sanity check / requirements for use of either ExpressVPN or NordVPN with Asus + AsusWRT-Merlin, also FlashRouters


New Around Here
New to SMB Forums, first post, so forgive everything in advance...

I am planning on upgrading my home network with a new Asus AX86U wireless router. Besides moving to Wi-Fi 6 (from 5), I also want to implement router-based VPN functionality for location masking and general identity protection. Going further, my intent is to provide the VPN access to a subset of the available devices in my home network, some of which will be wired and some wireless. My general reading is that a degree of segmentation is possible via IP ranges and/or static addressing, and that should also apply to wired clients. I have also considered purchasing the router with some configuration baked in from FlashRouters, a vendor focused on WRT and Asus Merlin offerings. My questions and thoughts I am looking to confirm are:

- Does the Asus + AsusWRT-Merlin combination support segmentation based on IP range (or VLANs, or something) that also includes applying that segmentation to wired clients in addition to wireless?
- Is my plan to have the router provide all core network services, mostly DHCP, for a mix of approximately 30 clients, split between wired, wireless, 2.4GHz / 5GHz, usual home stuff, cameras, computers, smart TVs along with VPN services make general sense? (see next question)
- I have also considered placing VPN access on a separate device like a FireWalla Purple, but it's both expensive and seems like overkill.
(really what I am asking is whether adding the VPN access to the router consumes too many cycles and might necessitate a dedicated device)
- FlashRouters seems like an option, but it also seems that they are doing nothing special other than loading the AsusWRT-Merlin firmware, not sure if they provide additional value beyond that, other than paid for support.

So just a sanity check here...



New Around Here
The AX86U has hardware accelerated VPN support (AES-NI), so should be sufficient for running VPN on it.
You can assign devices by IP address to either go through the VPN or have them bypass the VPN.
You can even run multiple VPN's (from different providers) at the same time, and assign clients to each one. (I do that to segment downloads from other traffic).
I don't think you were asking this, but the only thing I don't think you can't do is segment wireless traffic from wired traffic in terms of which goes over the VPN or not, unless you do it manually by IP address/range. (if you could give all of your wired clients a static IP, you could do it then by putting the same range used for DHCP which then only the wireless devices would use into VPN director)

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!