looked at their router's dashboard exactly once when they set it up and then never again.
Not Every Service Works With VPNs
One problem with putting your whole network through a VPN is that some services won't work when you try to connect via VPN. I frequently receive emails about how a bank, Microsoft Office 365, Netflix, and a plethora of other sites and services did not work with a given VPN. There are two reasons, I think, why this happens. The first is that services like Netflix have different streaming agreements depending on which country you're in. If you use a VPN to hop into another country, you could potentially access more (or at least different) streaming content. In order to enforce these agreements, Netflix and other streaming services work hard to block VPN usage. The other reason is actually even more frustrating: sites and services are trying to make sure you're not a crook. Bad guys understand the benefits of VPNs just as well as the good guys do, and crooks sometimes use VPNs to cover their tracks when executing nefarious online activity. Companies like banks are also especially sensitive to unusual user behavior. If one day you connect from New York and the next day you connect from Vancouver, the bank might get suspicious. That means throwing more login challenges at you—like answering security questions or just regular old Captchas—or blocking you outright. It's annoying when a site you want to access won't play nice with your VPN, but the problem is still more complex when you have a whole network full of devices trying to talk with different services. If, for example, the server that's supposed to keep your smart fridge's software up to date doesn't like the look of your VPN, how would you know? How long would your fridge miss new features and critical security updates before you figured it out? Adding a VPN to your router is especially useful for getting devices that can't run software on their own protected by a VPN, but I fear that it could also cause failures that these same devices cannot communicate.