Lan-wan or direct router? (NordVPN)

Hi, I'm a little confused and I hope to clear up that doubt. Having to subscribe NordVPN to take advantage of greater privacy and anonymity I purchased an AR750-S ext router to which I installed OPENWRT.

I would like to configure my VPN directly on the router but what I would like to understand first is the following question...

in terms of better privacy and anonymity the best configuration is:

  • Single router connected directly to the DSL telephone jack;

  • LAN-WAN cascade router (vodafone station - ar750s).

I believe that by eliminating the vodafone station and purchasing a router like fritzbox 7530 openwrt privacy and anonymity are better. While a cascade router would contaminate security and compromise anonymity.

Could anyone explain the right configuration to me better?

Thank you

You may improve performance if you set up VPN on a more powerful device.
But it doesn't matter for privacy/anonymity, also Tor is more suitable for those.

No, Tor is not suitable if it is not linked to a good VPN, precisely because the weak part of TOR is the exchange of security keys between nodes.

My question, however, still remains...

in terms of better privacy and anonymity the best configuration is:

  • Single router connected directly to the DSL telephone jack;

  • LAN-WAN cascade router (vodafone station - ar750s).


As long as all internet traffic gets routed through the VPN it doesn't matter.

1 Like

Okay, I thought that with a LAN-WAN cascade router, anonymity was a little compromised and it was better to use a router connected directly to the phone DSL socket.

Okay anyway once the firmware is OPENWRT the device type is irrelevant?

As long as OpenWRT does what you need and the device is powerful enough for the intended use then I guess so.

thank you really friend for being so exhaustive in the answers, you managed to get me some clarity.

The principle is that everything along the link between the VPN client and the VPN server need not be trustworthy at all. So it really doesn't matter what devices are involved.

Of course you need some sort of DSL modem since the ar750 is only a router.

yes but all routers now do not have the DSL port for direct connection, they are all routers to be connected in cascade.

I've seen the routers that NordVPN suggests are ALL cascading.

this model of Asus WRT suggests NordVPN, has no DSL port for direct connection to the DSL socket

The only OpenWrt supported VDSL hardware would be the Lantiq vr9/ VRX2xx series, which works fine, but is rather low-end (it already struggles to deal with routing a 100/40 MBit/s VDSL2+vectoring connection and super-vectoring isn't supported by the hardware at all). Running a VPN connection on this hardware in addition to the modem/ router tasks is completely beyond its abilities (well, it works, just not with satisfactory performance).

The reason why VPN providers prefer cascaded setups, is because this approach avoids having to deal with the additional complications of SIP (phone) or IPTV uses, which would need special care to set up (policy based routing, special VLAN tags, IGMP snooping/ proxying, etc.), as your ISP's phone/ TV services wouldn't be accessible over your VPN tunnel (let alone thinking about the SIP/ phone hard- and software necessary). If you know what you're doing, you can get this sorted on a single router (with an external modem), but that is more complicated than killing the problem with hardware.

Be aware that even though the Fritz!Box 7530 has basic (good) OpenWrt support, its internal VDSL2 super-vectoring modem and the FXS/ DECT hardware needed for VoIP phone needs are not supported and lay dormant (effectively 'degrading' it to a Fritz!Box 4040).

1 Like

I have no problem with VOIP, I do not use it and I do not care, a fritzbox 7530 is ideal since it is the only one in the series to have a DSL port in relation to the speed it offers.

My question was whether a cascade router was dangerous to privacy and anonymity compared to a router connected directly to the ISP's DSL socket.

As mentioned before, it has an xDSL port, but this port isn't supported by OpenWrt.

I did not know that the DSL port of the 7530 was not supported by OpenWRT, at this point there is nothing left, only cascade routers.

All I have to do is cascade my GLinet AR750s ext. Openwrt. with my Vodafone ISP router

The upper level modem/router is not required to be powerful.
But to achieve higher speed on VPN, you should use a device with good CPU performance.
So, splitting modem functionality to a separate device can reduce the overall costs.
Another reason is to delegate responsibility for internet connectivity on the ISP.

1 Like