I’m currently using several Netgear routers at different locations which have a built in VPN function based on openvpn. I only use the VPN connection to access devices on the local network, and the Netgear routers have a built in function that allows to block access to wan and let the clients to connect only to LAN (home network only setting on the image below)
I first replaced my NetGear VPN feature using a GL.iNet MT2500 Brume 2 VPN device a year ago using TCP passthrough on the NetGear. A few months ago when the GL.iNet MT6000 Flint 2 was released, I got it since I wanted an upgrade to WiFi 6. The Flint 2 replaced both the NetGear and Brume 2 VPN device I was using. I plan to use the Brume 2 at another family members house to replace an old EOL GL-AR750S Slate that I’m using as a VPN device there which was the first GL.iNet device I ever purchased.
The big reason I got the Brume 2 in the first place was because the GL.iNet V4 firmware allows the OpenVPN Server to provide what I consider two-factor-authentication since it allows using both the OpenVPN client certificate and a username/password to connect to the OpenVPN Server.
