I hear a lot of talk in the pfSense community about running a VPN from the pfSense instance, including whether to invest in hardware more suited for that as opposed to just any old SBC or basic computer (namely, whether the processor has hardware encryption). Does it actually provide that much more protection for your devices to connect to the VPN at the router level as opposed to the device level to make it worth the extra hardware requirements? What benefits does it give privacy wise, and how do you juggle switching from on-device VPN when you’re not connected to your main network and using the router’s VPN when you are?

  • @[email protected]
    link
    fedilink
    3
    edit-2
    2 years ago

    For Privacy, I think it is almost the same. You could make an argument router may be more stable, less code, less services which offer more reliability.

    The only thing I can think of currently is, on other devices, apps and software may be able to detect a VPN app running but then again most VPN IP are already detectable because they run on non-residential servers.

    At the end of the day, it’s connecting to the same VPN.

    It’s beneficial in a sense router counts as a single device. VPN providers usually have a device limit. So if you have multiple devices at home, and the VPN is setup on the router, it frees up slots for other devices when anyone is outside. And needs less configuration on all the other home devices including smart-home devices.

  • CHEF-KOCH
    link
    fedilink
    32 years ago

    Router based VPNs are more reliable because the OS upgrades and then something can happen or even leak. Let us assume you use Windows and use some Insider Builds as daily, then this is a realistic scenario. Router firmware also receive updates, but their implementation does not often create bigger problems regarding the VPN connection itself. On-device VPN waste more resources because you need to install the VPN on each single device, while on router side the whole network which is connected to the router is covered. It is similar like Pi-Hole / AdGuard Home vs. software based (extension based) ad-blockers. You cover more devices at the same time.

    Your question is more what the best practice is, and this is router based. The benefit is that it’s easier to handle and to monitor because if you need another connect because e.g. Netflix blocked your VPN you then simply can install a VPN on the PC/device and only active enable/disable it quickly when needed without losing a connection to a network wide VPN. Most people prefer a router to avoid wasting device resources and because a router is normally harder to access since most routers enforce a password lock, while a lot of people, especially on their home devices, even ditch password based locks (not a good idea but some people do it if the device always stays at home).

    Privacy wise there is absolute no benefit if you run the same VPN on your router or on the device except that (as said earlier) it covers your whole network.

    Speed wise (assuming your router has a “good” CPU) wise it is also a wise decision to handle the VPN part of the router because if your PC is not the best your connection gets slowed-down when you are low on network/CPU resources. This depends on what algorithm/VPN is used (OpenVPN/WireGuard based and how well the driver performs and some other small variables). OpenVPN is more “CPU heavy”.

  • @[email protected]
    link
    fedilink
    2
    edit-2
    2 years ago

    It has no impact privacy wise : it’s just less work and it allow to route device trough the vpn that wouldn’t otherwise. And it’s not always about privacy some setup relies on VPN to connect remote resource.

    Honestly I don’t see the point to vpn my whole network trough a third party but everyone lives different situation.