this post was submitted on 17 Dec 2025
34 points (94.7% liked)

Selfhosted

53767 readers
389 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
34
Router VPN? Express put to rest (lemmy.zip)
submitted 2 days ago* (last edited 2 days ago) by rook@lemmy.zip to c/selfhosted@lemmy.world
10 comments fedilink hide all child comments
 

First of all I know express is not the best VPN, i've been wanting to change for the past year.

Now seems like the time is finally here to switch VPNs, or not...

My question is what VPNs work for routers that are privacy friendly?

Do you recommend installing VPN apps on separate devices instead of the router?

What VPNs?

How do you use your VPN at home?

Should I stick with Express and get a new 300$ router? (i'd rather not)

mulvad on a router? iVPN?

Advice, thoughts?

EDIT: my router is a Linksys WRT3200ACM

top 10 comments
sorted by: hot top controversial new old
[–] stratself@lemdro.id 10 points 2 days ago

How did you exactly install Express on the router? Did you use an app or something of that kind?

If the VPN provider has WireGuard support, you may wanna use a wireguard client software to connect to it. Flash OpenWRT on the router, install and configure a wireguard interface that connects to Express, then forward packets from behind LAN to that interface so they go through the VPN tunnel. A bit tricky for beginners, but I hope you can make it.

Since OpenVPN protocol seems to become unsupported in the future, Wireguard should be the way to go. Mullvad/IVPN should also support it, and once you know how to set it up it should be usable across many services and devices.

Do you recommend installing VPN apps on separate devices instead of the router?

For flexibility I'd do this. In case I'd wanna switch upstream servers for a single device without affecting others.

[–] jubilationtcornpone@sh.itjust.works 11 points 2 days ago (1 children)

I exclusively use my router as the VPN client for a few reasons. There are multiple services on my network that use the VPN. I've got static routes configured which effectively act as a kill switch and I can use QOS to prioritize traffic. It's pretty much set it and forget it. You can use any VPN service as long at they offer a protocol your router supports. I use Proton via WireGuard and have for years.

[–] irmadlad@lemmy.world 6 points 2 days ago (1 children)

So, how do you change the IP of your VPN on the router if say, you wanted to unblock something that was geoblocked, other than manually on the router's WUI? Curious, since I have read of people deploying a VPN on the router. Do you just pick a location and go with it? I've always have enjoyed the option to change geographical locations on the fly, from the device app.

[–] jubilationtcornpone@sh.itjust.works 2 points 2 days ago (1 children)

It definitely makes it more difficult to switch endpoints manually. I have multiple VPN connections with different exit nodes configured for failover in case one (or more) of them is unreachable. I don't run into geoblocking issues very often but I also don't route all my WAN traffic over VPN. Just some of it.

What you can automate depends on your routers capabilities. Mine is a Mikrotik which does have fairly extensive support for custom scripts. However, detecting Geoblocking is probably going to involve parsing HTTP responses which is beyond the capabilities of almost all consumer grade routers. You would have to effectively do a MITM attack (aka deep packet inspection) in order to accomplish that on something other than the client device.

TLDR: I manually change routes to a different VPN if needed but I very rarely run into Geoblocking issues.

[–] irmadlad@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

That's cool. I pipe everything through a VPN.

also don’t route all my WAN traffic over VPN. Just some of it.

Are there advantages in doing such or what is the reasoning behind that? I would have anxiety......not that I have anything to hide /s

[–] scrubbles@poptalk.scrubbles.tech 6 points 2 days ago (1 children)

They killed off openvpn support a few years ago and am glad I did. They don't care about power users, so they don't care about my money either. Good riddance

[–] CrazyLikeGollum@lemmy.world 1 points 2 days ago

Really? I've been using ExpressVPN on my torrent box with an OpenVPN client for years. It's still working today.

I know they're not the best, but I've been too lazy to switch on that device.

[–] undefined@lemmy.hogru.ch 2 points 2 days ago (1 children)

My router is just a Protectli Vault mini PC with Alpine Linux. You can essentially pick your favorite Linux (or BSD) distro and make it a router.

[–] jubilationtcornpone@sh.itjust.works 2 points 2 days ago

Those Protectli Vaults are neat little devices.

[–] possiblylinux127@lemmy.zip -2 points 2 days ago

I wouldn't bother with a VPN honestly