If you’re a mac user or just fancy Apple hardware, than you may be currently using an Apple Airport Extreme, or Time Capsule as your router of choice. The Airport Extreme is a powerful all in one box that makes setting up a network, especially with Mac and iOS devices, a breezy, enjoyable process.
But what if you wanted to add a VPN service to your Airport? Maybe you want to secure your browsing, access geo-restricted services like Netflix, or any other reason. This is where the simplicity of the Airport’s design and software falls short. It does not provide the required platform to configure popular VPN services in order to encrypt all data flowing across the router. Although there is a VPN tab under the GUI, it only allows you to connect to a single private network point, such as connecting to a business network for work, as opposed to popular VPN encryption services. Additionally, you’re limited to unsecure PPTP/L2TP protocols, with no option to add OpenVPN.
Luckily, there’s still a way to do it, with a dual-router setup configuration. Simply put, you need to run a second third-party router dedicated for VPN, side-by-side the Airport Extreme, since it’s impossible to easily set it up on Apple’s firmware.
Wait what? Setup a VPN on my router, but why?
When it comes to new VPN users, Airport Extreme users or not often get confused with all the options and configurations possible. Since VPN services are most often suggested to be used over OpenVPN, or the provided software when available, setting up a VPN connection directly on the network router can be something new. If this is not new to you, quickly skip to the next section.
There’s mostly big advantages, and some disadvantages to watch out for;
The good thing is that you can encrypt ALL your devices at once, with one single VPN connection and account, by configuring it on your router. It will encrypt both wired LAN and Wi-Fi connection data, giving them all a single IP and country of your choice. This is a cost effective way for users that have a large number of devices. Many networks can end up having multiple management benefits from this type of setup, and it’s easy to ensure everything is encrypted at all times.
The main drawback is that you can no longer select different IP and countries for each device. Since all the traffic passes through that VPN encryption, there’s no way around it for all devices connected to the network. But there is a simple solution, that just so happens to be perfect for Airport Extreme and Time Capsule users, which is to setup a secondary router to handle all VPN connections, and the Airport can remain the open access point. This dual-router setup negates pretty much every con, and in turn makes your home or office network a powerhouse with possibilities you didn’t know existed.
The last negative that should be mentioned, is the possible loss of speed across the whole network. Many VPN connections can take some bandwidth away from your total speed, but luckily, many top providers offer blazing fast servers and shorter routes than conventional ones used by internet service providers, helping speed up the connection in some areas and applications, or at least keeping it on par with minimum speed loss. But, once again, a dual router configuration allows the best of both worlds.
How to Use a VPN Router with Apple Airport Extreme
First, let me explain that even regular home grade branded Wi-Fi routers are mostly incapable of setting up popular VPN services on them out of the box, however, users often get around this limitation by replacing the firmware to a much better option of available open-source GUIs available. However, before I delve any further into that topic, let’s just be clear that it is not possible to do this on an Apple device. They operate strictly on apple software and firmware, so this is once again where the dual-router bridging comes in;
As mentioned above, it’s not possible to flash an Airport or Time Capsule, and would not only void your expensive Apple warranty, but also remove all the apple compatible quirks offered with their software. Instead, using a second VPN capable network router behind or parallel with the Apple Airport is the way to go.
The Airport has native support for “bridging”, which allows you to turn the router portion off from the the Network tab, turning the device into a switch. This is one way of connection the Airport to a second router, while bypassing Apple’s firewall, but negates all the networking capabilities of your router.
Instead, I highly suggest you place a switch between your broadband ISP modem and your two routers. The topology goes like this;
Internet Modem –> Ethernet Switch –> Switch Port 1 –> Airport Extreme
–> Switch Port 2 –> VPN Router
With a little bit of luck, your internet provider might have updated modems with multiple LAN ports, negating the need to add a switch hub to the mix.
Connecting a second router creates a two separate networks. This adds a multitude of benefits, and creates two separate networks for you to utilize effectively.
Two Simultaneous Network Connections
Having two network routers virtually providers you two separate connections. Leaving your Airport running directly on your home ISP service, and utilizing the second router as a dedicated secure VPN gateway. This is great for both home and business use. You can have the encrypted side unlocking various online services while securing your data, and have the Apple Airport or Time Capsule on an open connection for everyday tasks. Or, using the VPN router as a secure home/small office business network. The applications are endless, but the value is that you’re not stuck having to constantly reconnect to VPN servers, instead quickly switching from one connection to another.
Extend Wireless Coverage
When Wi-Fi is a need, poor performance quickly becomes a problem. Instead of adding Wireless repeaters and extenders, this secondary router can be placed in a different location, to immediately add coverage to needed areas and rooms of the house or office. You’re also taking advantage of two different access points, reducing the load on each individual router, and facilitating setups for guest Wi-Fi connections.
