What is a VPN passthrough?
A VPN passthrough is a router feature that allows you to establish an outbound VPN connection from behind your router’s firewall. The name is derived from the fact that it lets virtual private network traffic pass through your router’s defenses, which might otherwise slow or prevent this movement. However, you shouldn’t confuse it with a VPN router, which itself implements a VPN connection.
A VPN passthrough allows VPN traffic to move without being blocked. It does this by ensuring that old VPN protocols, such as PPTP and LT2P (an outdated IPsec version), don’t recognize and block the traffic.
Even though it ‘sits’ on your router, it’s not the same as a VPN router. The former is a feature that allows traffic; it doesn’t do anything else on its own. Meanwhile, a VPN router, which can be either a hardware device with a preset VPN on it or a home router with a VPN client you set up yourself, encrypts your traffic and protects all devices connected to your network.
How does a VPN passthrough work?
To understand why you may or may not need a VPN passthrough, it’s essential to know how it works. And it all starts with something called the Network Address Translation (NAT) – a tool that comes standard with many routers, and that can hinder your VPN connection.
NAT is great – it sits between your network and the wider net, filtering the traffic, making sure that you only receive the information you asked for, and protecting you from viruses and hackers. It also solves a huge problem we all have using IPv4 – lack of IPs. NAT knows private IP addresses of all the devices connected to your router, which it needs to send you the requested information.
But to do its job properly, the NAT needs certain information about the connections leaving and entering your router. The problem arises when the VPN protocols are old and outdated and try to get through. The way they encrypt your connection doesn’t give the NAT enough information to do its job, forcing it to block those connections.
This is where a VPN passthrough (also called a PPTP passthrough or IPsec passthrough, depending on the protocol your VPN uses) comes into play.
What is IPsec passthrough?
An IPsec passthrough is a VPN passthrough that uses the IPsec protocol. The same goes for PPTP passthroughs: they are just VPN passthroughs that use the PPTP system to establish VPN tunnels. IPsec and PPTP are sets of rules that allow VPNs to establish encrypted tunnels to protect your data. Routers with VPN passthrough functionality usually support both IPsec and PTTP.
The main advantage of enabling the VPN passthrough function on your router is that it allows you to use a VPN, even if your VPN relies on older VPN protocols.
However, it’s important to note that this isn’t much of an advantage since these older protocols are not the best available. Newer, better VPN protocols can bypass the NAT on their own, without using a VPN passthrough.
The disadvantage of the VPN passthrough feature is that it is only useful if you want to use outdated VPN protocols like IPsec or PPTP protocols. However, these security protocols are old and unreliable. The best VPNs use faster and more secure protocols, such as OpenVPN and WireGuard. In fact, NordVPN no longer supports PPTP and L2TP.
OpenVPN and WireGuard don’t just offer better and quicker encryption. They also tunnel through the NAT on their own, so your router doesn’t need a passthrough at all. All you need for a secure connection is to connect to a VPN!
How to enable VPN passthrough
You can enable VPN passthrough in your router settings. It might appear in a tab called something like “Enable VPN passthrough” or “Virtual server.” Every model of router is different, so the method will vary slightly from one to another.
Most routers have VPN passthrough enabled automatically, however, so you only need to try to manually set it up if you’re having trouble using old, outdated VPN protocols. Again, these protocols aren’t usually a good idea to begin with.
VPN passthrough: enable or disable?
The short answer is — don’t bother enabling VPN passthrough, because it’s probably already active on your router. Furthermore, you would only need to enable it if your VPN isn’t using up-to-date protocols.
If you really want to use protocols like OpenVPN and L2TP, then you should enable VPN passthrough, but that is not advisable for most users.
Do you need a VPN passthrough?
You do not need a VPN passthrough, unless you’re determined to use old, outdated VPN protocols. Modern protocols allow VPN traffic to pass through NAT unhindered, so setting up VPN passthrough on your router isn’t necessary.
Using up-to-date protocols also provides better speeds and stronger security. With NordLynx, one of the protocols available to NordVPN users, you can enjoy unrivaled speeds, while still keeping your data secure.