Back to Blog
vpnrouterprivacysecurity

How to Set Up a VPN on Your Router: Complete Guide

Setting up a VPN on your router protects every device on your network at once — including smart TVs and game consoles that can’t run VPN apps. Here’s everything you need to know.

WiFi Speed TeamApril 5, 20269 min read

Installing a VPN on your router is one of the smartest upgrades you can make to your home network. Instead of installing a VPN app on every phone, laptop, and tablet, a router-level VPN automatically encrypts traffic from every device on your network — including smart TVs, game consoles, and IoT gadgets that have no VPN app support at all.

This guide walks you through which routers support it, which VPN protocols to choose, and exactly how to get it set up.

Does Your Router Support a VPN Client?

Not all routers can run a VPN client. Here’s a breakdown of what’s supported:

Routers With Native VPN Client Support

  • ASUS routers — Most ASUS routers running Asuswrt (and the enthusiast-favorite ASUS RT-AX88U Pro) include a built-in VPN Fusion feature supporting OpenVPN and WireGuard clients out of the box, no firmware swap required.
  • GL.iNet routers — GL.iNet devices (GL-MT3000 Beryl AX, GL-AXT1800, etc.) are purpose-built for VPN use, running a streamlined OpenWrt interface with one-click VPN setup. The GL-MT3000 achieves around 650 Mbps on WireGuard thanks to hardware offloading.
  • Netgear Nighthawk routers — Select Nighthawk models support OpenVPN and WireGuard clients via the router admin panel or Nighthawk app.
  • Firewalla Purple/Gold — These dedicated security devices sit between your modem and existing router and support WireGuard and OpenVPN clients natively.

Routers Requiring Third-Party Firmware

  • Asuswrt-Merlin — An unofficial open-source firmware for ASUS routers that adds WireGuard support and more granular VPN policy routing to already-capable ASUS hardware.
  • DD-WRT — A popular open-source firmware that runs on hundreds of router models (Linksys, Netgear, TP-Link, and others). Supports OpenVPN. Flashing DD-WRT voids your warranty and carries a small risk of bricking the device.
  • OpenWrt — The most flexible open-source router firmware. Supports OpenVPN, WireGuard, and more. Steeper learning curve than DD-WRT but extremely powerful.
  • Tomato — Another DD-WRT alternative, popular for its VPN and QoS features on older Broadcom-based routers.

If your current router doesn’t support VPN clients, the easiest path is buying a GL.iNet device (~$50–$100) or an ASUS router — no firmware hacking required.

Choosing a VPN Protocol

The protocol determines how your traffic is encrypted. The three you’ll encounter most often:

WireGuard (Recommended)

WireGuard is the modern standard — fast, lightweight, and easier for router CPUs to handle. On a capable router, WireGuard typically retains 80–95% of your base internet speed. Most major VPN providers now support it: NordVPN (via NordLynx), Surfshark, Mullvad, ProtonVPN, and Private Internet Access all offer WireGuard configs. If your router and VPN provider both support WireGuard, use it.

OpenVPN

OpenVPN has been the router VPN standard for over a decade and is supported by virtually every VPN service and compatible router. It’s highly secure, but its encryption is CPU-intensive. On a typical consumer router, OpenVPN throughput often drops to 30–70 Mbps, even if your internet plan is faster. Routers with AES-NI hardware acceleration (many newer ARM-based routers) perform significantly better. Use OpenVPN if WireGuard isn’t available on your hardware.

L2TP/IPsec and IKEv2/IPsec

These protocols are faster than OpenVPN but less universally supported by VPN providers for router use. IKEv2 performs well on mobile but is rarely the best option for a whole-router setup. PPTP is outdated and insecure — avoid it entirely.

Which VPN Services Support Router Installation?

Most reputable VPN providers offer router support, but the quality of their guides and configuration files varies:

  • ExpressVPN — Sells its own router (the Aircove) with a built-in VPN client and offers .ovpn config files for manual setup on compatible routers. One of the easier setups for non-technical users.
  • NordVPN — Provides NordLynx (WireGuard-based) and OpenVPN configs. Has detailed guides for ASUS, DD-WRT, and GL.iNet routers.
  • Surfshark — Supports WireGuard, OpenVPN, and IKEv2 on compatible routers. Offers step-by-step guides for ASUS Merlin, DD-WRT, and Tomato.
  • Mullvad — Known for strong privacy. Excellent WireGuard support and one of the cleaner router setup processes.
  • ProtonVPN — Supports OpenVPN and WireGuard on routers. Good documentation for ASUS Merlin and OpenWrt.
  • Private Internet Access (PIA) — Provides configs for DD-WRT, Tomato, and OpenWrt. Supports WireGuard and OpenVPN.