Router Requirements for VPN
In order to run a VPN connection through any consumer grade router, you’re most likely going to need to “flash” the firmware to one of the follow options: DD-WRT and variant builds, or Tomato. Both are very popular options to not only open up VPN capabilities for client/server connections, but revamping and supercharging your router’s capabilities and performance. Flashing firmware is not very hard, but it’s not exactly easy either. It does come with a learning curve, and a fair share of research to ensure your selected device is compatible with a given firmware. First – let’s list the most popular VPN capable firmwares available, to better assess our options;
DD-WRT: Most popular and feature rich third-party firmware.
- Can be flashed manually on a long list of compatible devices.
- Can be purchased pre-configured from Buffalo routers.
- Can be purchased pre-configured from specialized shops: Flashrouters or Routersource.
ASUSWRT: Latest native Asus GUI firmware based off DD-WRT – stripped down for performance.
- Includes VPN service capabilities – no changes needed.
- Can be purchased on any of the latest best Asus Routers.
- Can still be flashed to improved Asuswrt-merlin or DD-WRT.
TOMATO: Second most used after DD-WRT. Just as good if not better – balanced features and performance.
- Can be flashed manually on a sizable list of compatible devices
- Can be purchased pre-configured from specialized shops: Flashrouters or Routersource.
Manually Flash Firmware
Flashing the “firmware” is the term used when talking about replacing the native GUI firmware with another one of your choice, and it sounds more complicated than it really is, but still remains a bit more advanced than just downloading software and installing it, and if done wrong, it can cause irreparable damage to the device. It should also be known that flashing a brand new router will usually be against warranty agreements and void claims. But overall, I don’t want to stress over that stuff, this isn’t an expensive iPhone and your router can do so much more with the right software running it!
For anyone that is totally new to this, I would first suggest to read more on the different third-party open-source firmware options available, such as; DD-WRT & Tomato. Either make a great choice for any home grade router, instantly turning into a secure, high-grade customizable router, comparable to commercial grade firewalls that cost hundreds to thousands of dollars. Manually flashing your device brings many benefits regarding advanced controls, easily improving Wi-Fi quality and extending the reach, better bandwidth control and of course, adding a VPN service directly on the router. This router can now be used in conjunction with your Aiport Extreme or Time Capsule, in order to provide an open and secure network simultaneously.
In the end, this may prove to be too technical for some users, but where there is a need, there’s always help and solutions around the corner. So, if technology, routers, networks and setting up advanced computer parameters are not your thing, what do you do?
Purchase a Pre-Configured Router
Flashrouters.com offer the convenient option of a professionally pre-configured device of your choice, on either DD-WRT or Tomato, and even go as far as offering you to purchase VPN integration from a few different providers along with the router itself, that way even the VPN part comes pre-configured. Now you can have the best of both worlds, routers with enhanced software can act in a dual router setup. So you can use your Airport for traditional use & the flashrouter for more advanced things such as VPN. While this option does involve the extra step of buying certain hardware it assures you that you’ll have hardware that is already configured with the custom software you need.
It may seem like a big step in price, but you’re paying for peace of mind that you’re getting the best pre-configured wireless router on the market, specifically programmed to work in conjunction with your Airport or Time Capsule, with seamless integration that allows you to switch between networks at the touch of a button. They even go thoroughly into the dual-router Aiport setup here. the The team at Flashrouters also goes above and beyond at providing stellar support over the phone, to help you with every difficulty you may face when connecting everything up at home. So if you’re not very techy, and don’t know any network technicians willing to help you out, this is by far your cheapest, yet most valuable option. If you’re feeling adventurous, I highly suggest checking our more on DD-WRT or Tomato, finding a compatible model, and going at it yourself. Either way, it’s time to get more out of your home network setup, and this is a great first step.
An alternative choice is Routersource.com. Just like Flashrouters, they offer pre-configured flashed models and specialized networking services, but instead of having DD-WRT and Tomato options, they have DD-WRT and Sabai OS. What is Sabai? Well, it’s a firmware developed specifically for VPN setups, and performs well under heavy loads. The whole firmware is designed to make OpenVPN protocol connections easy, as either client or server, and providing the best possible speeds and stability on encrypted data.
If those options are not the right ones for you, you can always opt for one of Buffalo’s 3 latest DD-WRT routers. That’s right, Buffalo now providers DD-WRT Firmware right out of the box on 3 of their most popular models. With 3 different entry level units, there should be a model to please just about every need and budget. Since the past year, Buffalo has revised these models and the second-gen routers perform better than ever.
Lastly, you can opt for an ASUS powered network using Asuswrt, or flash to DD-WRT firmware on your own – find the best models for either of these options on our best network routers for DD-WRT page.
Do Apple routers support VPN?
No AirPort routers support VPN. AirPort base stations can be used as VPN-passthrough devices but you would need a dedicated VPN server/router on your local network that can be accessed from a VPN client app on the remote device.