What is VPN Passthrough on Router – Do You Need It?
VPN passthrough is a software configuration that allows a VPN connection to pass through a router. It’s a concept that most home or business users don’t need to worry about. However, it is a critical element in home networking and every user should know what it is.
In this short article, we take you through the what, how, and why of VPN passthrough.
What is VPN Passthrough?
VPN passthrough is a networking concept that allows your VPN connection to “pass through” your router. If you use older VPN protocols like IPSec, PPTP, and L2TP, it enables an outbound VPN connection through your router. Without a VPN passthrough, your VPN connection will be useless.
To explain this better, here’s an example. Assume you have a broadband internet connection that is relayed wirelessly through a Netgear Wi-Fi home router. You subscribe to a VPN, install it on your laptop, and for some reason choose the L2TP protocol. You switch on the VPN and surf the web.
As expected, the VPN will encrypt your connection and tunnel it through a private network. This happens within the public internet using your broadband connection. However, when this VPN connection tries to pass through your Netgear Wi-Fi router, the router may or may not understand it. The mapping system within the router (called NAT) will reject the connection. In other words, your VPN connection will not be completed.
In case VPN passthrough is not available in your Netgear router, you will not be able to effectively use the VPN. This is largely because of the incompatibility between older networking technologies. On the other hand, if your router has VPN passthrough, you just need to enable it. This will let the repackaged VPN connection (encryption + tunneling) pass through the router to the larger internet. As you can guess, this is how it gets its name.
Today, VPN passthrough is a critical router feature and is available in most modern Wi-Fi routers. We are confident that the one that you currently use has it, so there’s nothing to worry about. However, if you use an old router from Netgear or Linksys, you will need to consider enabling passthrough or upgrading your router.
How Does a VPN Passthrough Work?
The need for VPN passthrough emerged due to the shortage of IPv4 addresses. To aid free communication over the internet, a workaround to this shortage was invented. Called NAT or network address translation, it acts as a mapping system. The NAT configuration aggregates and forwards connections, thus helping a router communicate with multiple devices at once.
Do you connect multiple devices to the internet via your home Wi-Fi router? You should thank NAT.
NAT and VPN Passthrough
While NAT solved the IP shortage issue even before IPv6 addresses arrived in 1998, another problem came up. This involved virtual private networks. NAT requires some information from the incoming communication (packets of data) to do its magic i.e., mapping.
With a VPN, NAT is unable to extract essential information from the repackaged data. Compare a regular connection with a VPN connection. In the second one, you have encryption and tunneling. This type of repackaging is difficult for NAT to analyze and extract data from. This requires additional configuration where the VPN communication is “dumbed down” for NAT. This software is known as VPN passthrough.
As it stands, VPN passthrough enables network address translators to make sense of a VPN connection. While most modern routers automatically configure it, you may need to manually enable passthrough in some cases.
You should also know that VPN passthrough modifies the VPN connection and not NAT. Modern VPN protocols like OpenVPN and WireGuard do not need VPN passthrough.
Why and When Do You Need a VPN Passthrough?
It might seem like everything was going right with your VPN till now. You have a VPN installed and you are using it to unblock streaming sites. And now suddenly you read about VPN passthrough. Do you actually need it?
The answer depends on multiple factors. You need a VPN passthrough only if:
- You use an outdated VPN protocol like PPTP and L2TP
- You have an outdated, pre-2010 router
- You use an outdated operating system
- You use a DIY VPN
If your router model is from the last five years, you don’t have to do anything.
Notes on PPTP Passthrough and IPSec Passthrough
Depending upon what VPN protocol you choose, you need to ensure that the corresponding passthrough is activated. This will allow your VPN connection to traverse the NAT.
This is why we advise you to enable all types including IPSec and PPTP passthrough in your router settings. What it does basically is reconfigure the Generic Routing Encapsulation (GRE) and Transmission Control Protocol (TCP). In the case of PPTP passthrough, it creates a call ID to act as a port that is essential for the NAT mapping.
For IPsec, on the other hand, the software configures the NAT-T (the T standing for Traversal) over User Datagram Protocol (UDP). Some users and server administrators still prefer IPSec because of network layer security and better compatibility.
Without getting into the technicalities of their function, suffice to say that activated passthrough aids the VPN connection to cooperate with NAT. This lets you realize and use your VPN connections.
How to Enable a VPN Passthrough?
If you think you need to check your router VPN passthrough settings, follow these steps:
- Access your router’s settings (usually via an online interface)
- Go to the security or network security section
- Look for PPTP Passthrough, IPSec Passthrough, or L2TP Passthrough under VPN
- Enable VPN passthrough for the required protocol
We recommend enabling for all protocols. Settings for VPN passthrough for Linksys may be different from that for Netgear or TP-Link. You should check your router manual for instructions.
In case you are unable to find the configuration settings, consider contacting your router manufacturer. In the worst case, you may have to buy a new one.
Note – Modern routers have VPN passthrough built-in or auto-enable it if it detects tunneling.
When Should I Disable VPN Passthrough?
We advise that you keep VPN passthrough enabled at all times. However, if you wish to stop a device from using a VPN in your small office, home office (SOHO) network, you can disable it.
Turning passthrough off will also lead to closed communication ports. This is not recommended if you plan to use a proxy network. In networking, passthrough is usually switched off for security reasons.
VPN Passthrough vs VPN Router – Comparison
The confusion between the two is understandable. But there’s a very clear difference between them:
- VPN router has a built-in VPN client
- VPN passthrough is a router setting that accepts a VPN connection from another device
Moreover, a VPN passthrough is a small setting in a router. Enabling or disabling it will not give you a VPN connection. You will need a VPN installed on a computer or smartphone for that.
Frequently Asked Questions
Here are answers to some more questions related to passthroughs.
Is VPN passthrough essential?
If you use an outdated VPN protocol or router, VPN passthrough becomes essential. You will have to either manually enable it on your router or upgrade it.
What is the difference between a VPN and a VPN passthrough?
A VPN is an application that provides data encryption and tunneling services to keep you anonymous. You install a VPN on a device like a desktop computer or a smartphone. VPN passthrough is a built-in software found in routers that allow unobstructed passage of VPN traffic.
Is VPN passthrough safe?
You need VPN passthrough when you use an outdated VPN protocol. However, these protocols such as PPTP and L2TP are not secure and are no longer used widely. If you use secure protocols like OpenVPN, you don’t need a passthrough.
What is a passthrough router?
It is a router that has built-in VPN passthrough software. It can also mean an automatic software that detects the type of connection and enables the passthrough accordingly. All modern Wi-Fi routers are passthrough routers.