How to Set Up a VPN on an ASUS Router (Step-by-Step)

ASUS routers with Asuswrt are the most popular choice for a no-fuss router VPN. Here’s the general process using WireGuard:

  1. Log into your router admin panel. Open a browser and navigate to router.asus.com or 192.168.1.1. Enter your admin credentials.
  2. Navigate to VPN → VPN Client. In the sidebar, find the VPN section and select VPN Client (not VPN Server).
  3. Download your WireGuard config from your VPN provider. Log into your VPN provider’s dashboard, generate a WireGuard config file for a server of your choice (e.g., NordVPN → Manual Setup → WireGuard), and download the .conf file.
  4. Import the config file. In the ASUS VPN Client tab, click “Add profile,” select WireGuard, and upload the .conf file.
  5. Activate the VPN. Toggle the VPN profile to “ON.” The router will connect — this typically takes 5–15 seconds.
  6. Verify your connection. On any device connected to your WiFi, visit a site like whatismyip.com. The IP address should now reflect the VPN server’s location, not your home IP.
  7. Enable DNS leak protection. In the VPN client settings, enable “Block routed clients if tunnel is down” (kill switch) and set DNS to your VPN provider’s DNS servers to prevent DNS leaks.

Router VPN vs. Device-Level VPN

Installing the VPN on your router has significant advantages, but there are trade-offs worth understanding:

Advantages of a Router VPN

  • Universal coverage: Every device — smart TVs, game consoles, IoT sensors, guest devices — is automatically protected without any configuration.
  • Fewer VPN app installs: One connection covers the whole household. VPN providers that limit simultaneous device connections count the router as a single connection.
  • Devices that can’t run VPN apps: Roku, Fire TV, Apple TV, PlayStation, Xbox, and smart appliances gain VPN protection they couldn’t otherwise have.

Disadvantages of a Router VPN

  • Speed reduction: Your router’s CPU handles all encryption. On older or budget routers with OpenVPN, this can cap speeds at 30–50 Mbps. WireGuard on modern hardware is much better, but there’s always some overhead.
  • All-or-nothing (unless you configure split tunneling): Every device goes through the VPN. If you need a local device to bypass the VPN (like a smart home hub that needs your real location), you’ll need to configure VPN policy routing or split tunneling — possible but more complex.
  • VPN drops affect everyone: If the VPN connection drops, all devices lose connectivity until it reconnects (unless you have a kill switch that gracefully handles this).
  • Not all routers are capable: Budget routers with slow CPUs struggle with encryption. A dedicated GL.iNet device or a modern ASUS router is a much better platform.

Troubleshooting Common Issues

Slow speeds with OpenVPN

Switch to WireGuard if your VPN provider supports it. If you’re stuck with OpenVPN, try connecting to a geographically closer server and select UDP over TCP for lower overhead.

VPN keeps disconnecting

Enable the “reconnect on disconnect” option in your router’s VPN client. Also check that your router firmware is up to date — many VPN stability fixes come through firmware updates. See our guide on how to update router firmware.

Some devices aren’t being routed through the VPN

Check your VPN policy routing or “VPN director” settings (called VPN Fusion on ASUS). By default some routers exclude certain traffic; make sure the rule set covers all devices or use “route all traffic through VPN.”

DNS leaks detected

Set your router’s DNS servers to your VPN provider’s DNS (or a privacy-respecting alternative like 1.1.1.1 over DoT). Disable the ISP’s automatic DNS assignment in your WAN settings.

Bottom Line

A router-level VPN is one of the best privacy upgrades for a household with multiple devices. The key is pairing the right hardware with the right protocol — WireGuard on a modern ASUS or GL.iNet router will give you fast, reliable protection across everything connected to your network. If you’re shopping for a capable router, see our picks for the best WiFi routers of 2026 — all of our top picks support VPN client mode.

Related Articles

Blog7 min

Why Is My WiFi So Slow? 8 Common Causes and How to Fix Them

Struggling with slow WiFi? From router placement to channel congestion, here are the most common reasons your WiFi is underperforming and what you can do about it.

Mar 15Read
Blog6 min

WiFi 6E Explained: Is It Worth Upgrading in 2026?

WiFi 6E opens up the 6GHz band for blazing fast speeds with less interference. Here's what it means for you and whether you should upgrade now.

Mar 10Read
Blog5 min

How to Test Your WiFi Speed Accurately: A Complete Guide

Getting inconsistent speed test results? Learn how to test your WiFi speed the right way for accurate, reliable measurements every time.

Mar 5Read