Should I run a VPN client side as well?
Should I run a VPN client side as well?
Kinda want to keep this short. My Asus WRT router running Merlin firmware is currently handling my VPN connections & routing.
There is some part of me thinking if my providers servers go down my router may fallback to WAN, should I run an additional VPN connection on the device/server itself just in case?
It’s been about a year with this setup however this potential issue has been irking me.
Edit: Kill-switch is disabled on the router’s tunnels as it appears to be bugged in two ways. 1) any manual DNS settings get disregarded network-wide 2) it kills all network connections and not just the devices affected.
What are you hiding? /s
I think you could do that, but you will be further bottlenecking your bandwidth, and you will be adding an extra layer of complexity that could lead to unforeseen issues down the road.
Personally, I would just enable the kill switch, or run the VPN client side, but not double it up with 2 VPN’s.
Kind of seconding this, I can't speak for VPN routers, but i recently had a leak when I thought my kill switch was on and apparently something failed (probably me).
From now on I run both my PCs VPN as well as bind it directly to the torrent client. Same connection, just extra "kill switch" coverage.
Of course it all depends on how you want to do things/does all traffic need to route through a vpn/etc.
I’d just stick with a kill switch.
What’s a good VPN service? Is Proton still good?
I have settled on Mullvad, for their simplicity and payment methods.
They’re the other one that I hear highly recommended.
I run a split environment. Main router is set up 'normally' with what other people in the house and visitors would expect.
Attached to that is a Pi running an OpenVPN client and a hostapd server that broadcasts a separate WiFi network. Iptables on the Pi are set to only ever allow Internet traffic through the VPN as a killswitch (except for OpenVPN, to prevent a chicken-egg situation), and any wifi clients connected via hostapd are routed through it.
A script occasionally changes the VPN endpoint to keep it interesting. This Pi also acts as a qbitorrent client that stores downloads to a local NAS.
It's a best of both setup that has been stable for over 5 years now.