Only have basic knowledge of VPN and finding it confusing so looking to you for help. I currently subscribe to PrivadoVPN to change my geo location and hide IP from ISP - that is my main concern. I don't ever need to remote to my home network. My questions at this point:
Can a hardware VPN router like the MT2500A accomplish same as my PrivadoVPN, allowing me to ditch the subscription?
If yes for #1, I gather I'd have to set up the client and server on my VPN hardware - correct?
I've searched the net for material that could answer a lot of my questions but nothing all-in-one that covers a lot of questions, so any suggestions on good tutorial books?
I'd rather not pay for a service if don't have to. Is it complicated to set up my own "vpn service" via MT2500A for that (insofar as settings, and any ISP involvement)? Know of a good setup guide for this? Regards.
Rather I'm reading wrong or @admon has but having your hardware based VPN setup on a router which is at your home will result in having the same ISP IP so the answer surely here is NO you can't ditch your subscription VPN in order to mask your ISP IP.
Which would then give you a personal VPN however your billing info / address will also be tied to you so I wouldn't opt for that. Use a VPN provider and their DNS to get lost amongst the traffic.
Ok I think that answers my main questions. So if I'm using Privado service, AND also using the MT2500A, am I gaining anything by having the hardware? Is only benefit of the hardware being able to remote into home?
Theres a few benefits to having your client config at the router level.
No need to install any privado client on end devices as the client config on the router will allow you to choose what devices to route
You may have a 5 device limit on your account which means you are restricted to the amount of end devices which can have the VPN running. Installing the client config on the router means you use 1 connection however you can actually route any of your devices via it, bypassing the device limit.
You may have a smart IoT devices which you want to go out via VPN but obviously it doesn't have an interface that's accessible, same with a smart TV for example. So how do you install privado (or any other 3rd party VPN client) on that device, you can't. Again, having the client config on the router allows you to select the devices of your choice regardless of what they are.
Another benfit of the travel router is that if you keep the same SSID and password when you travel all your devices just connect straight back up like your at home.
You don't need to have a subscription as such, I've taken a "lifetime" VPN provider before for just general browsing, there's also ProtonVPN which will work if it's general browsing (not P2P)
Just ensure they offer wireguard as that is better on performance / speed compared to a openvpn config.
I just want to clear up your VPN question a little more with regards to clients / servers.
There a two things going on with regards to the VPN.
So there are 3rd party VPN providers whereby you connect to them (privado in your case) and they will give you an external IP in the country of your choice depending on the config.
Then there's the VPN servers on the glinet routers.
Wireguard or OpenVPN servers, they run locally on the hardware and obviously they connect to your WAN ISP so there's no geolocation go on here in your own network, you would still get your ISP IP when you connect to your servers.
So why would you want to run the local hardware VPN server? Well thats for when you travel on public WiFi or you maybe in another country and want access to local services which requires your local ISP connection, that's why you would use that VPN. You create / enable the VPN server and then make clients for the server you enabled on the client travel router. These are your local clients (phone, desktop, tablet)
For privado or any other 3rd party VPN service you would just use their config file, you don't need to be running a VPN server on your hardware as that's for your personal VPN. You just need to insert the config from privado. Your router will then connect to privado and you can either route all traffic to privado or policy based routing.
So when you said you will use a wireguard client, you must use the client from privado not create your own wireguard config on the router as again, that's for your own VPN server which would point to your WAN.
If you use the Wireguard config from privado on the router then there is no reason to use the desktop client as you can policy route via the router (choose which to route via VPN) however the speeds might actually be better on the privado desktop client as the pc CPU will be better, but if your ISP are slow anyway you won't notice the Wireguard or openvpn speed hit.
Thanks for clarifying. I won't need to remote into my home network so I'll set up a client only on my MT2500A device.
I placed this device between my modem and firewall appliance. I'm also using PrivadoVPN service on my user pc. Without a client set up I can get out to the web no problem but after setting up VPN client it doesn't allow me out and I don't know why. I tried a number of things and still trying but one question I have now is that GL.inet says PrivadoVPN is not listed as supported by Wireguard, however the PrivadoVPN site does have a conf file for Wireguard. Consequently, that's why I tried Wireguard client setup anyway but can't get outside until I Stop it. So first off, is the gl.inet documentation just out of date? Should the device actually support PrivadoVPN for Wireguard?
As admon says, any config should work, glinet have just listed the most popular and some are integrated into the firmware for easy login / selection of servers.
You will need to make your wireguard config over at privado and then import via the web GUI on your router.
I would assume that maybe your wireguard config isn't connecting properly hence you get no outbound connection with your client running on the router.
As for the PC, make sure to not be running the desktop privadovpn app and also routing on the router.
In the router settings there are options to "global route" or "policy based via device / Mac" I choose the latter and just route certain devices. You could change from the default "global" to policy based and select the pc to go via VPN. Enable the client (on router) and see if your pc can connect to the web, if it fails but say your phone that isn't selected to go via VPN connects to the web then you know it's a problem with the Wireguard client / config itself.
I found the blockage and worked around it to get the MT2500A device working under Wireguard VPN.
I had the MT2500A placed before my Protectli Vault firewall device (between ISP modem and FW device), but that would only get me outside without VPN enabled.
After repositioning the MT2500A today between the firewall device and my pc, it all works no problem with VPN enabled on the MT2500A. So something within the firewall device doesn't like the VPN in front of it (may be just a reconfig of the firewall device, I'm not there yet).
I gathered early on that the VPN device is ideally placed right after the ISP's modem, to protect the whole home network. But as I have it now, it's only protecting what I do from my pc. However, as there's really nothing else but dumb switches, wireless devices (phones), and TV's connecting to the modem, and I have the only actual pc on the home network, I assume this network config is fine and sufficient for me - unless I'm missing something important?