Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

VPN passthrough: What is it and how does it work?

A VPN passthrough allows your VPN traffic to move through your router without being blocked. It’s a feature explicitly tailored for older VPN protocols that cannot establish a VPN connection over a router without the help of a passthrough tunnel. Discover how this feature works and if you still need it.

VPN passthrough: What is it and how does it work?

What is a VPN passthrough?

A VPN passthrough is a router feature that allows a VPN connection to go through your router’s firewall. It recognizes VPN traffic, enables it to move through your router without being blocked, and ensures that VPN protocols function properly.

The name “VPN passthrough” derives from the fact that it lets virtual private network traffic to “pass through” your router’s defenses, which might otherwise prevent or limit this movement. However, you shouldn’t confuse a VPN passthrough with a VPN router. A VPN router implements a VPN connection by pairing with your VPN client, which encrypts your traffic and protects all devices connected to your network.

How does a VPN passthrough work?

A VPN passthrough works by allowing your VPN client to connect to a VPN server outside of your original network. VPN clients use protocols that encapsulate your connection requests, each request going through your router’s network address translation (NAT). NAT is a tool that filters traffic going through your router, making sure that you only receive the information you asked for and protecting your network.

To work properly, the NAT needs certain information about the connections leaving and entering your router. However, older VPN protocols, such as PPTP, L2TP, or IPsec, don’t give the NAT enough information to satisfy their request to connect, forcing it to block the attempted connections. With the help of a passthrough, a router can recognize traffic related to a specific VPN protocol and allow it to pass through the network.

Types of VPN passthrough

A VPN passthrough is only needed when your VPN client uses any of the older VPN protocols, namely PPTP and L2TP, or IPsec. A passthrough for each protocol works in a slightly different way, following different sets of rules to allow an encrypted connection to remote networks:

  • PPTP passthrough uses a Point-to-Point Tunneling Protocol (PPTP) system to support a VPN tunnel on your router. It’s relatively easy to set up because PPTP is one of the oldest existing VPN protocols supported by a wide range of devices. However, PPTP is considered outdated and non-secure due to a handful of known vulnerabilities.
  • L2TP passthrough allows Layer 2 Tunneling Protocol (L2TP) traffic to reach your network over the router. This protocol is more secure than PPTP, thanks to integrated encryption. On the other hand, L2TP uses double data encapsulation, which can slow down the traffic and may require additional configuration on your router. L2TP is also considered an outdated VPN protocol.
  • IPsec passthrough supports Internet Protocol Security (IPsec) data packets while they establish a connection with your router to stream VPN traffic. This protocol is widely used in corporate networks because it secures data at the IP layer. However, keep in mind that this type of passthrough requires complex configuration and is prone to particular security vulnerabilities.

Instead of using any of the protocols and their pass-throughs mentioned above, you should consider using the new-generation protocols, such as OpenVPN and WireGuard. They have advanced functionalities, are safer, and can tunnel VPN traffic through your router without the help of pass-throughs.

How to enable VPN passthrough

You can enable VPN passthrough in your router settings. It might appear in a tab called “Enable VPN passthrough” or “Virtual server.” Every router model operates differently, so the method will slightly vary accordingly.

Most routers have VPN passthrough enabled automatically. This means you only need to try to manually set it up if you’re having trouble using older VPN protocols.

Do I need a VPN passthrough?

You don’t need a VPN passthrough unless you’re determined to use older VPN protocols. Modern protocols allow VPN traffic to pass through NAT unhindered, so setting up a VPN passthrough on your router isn’t necessary.

Using up-to-date protocols also provides better speeds and more robust security. With NordLynx, one of the protocols available to NordVPN users, you can enjoy unrivaled speeds while keeping your data secure.


Privacy protection starts with a click.

Stay safe with the world’s leading VPN