Blog Post View

What is a VPN Passthrough?

A VPN keeps your traffic safe, secure and maintains online privacy. However, the working of a VPN is much more complex then one can imagine. There are multiple components that need to be considered within a VPN and for the smooth functioning of inbound and outbound traffic.

One such feature is the VPN passthrough. Further to this let us understand what is VPN passthrough.

What is VPN Passthrough?

VPN passthrough is a feature required in routers for outbound connections while a connection is routed using a VPN. This feature lets unobstructed traffic via the router and is only required for outbound traffic and not inbound traffic.

VPN Passthrough provides seamless outbound VPN connections. For instance, if you have a VPN client and need to connect to a VPN server, in case your router supports VPN passthrough feature then a successful outbound connection is established.

The absence of a VPN passthrough feature can be an issue in case you are using VPN, based on the VPN protocol. Let us understand why a VPN passthrough is needed.

Why use VPN Passthrough?

Routers most often use NAT or Network Address Translation. This is used while connecting two networks. It translates private addresses that are used in an internal network into a valid network address before forwarding a network packet. This is used to enable the usage of more internal IPs and has a unified IP addressing system between two networks for communication.

Similar to NAT, PAT or Port Address Translation is used over multiple devices available on LAN. This enables multiple devices available on LAN to be mapped to a single IP address. While NAT uses a pool of public addresses and uses the same port, PAT translates to a single public address and uses different port numbers.

Now the issue is when we use a VPN, there are multiple supporting protocols available based on the VPN server. Some of the commonly used VPN protocols are – IPSec, PPTP, L2TP. These protocols are not compatible with NAT and PAT.

VPN passthrough features allow all of these individual protocols to seamlessly work with NAT or PAT. Most routers support the below features:

  • Enable/ Disable PPTP passthrough
  • Enable/ Disable L2TP passthrough
  • Enable/ Disable IPSec passthrough

For other VPN protocols such as OpenVPN, SSTP, SoftEther, we do not need to enable VPN passthrough. This will work without VPN passthrough. However, if your VPN uses IKEv2, then you will have to enable VPN passthrough.

One point to highlight is that, in case you work over PPTP connection, then ensure you enable PPTP passthrough only if you are sure every time the connection will be made via VPN. Else, in a scenario where you forget to get connected to a VPN, the traffic will be simply unencrypted and passed using the router. Such a connection using PPTP can be dangerous as PPTP is not very secure.

So, disabling VPN passthrough blocks open communications ports, since these are not accessible from the router. This provides enhanced security. However, if you need to use VPN then you will have to enable VPN passthrough. Only then would you be able to establish a VPN connection over a communication port. Here the port will not be blocked.

VPN on a router and VPN Passthrough on a router:

VPN on a router means all your web connection via the router will be channeled using a VPN. A router can be explicitly enabled to use a VPN for every traffic. This ensures enhanced security. However, this is different from a VPN passthrough feature available in the router.

One the other hand, VPN passthrough is a feature available in the router which can be enabled or disabled for various VPN protocols. This feature allows a successful connection to the VPN server channeled using a router.

Share this post

Comments (1)

  • DB Reply

    Nice Information thanks for sharing you can also check our website -

    Feb 19, 2020 at 10:56 AM

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.

Login To Post Comment