VPNs, or virtual private networks, have become essential for businesses and individuals who need to securely access private networks from remote locations.
They allow users to establish an encrypted connection to a private network, letting them access resources and data conveniently.
However, when a VPN connection is established, the VPN client and server need to be able to identify each other’s IP addresses to establish a secure connection.
This is where the VPN passthrough comes in. It’s a feature on routers that allows devices connected to them to create an outbound VPN connection. In other words, it allows VPN traffic to pass through the router to a VPN client or server on the other side of the connection.
How Does VPN Passthrough Work?
It’s essential to know the NAT (Network Address Translation) process to understand how VPN passthrough works.
Most standard routers are equipped with NAT technology. It allows them to change the private IP addresses of multiple devices on a private network to a single public IP address before transmitting the information.
Older VPN protocols, such as IPsec and PPTP, are incompatible with routers’ NAT technology. These protocols use methods to encrypt and repackage chunks of data that don’t provide the NAT with enough information to deliver them to their intended recipients.
The VPN passthrough feature is used to solve this problem. It forwards VPN traffic through the router using additional ports without interfering with the NAT process.
It’s important to note that different VPN protocols use different ports to achieve this functionality.
Understanding the VPN Passthrough Process Better
The following example will help you understand the VPN passthrough process better.
- Users want to remotely connect to their company’s private network from their home computer.
- They use VPN client software on their computer to establish a VPN connection to the company’s VPN server, which is located on a private network.
- The VPN client sends the connection request through the user’s home router, which is performing NAT.
- With VPN passthrough enabled, the router intercepts the VPN connection request and examines the protocol and ports used.
- It recognizes VPN traffic and forwards it to the VPN server, bypassing the NAT process.
- The server receives the connection request and authenticates the user.
- Once the authentication is successful, the server and client establish a secure, encrypted connection.
- The user can now access resources and data on the private network as if they were sitting in the office connected to the corporate LAN (Local Area Network).
How To Enable and Disable VPN Passthrough?
Most home routers come with VPN passthrough enabled. However, consider using the steps below if you need to enable VPN passthrough on your router.
- Go to the network settings of your router and find its IP address. It’s usually listed as the “gateway” or “default route.”
- Next, open a web browser on your computer and write down the IP address that you just found. It will take you to a login page.
- Enter the login credential of your router to sign in. You’ll find these credentials written on the back side of your device.
- Now, you’ll need to go to the VPN passthrough setting. It’s usually located under the security and firewall settings. Keep in mind that not all routers support this feature. So, go through your product’s user manual to determine if your device offers this functionality.
- Once you’re on the VPN passthrough page, you’ll see different protocols and need to enable the one your VPN uses.
- Next, click on the “Apply” or “OK” button to complete the process.
- The last step is to turn off your router and unplug it for 10 to 15 seconds. After that, restart it again, and the new setting with VPN passthrough will take effect.
To disable VPN passthrough, go to the same settings page and disable the protocols you selected.
Protocols and Ports
As mentioned already, different protocols use different ports for VPN passthrough.
- L2TP Passthrough requires 1710, 4500, and 500 UDP ports to function correctly.
- IPsec Passthrough: It runs on the 4500 port for IKE and NAT traversal and opening UDP port 500.
- PPTP Passthrough: It uses TCP port 1723 to work correctly.
Should I Disable VPN Passthrough?
Disabling VPN passthrough means that the router will no longer allow VPN connections to be established using the L2TP, PPTP, and IPsec protocols. These protocols rely on specific ports to create VPN connections, which VPN passthrough provides.
If any of these protocols are involved, any device connected to the router won’t be able to establish a VPN connection without this feature.
However, if your VPN uses a modern protocol, such as OpenVPN, you won’t need a VPN passthrough because they can bypass NAT on their own.
Difference Between VPN Routers and VPN Passthrough
A VPN passthrough is a software feature that allows VPN connections to travel through a router. In contrast, a VPN router is a device with VPN capabilities built-in.
This means it can establish and manage VPN connections for all devices connected to it without requiring additional software or configuration on the devices themselves.
A VPN router is also usually more powerful in processing and security than a basic router with a VPN passthrough feature.
VPN passthrough is a critical feature to consider when setting up a VPN connection. It allows devices connected to the router to establish secure VPN connections using old VPN protocols such as IPsec, PPTP, and L2TP without any additional configuration.
However, it’s important to note that not all routers have this feature built-in, some may require specific configuration, and others may have built-in VPN server support.
Before planning to configure this feature, you will need to consider the protocol that a VPN service uses and the type of router you have.