What's new

Router to support VPN client/server and PiHole

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Funkazan

New Around Here
Hello,

I'll start by saying that I'm a bit of a novice with networking and I've been searching around for information about this for ages and I'm a bit overwhelmed by it all, so I know the answers are out there, but I'm hoping you can help me to pull it all together.

What (I think) I want:

- The router to act as a VPN client to a service like NordVPN/ExpressVPN for all connected devices
- The router to act as a VPN server, so that I can use, say, my phone/laptop over 4G or from an airport or cafe WiFi and connect back to the router via VPN and then still go out through the Nord/Express VPN
- To be able to connect a PiHole device to the network and have all connected devices (either local or via the incoming VPN) use that as their DNS server before sending all other network traffic through the outbound VPN
- Fast (for 4k streaming and gaming), good coverage, etc. - the usual stuff

My ISP has provided me with a basic router/modem which can be configured to run in just modem mode, and I'm assuming that just about any router would be capable of connecting to the Internet through that. I can't think of any reason why not, but thought it worth mentioning anyway.

Price isn't really a big issue (within reason). I was considering the Asus GT-AX11000, for example.

I'm happy to put in the time researching it and configuring it to my specific requirements - I just don't want to splash out on a nice router and then find that it doesn't meet my needs and to then have to get another one.

When I search for guides on how I might configure all of the above I find pieces of configuration, but never a complete example. For example, one guide said that they got the client/server VPN set up, but not the PiHole bit, and another got the PiHole bit but not in unison with the client/server VPN bit.

When I find examples that seem to be close to what I want, they seem to be achieved through custom firmware on the router and seemingly complicated custom scripts.

I've seen some guides say that certain routers don't work with various custom firmware (like DD-WRT), and then others that say that they do, so I don't know if I need to get a specific router that supports specific firmware or if, for example, either Asus stock firmware or Asuswrt-Merlin can handle my requirements, and so on.

My head is spinning. Any guidance would be very much appreciated.

Thanks
 
I'd like all of my devices to route their traffic through a service like NordVPN for the privacy, and I don't want to have to configure that on every device.

That and most VPN services have a maximum allowed connections limit, so if the router maintains just the one connection and every device routes its traffic through that then I won't hit the limit.

And I get about 60 - 70 Mbps on average with my current provider, though I'm looking to switch to a better one in the future.
 
You'll hide the traffic from one company and expose it entirely to another. Where is the privacy here? Some sites know VPN IPs and will refuse to load. Not a good idea in general. More trouble than benefits. Run through VPN only the devices that need VPN and only when they need VPN.
 
Run through VPN only the devices that need VPN and only when they need VPN.
You can do both. I run my VPN on the router, and selective devices route their traffic through the tunnel. Never had an issue with the services *I* require being blocked, YMMV.
 
Sure you can. With the right router and firmware. Let's make clear the privacy part first.
 
Agreed, and I understand what you're saying. I'd like to put it through a service that doesn't log my traffic and doesn't pass on my usage data to other companies like advertisers. My current ISP, for example, logs all of that for at least 12 months (under UK law) and also sells the usage data on to third parties, so I want to remain more private from them specifically. Tor Browser is fine for some basic web browsing, but not for everything.

And regarding routing the right devices at the right time - I was looking into that and it seems that it's possible to do some of that out of the box. For example, the GT-AX11000 that I was looking at mentions in its advertising material that it can route things like games directly to gaming servers and other devices (where speed is less important) through the VPN. It seems to expose a couple of different APs in order to achieve that? Maybe there's another, more flexible/intelligent way, but I'm happy so long as there's at least one way to do it.
 
I'd like to put it through a service that doesn't log my traffic and doesn't pass on my usage data to other companies

All VPN providers promise that. How do you know it's true? NordVPN had their servers hacked recently.
 
