Which VPN router should I use?

I’ve been looking for the “perfect” VPN router for a long time, but I find that what people recommend varies a lot. Since Sweden is my neighbour, I’m considering a Vilfo to avoid an extra bill.

What do you use and why and which model do you recommend?

Don’t buy a so-called “VPN router”. They are just crap consumer wireless routers with a huge markup and some fancy-looking software.

Any good router — that is to say, a SOHO-grade router or even a high-end consumer wireless router with decent aftermarket firmware (FreshTomato, OpenWrt) — can handle a Wireguard or OpenVPN connection no problem with a little bit of setup (in fact Vilfo is even based on OpenWrt*). Check my previous list of networking hardware recommendations for more details.

*It appears that Vilfo may even be in violation of OpenWrt’s GPLv2 license by not open-sourcing their firmware under GPLv2 as well. This is a huge red flag. Whenever possible, you should avoid giving money to companies that do not even respect the licenses of open-source projects they rely on.

Vilfo is also missing extremely basic security features like client isolation (“Coming soon: Isolate IoT devices”), WPA3, and guest network isolation. It is shortsighted to blanket-block ICMP. Security | Vilfo


That aside, I seriously question the utility of routing all network traffic through a VPN anyway. Many websites will break, and you will not have an easy way to fix it. Vilfo in particular, aside from device-level rules, touts their browser extension as a solution to this problem. However, installing this extension is a terrible idea because it will then have privileged access to your browser for absolutely no good reason, and it is not even open-source let alone audited. Even if it is trustworthy, it will probably do nothing to fix desktop applications that need to connect to a VPN-blocking site.

I encourage you to read “Are VPN’s really useful?” by @mazer and the discussion on Privacy Guides to consider whether you really should be using a VPN at all. (TL;DR: For most people, only use a VPN if you actively distrust your ISP.)

2 Likes

Thanks for a good and thorough answer, I will look into it further :smiley:

There is no field of use restriction in the GPLv2 - users are free to use it however they like, including for commercial purposes. But you are correct that:

  • No one should use a “VPN router” (or other buzzword soft-/hardware) when there are open-source, free alternatives (FOSS) like Open WRT available and easily configured on your own.

  • Client isolation is offered by most modern routers and if it’s not available on yours, please consider switching to another router that does this. Tracking across IoT devices is rampant on the web and your network at home is no exception. Even smart devices like TVs can track your behavior and “phone home” when connected to a network.

  • If you’re paying for a router that doesn’t offer blocking ICMP by default, it’s generally bad to use that router, because it allows all devices on the network and devices outside the network to ping your router and discover devices on your network.

Kind of unrelated again but kinda related. You like 99% of the time will not need to spend money to be private and secure. So no need for VPN’s, VPN routers, subscriptions to services, device security wise, hardware keys wise (yes, you can just use bookmarks or save the URL in your password manager in order to not get phished), etc. Whatever tools you will need are free, and you most of the time (I can’t even think of any instances where you would need so other than phones) will not need to even buy new hardware.

I am not a lawyer, but section 2(b) reads as follows:

You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

Even if the distribution of the device itself does not bind Vilfo to release their source code (though I doubt the accuracy of this interpretation), the distribution of firmware updates most certainly does. Of course, as long as the company provides source code in response to a formal request, they are not in violation of the GPL. I encourage anyone seriously considering a Vilfo router to formally request the source code and see what happens.

Full license text

Specifically, anybody with the binary must provide source to the holder of said binary and that - at this time - is not the public. If the public were to somehow gain access to the binary then the source for that binary has to be distributed publicly alongside it. That’s according to GNU Free Software Foundation. Anybody with a binary can request the source and it must be provided. So if the binary is released, or any other machine code is released then they must release a verbatim copy of the corresponding source code, whether that binary was distributed or stolen, because it violates the provisions of the license. The license, by the way, is not signed and therefore you can be in violation of it without knowing of its existence, so any time the binary is released, the source maintainers are immediately under violation of GPLv2 because they do not have a verbatim copy (the source must match exactly the current copy of the binary or other executable only readable by the machine).

i have a response in form of question.
what vpn does not use google or permit any google based “service” to be the default (example -dns resolver) solution for most if not all calculations.

is it possible to install that vpn on a build such as PFsence??

the vpn i use does have a router preconfig, so i assume it is a semi-normal availability