This post may contain affiliate links. As an affiliate, we earn from qualifying purchases. We get commissions for purchases made through links in this post.
If you’re planning to use a VPN on a daily basis and you have a router that you want to use along with a VPN running on your computer, mobile device, etc, you may have stumbled upon a new term called VPN Passthrough.
But what a VPN Passthrough is? Do you even need to enable/configure it when connecting to a VPN server? Let’s find out a bit more about what a VPN Passthrough is and a few other pieces of information in this article.
What is VPN Passthrough?
A VPN Passthrough is a feature that allows your device to “pass through” your router’s NAT when connecting to a VPN server. Without the Passthrough enabled, you won’t be able to use a VPN tunnel that runs on top of outdated PPTP, L2TP, and IPsec protocols. The latter uses a legacy encryption mechanism that makes it impossible for a NAT in your router to translate the outbound traffic between your device and a VPN server.
Nowadays, most VPN providers support modern protocols like OpenVPN and IKEv2/IPsec(a combination of the 2) that don’t require VPN Passthrough. Continue reading to find out more about this.
How does VPN Passthrough work?
VPN Passthrough works by allowing VPN traffic to traverse the router’s NAT firewall. When a device on a private network establishes an outbound VPN connection, the router detects the VPN traffic and allows it to pass through. The router does not interfere with the VPN traffic in any way, ensuring that the VPN connection remains secure and stable.
Why do you need a VPN Passthrough?
If you are using a VPN that uses old protocols to access a remote network from behind your router’s NAT, you will need VPN Passthrough. Without this feature, the router may block VPN traffic, making it impossible to establish a VPN connection. VPN Passthrough ensures that VPN traffic can pass through the router’s firewall without any issues.
Do all routers have VPN Passthrough?
Most routers sold these days do support a VPN Passthrough. If you have an older model, though, it is best to check the specifications of that particular router just to be on the safe side. If your router does not support VPN Passthrough, you may need to upgrade to a newer model or use a different VPN provider that does not require this feature.
What is NordVPN Passthrough?
NordVPN uses modern protocols such as OpenVPN and IKEv2/IPsec that do not need and don’t use a VPN Passthrough. It even supports a custom-made NordLynx protocol that is used by default in their app.
Of course, you can always manually choose to use the IPSec protocol when connecting to NordVPN servers but this is not recommended and requires additional steps. When using a dedicated NordVPN app you should not care about enabling anything on your router, including a VPN Passthrough.
Is VPN Passthrough safe?
Yes, it is completely safe to enable and use a VPN Passthrough if you need to. There are no additional security mechanisms implemented by this feature but it is not designed for cyber-security.
A VPN Passthrough simply allows encrypted traffic to pass through the router’s NAT without undermining data protection principles. Your traffic is still encrypted on your device and is sent in that form to a VPN server passing through the router. The incoming traffic is also encrypted by the server and gets decrypted by your VPN app.
Should I disable VPN Passthrough?
VPN passthrough is a feature of routers that allows devices on private networks to establish outbound VPN connections without any hindrance. However, some users may wonder if they should disable VPN passthrough.
Disabling the VPN Passthrough is completely fine if you don’t need to use it. When relying on modern VPNs your traffic will get automatically transferred through your router’s NAT, hence this feature becomes redundant.
However, if your VPN does not support modern encryption protocols, you may need to keep the VPN Passthrough enabled.
In summary, whether or not to disable VPN passthrough depends on the user’s specific needs and priorities. Disabling it can enhance security, but it may also prevent the user from establishing VPN connections. In most cases, you don’t need this feature, so you can disable it. On the other hand, since it is designed strictly for a VPN tunnel, no data will get sent or received through the VPN Passthrough if it is not within your VPN connection.
What is IPsec Passthrough?
Simply put, an IPsec Passthrough is the same as a VPN Passthrough but it uses an IPsec protocol to flow data through the router.
To bring a bit more details, IPsec Passthrough is a feature in network devices (like routers or firewalls) that allows secure IPsec-encrypted traffic to pass through without being inspected or modified. It enables the transmission of IPsec-protected communications between remote networks or VPN gateways, even if the network device itself doesn’t fully support IPsec. Essentially, IPsec Passthrough facilitates the passage of IPsec traffic through the router, maintaining the integrity and security of the encrypted communication.
What is a PPTP Passthrough?
Similar to an IPsec Passthrough, this feature in routers and firewalls allows secure VPN traffic to pass through without modification but this traffic should use a PPTP protocol. Similar to IPsec Passthrough, it enables PPTP-encrypted connections between remote networks or clients.
PPTP Passthrough allows PPTP VPN traffic to traverse network devices seamlessly, enabling remote access and secure connections. It works by detecting PPTP packets and allowing them to pass through the device without interference. However, it’s worth noting that PPTP is considered to be less secure and outdated compared to other VPN protocols due to its vulnerabilities. Most modern VPN implementations prefer more secure protocols like IKEv2/IPsec or OpenVPN.
Should I enable IPsec Passthrough?
Enabling IPsec passthrough can be beneficial if you need to use IPsec VPNs to connect to your network. However, it is important to note that not all routers support IPsec passthrough, and enabling it can sometimes cause issues with other VPN protocols.
Before enabling IPsec passthrough, it is recommended to check if your router supports it. This can usually be found in the router’s settings or manual. If your router does not support IPsec passthrough, you may need to consider upgrading to a newer router that does. It also makes sense to consider using a modern VPN (such as NordVPN) that does not require manual steps with your router (unless you are setting up a VPN on a router specifically).
Do you need to enable Passthrough on a router?
No, in the case of using a modern VPN like NordVPN with protocols such as OpenVPN and IKEv2/IPsec, you typically do not need to enable Passthrough on your router.
VPN Passthrough or IPsec Passthrough features on routers are primarily designed to allow older VPN protocols, such as PPTP and L2TP, to function properly when NAT (Network Address Translation) is involved. These features help to ensure that VPN traffic is not blocked by the router’s firewall.
Modern VPN protocols like OpenVPN and IKEv2/IPsec are not affected by NAT-related issues and do not require Passthrough configurations. These protocols are designed to work across NAT without any specific router configurations.
So, if you are using a modern VPN service like NordVPN, or ExpressVPN that supports OpenVPN or IKEv2/IPsec, you can connect to the VPN without enabling any Passthrough settings on your router.
Conclusion
In conclusion, a VPN Passthrough is a feature on a router that allows any device connected to it to establish an outbound VPN connection. This feature is useful for individuals who want to run a VPN client on their laptop or computer and connect to a VPN server.
While VPN Passthrough was initially built for old VPN protocols such as IPSec and PPTP, modern VPN providers now support new VPN protocols, including OpenVPN and IKEv2/IPSec.
It’s important to note that a VPN Passthrough only applies to outbound VPNs and not inbound VPNs. This means that if someone wants to establish an inbound VPN connection, they will need to use a VPN router instead.