For example, the GT-AX11000 that I was looking at mentions in its advertising material

You'll need Merlin supported router for better policy based routing control. RT-AX88U is the best one at the moment.
 
All VPN providers promise that. How do you know it's true? NordVPN had their servers hacked recently.

Sure, you're totally right. They might be lying and they might get hacked and that sucks, but it still seems better than my ISP that is required by law to store that information and that explicitly states that allowing my data to be logged and sold is part of the terms of service.

Some providers have apparently had their policies audited by third parties. For example, I was reading about ExpressVPN having PricewaterhouseCoopers conduct an independent audit. Again, you can't say for sure that there was no conspiracy between them to lie about it or that ExpressVPN definitely didn't hide things from PwC somehow, but it still can't be any worse than my ISP explicitly stating that they do log and sell all of that data. I haven't finished researching which VPN service I'll ultimately end up using, but I'd like it to be an option.

You'll need Merlin supported router for better policy based routing control. RT-AX88U is the best one at the moment

The RT-AX88U is the other main one that I was looking at. I couldn't see much difference between that and the GT-AX11000, except that the GT-AX11000 has a third band that, I guess, helps it to cope with more concurrent devices.

Aside from that and the features that are only compatible with ROG clients, is there much other significant difference, do you think?
 
I've just been doing some more reading, and it looks like GT-xxxxx routers will never be supported by Merlin, so the RT-AX88U seems to be the way to go in order to get Merlin support, and Merlin will hopefully allow for all of the features I listed.

Seems like the winner, unless there are any other considerations to take into account?
 
The RT-AX88U with RMerlin firmware, a USB drive, and some of the following scripts will be the best consumer router you can buy today.


Don't forget that with RMerlin 384.15_0 and later, amtm support is built-in.

Have a look at the link in my signature below for the amtm Step-by-Step guide along with the M&M Config and the Nuclear Reset guides too to get you running properly from the start too. :)
 
Seems like the winner, unless there are any other considerations to take into account?

This:


You may have to make some compromises with AIO home routers. No home router is perfect.
 
Last edited:
Wow. That's a lengthy, heated debate!

Another novice question then: if I went with the RT-AX88U and found that the signal wasn't great in one area of the house, could I simply pick up another (cheaper) Asus AIMesh-compatible router and extend the range that way?

I assume there's a small speed tradeoff for devices connected to that second router, but it would still use all the same config (PiHole, VPN, etc.) from the main RT-AX88U, right?
 
Yeah, I think that's what I'm going to do.

It's a shame that other signal strength thread got a bit aggressive, but you guys have been really helpful here, so thanks very much again!
 
Purchase the router from a place with return policy. If it doesn't perform well, send it back. There is no point fixing a new router with another router. AX88U is good for about 250Mbps through OpenVPN. If you switch to a faster provider your VPN requirements will slow your Internet access down. I'm sure over time your ideas will change. Shortly after you run into issues with public VPN servers.
 
Checking the return policy is a good idea.

I guess if the performance is terrible then I'll take it back, but I'm already expecting that it might not reach the edge of my house as my current router doesn't either, so I was already expecting to have to extend it somehow anyway.

I guess I can reduce the impact of the VPN by, like you said, only routing devices through it when they really need it, rather than by default. I'm sure I'll have fun writing some custom scripts to do just that :D

You seem very much against using public VPNs generally. At the risk of getting a bit off topic for this thread, aside from the reduced speed and that you don't see much benefit in terms of privacy, do you have other specific reasons to avoid them?
 
do you have other specific reasons to avoid them?

My wife has many. She shops online, price matches, prints flyers, coupons, etc. More and more websites refuse to work with public VPN server IPs. You know, "one per customer" deal. If they can't track who you are, they refuse service to you. My bank requires text message if I'm on VPN, my kids can't play some online games on VPN, Amazon/Netflix learn VPN tricks fast and also refuse to work, etc. It's a cat and mouse game. I don't want to deal with all this.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top