Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Basics

VPN (Virtual Private Networking)

With the increased focus on network security, this feature is becoming more important to people who need to connect to their office from home or while traveling. Many businesses are allowing connection to their internal networks only through these encrypted connections, and the router makers are responding by improving the VPN features of their offerings. Router VPN features do vary, however, so it's important to know what type of VPN support you need.


The two most commonly used VPN protocols are PPTP and IPsec. PPTP (used by Microsoft's Virtual Private Networking feature) is the most commonly supported, although most routers now also support IPsec as well. A third protocol, L2TP, is not very widely supported, so if your VPN uses it, check your prospective router's specs carefully.


The simplest form of VPN support is pass-throuth. A router supporting this mode will simply allow VPN data packets to pass through its firewall unmolested. It's then up to the client computers on the LAN to run appropriate VPN client software in order to complete the VPN "tunnel" and successfully connect to the remote VPN server.

VPN Passthrough and other controls

Figure 6: VPN Passthrough and other controls

Most router manufacturers say their products support VPN pass-through, but your actual experience may be different. Problems are sometimes due to buggy router firmware, but can also be due to the fact that some VPN configurations won't work through a NAT firewall. You also may need to specifically enable VPN pass-through, as indicated in Figure 6.

Tip: The following VPN configurations will not work through a router's NAT firewall:

   • IPsec using Header Authentication
   • IPsec and unencapsulated FMZ encryption

Routers also differ in the number of pass-through connections they handle. Although not important for a lone telecommuter, this spec is important to small businesses trying to run VPN connections among multiple locations. Some products handle only one pass-through client at a time, while others will handle multiple clients. However, some routers require that all the pass-thru sessions go to the same VPN server. In the small business example above, this limitation would not let two users at the same location each connect to a different remote location. You won't be able to find this level of detail in any manufacturer's spec, but fortunately, we do include this information in most of our product reviews.

One more potential "gotcha" is the ability of the router to support VPN servers behind it. You'll of course have to map the appropriate ports, or put the VPN server in DMZ, but unless the router knows how to handle the specially constructed VPN data packets, your VPN clients won't be able to connect. So if you need to have a VPN server behind your router, make sure it supports PPTP or IPsec server pass-through.


This VPN feature is also called "VPN Edge", and it's the ability of the router to either originate or terminate a VPN tunnel. This allows the router to handle the VPN chores, and free LAN clients from having to run VPN client software. It also allows you to use two similarly-equipped routers to set up a VPN tunnel between two locations, without using any other VPN software or hardware.

This feature used to be available only in products above $500, but there are now alternatives such as Buffalo's WZR-RS-G54 125* High Speed Mode Wireless Remote Secure Gateway and Netgear's FVS318 ProSafe VPN Firewall that can get the job done for around $100.

Setting up an IPsec connection

Figure 7: Setting up an IPsec connection

Figure 7 shows, however, that VPN setup can still be a daunting task and unfortunately, consumer router manufacturers aren't much help if you run into trouble.

If you're shopping for routers with this feature, make sure you check whether PPTP is supported if you need it (some products support just IPsec in the End-point and pass-thru only for PPTP). And if you're planning to access your network while traveling, see if they either bundle in VPN client software, or offer a discount toward the purchase of a suitable client.

More Basics

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I am pleased to announce the release of CakeQOS-Merlin!Current Version: 1.0.2 (Changelog)CakeQOS-Merlin is a custom add-on for supported Asus routers ...
Hi, I'm running Merlin 384.19 on rt-ac86u. This morning, I disabled pretty much every native service the rt-ac86u has to offer, I think the media serv...
One of the reasons why I generally recommend to stick to your ISP's DNS server (unless requiring special filtering services) is that your ISP DNS is a...
v1.0.1 Updated 2020-05-20 Track your cable modem's stats (such as signal power levels), on your router. Graphs available on the Addons page of the W...
This thread is for the discussion topic : unbound_manager script. As per the GitHub Hints/Tips: Differences between the operational modes​ E...

Don't Miss These

  • 1
  • 2
  • 3