A VPN passthrough is a router feature that allows you to access a remote network from behind your router's firewall. The name is derived from the fact that it lets virtual private network traffic pass through your router's defenses, which might otherwise slow or prevent this movement. However, you shouldn’t confuse it with a VPN router, which itself implements a VPN connection.
A VPN passthrough allows VPN traffic to move without being blocked. It does this by ensuring that old VPN protocols, such as PPTP and LT2P (an outdated IPsec version), don’t recognize and block the traffic.
Even though it ‘sits’ on your router, it’s not the same as a VPN router. The former is a feature that allows traffic; it doesn’t do anything else on its own. Meanwhile, a VPN router, which can be either a hardware device with a preset VPN on it or a home router with a VPN client you set up yourself, encrypts your traffic and protects all devices connected to your network.
To understand why you may or may not need a VPN passthrough, it’s essential to know how it works. And it all starts with something called the Network Address Translation (NAT) – a tool that comes standard with many routers, and that can hinder your VPN connection.
NAT is great – it sits between your network and the wider net, filtering the traffic, making sure that you only receive the information you asked for, therefore protecting you from viruses and hackers. It also solves a huge problem we all have using IPv4 – lack of IPs. NAT knows private IP addresses of all the devices connected to your router, which it needs to send you the requested information.
But to do its job properly, the NAT needs certain information about the connections leaving and entering your router. The problem arises when outdated VPN protocols try to get through. The way they encrypt your connection doesn’t give the NAT enough information to do its job, forcing it to block those connections.
This is where a VPN passthrough (also called a PPTP passthrough or IPsec passthrough, depending on the protocol your VPN uses) comes into play.
An IPsec passthrough is a VPN passthrough that uses the IPsec protocol. The same goes for PPTP passthroughs: they are just VPN passthroughs that use the PPTP system to establish VPN tunnels. IPsec and PPTP are sets of rules that allow VPNs to establish encrypted tunnels to protect your data. Routers with VPN passthrough functionality usually support both IPsec and PTTP.
Most home routers on the current market already have a built-in VPN passthrough. But don’t worry if yours doesn’t.
Your router only needs it if you want to use a VPN that supports IPsec or PPTP protocols. However, these security protocols are outdated and unreliable. The best VPNs use faster and more secure protocols, such as OpenVPN and IKEv2/IPsec. In fact, NordVPN no longer supports PPTP and L2TP.
OpenVPN and IKEv2/IPsec don’t just offer better and quicker encryption; they also tunnel through the NAT on their own, so your router doesn’t need a passthrough at all. All you need for a secure connection is just to connect to a VPN!
Here's a short video, summarizing what a VPN passthrough is and why you don't need it with NordVPN:
Try NordVPN now with a 30-day money-back guarantee!