I’ve been looking to get a router with vpn capabilities that i can use with my proton vpn provider and I’m hoping to get your thoughts on it.
My wants are just all devices on my network to have encrypted traffic from isp opposed to doing so manually. Additionally, a trusted company and country of origin. I use a pihole at the moment which i connect manually to for dns because my router doesn’t allow modifications. There’s up to 10 devices on the network.
I’m currently thinking a GL MT6000 and flashing OpenWRT on it. Is this overkill, are there any better options now? I don’t want to spend crazy money on the solution but will pay enough to have it work. I’m in the UK
The GL MT6000 would be my preferred choice. I support hundreds of GL routers for clients (including about a dozen new MT6000s) and have been pleased with the dependability and flexibility of the platform.
Depends on who you trust more - your ISP at home or some random VPN provider / VDS hosting? I guess nowadays 99% of traffic is already encrypted, thanks to HTTPS, so in most cases your ISP won’t see much apart from the initial TLS handshake with the host you’re connecting to and probably some DNS requests.
I second, but put vanilla OpenWRT on it right away.
Or Headscale for self hosted
I’d actually probably leave the GL firmware on there. It’s been refined quite a bit and has some convenient functions, especially for use with WG. Pretty sure it supports both ProtonVPN opvn and WG protocols out of the box these days.
Vanilla is better from a security perspective and should continue to be updated with the project since it’s on supported hardware. I think the kernel is even newer than the gl version. On top of being code reviewed by others than a private company.
Agree with you about the code reviewing (even just on general principle). That said, if you dig into the GL stuff, it’s mostlly just convenience scripts that superset the native UCI commands and basic linux utils.
For advanced users I’d agree it’s the right path, but for the “not quite as technical” it’s probably adding some security simply by setting reasonable defaults and option combinations.
On the few cases I’ve built some custom firmware for these, I found it easier to just mod the GL additions… but to your point, in those cases I was just adding automation or extending features for home use. Not trying to build a hardened bastion host.
(EDIT = can’t spell tonight)