Hi
I own a Deco ax3000 mesh system (2 units).
I currently have IPVanish that I use on my main PC, but I have not been able to get it integrated into my Deco ax3000 via the Deco Android app. I was wondering if I purchased the Total Security Package, would the VPN provided by TP-Link cover all devices connected to the WiFi, eliminating the need for IPVanish?
Also, I have an Asustor NAS and was wondering what your opinion is on needing extra security provided by the Total Security package in order to keep it safe, or is the default protection on my ax3000 enough. I use a reverse proxy to access Jellyfin outside my home network and I’m not sure how suspectable that makes me to intrusions.
Thanks!
In my experience, outbound VPN via the router is usually more trouble than it’s worth.
Many sites/services/apps will not accept connections from consumer VPN providers, as these services are frequently abused by attackers. Other sites that do allow access via a VPN impose additional verification steps (such as solving a Captcha or answering security questions), leading to frustration. This means you need be able to setup a virtual WAN interface and conditional routing go around the VPN to make these sites/services/apps usable.
It is just easier to setup VPN on the devices and servers themselves. This way users can can more easily enable/disable/configure VPN as-needed to deal with sites that restrict VPN access.
When it comes to exposing services to the Internet, I feel that it either should be done via inbound VPN or that you need an edge device with full NGFW and IDS/IPS capabilities, and possibly both. I would not rely on a consumer/residential router to do this; instead, I would look into TP-Link Omada, Sophos, Netgate, pfSense or OPNsense.
Thanks for the helpful and insightful reply! Sounds like it won’t be worth it for me and I hate dealing with captcha already.