There is an increasing need to protect internet-enabled devices due to the rising demand in telecommunication. Individuals and companies are turning to VPNs for online safety. Luckily, the majority of employees in tech-savvy businesses have realized the importance of consumer-grade routers in their broadband connections. These technologies make life easier as they facilitate NAT-friendly VPN passthrough without necessarily changing the router settings to successfully enable a safe VPN tunnel.
Most devices connect to the World Wide Web through a router, which is a NAT (Network Address Translation) device. Intrinsically, the Point-to-Point Tunneling Protocol and NAT do not work in tandem. Note that most VPN connections begin right behind the router, hence traversing a NAT becomes an issue. PPTP passthrough comes in to allow a VPN network to cross over the NAT with ease. NAT or PAT doesn’t work without ports. It is thus important that you learn the functions of NAT and how it relies on ports. Keep reading to understand more about VPN gateways.
Simply put, a VPN passthrough is a feature of a router that allows devices on private networks to entrench outbound VPN without encumbrance. This feature only applies to outbound VPNs as opposed to inbound VPNs. The reason it’s referred to as ‘passthrough’ is that it permeated VPN traffic to transverse the router. In this case, the ports aren’t required to enable it as it works automatically.
VPNs have different protocols, but many use IPsec and PPTP. So, if you see any router claiming to support VPN passthrough, rest assured it supports these two protocols. In essence, VPN passthrough combines IPSec and PPTP passthrough. It is important to note that the two conventions are handled differently. Natively, the VPN gateway doesn’t support VPN technology. Due to the complexity of the VPNs, you have to switch on the pass-through function on your router every time you want to log into a VPN through a business notebook.
Does the passthrough function on mobile phones?
Through NAT, routers allow computers and other gadgets to share an internet connection. This is convenient as you don’t need to configure the connection settings on every device you need to use in your office. You might be asking yourself, what is VPN on a phone (mobile VPN)? Well, it simply secures your online activities when using a smartphone. In short, VPN passthrough can also work on mobile phones.
How exactly does the passthrough work?
Almost every router uses the NAT feature. Some routers support up to 3 simultaneous VPN connections, making them perfect for small office or home use. We have already mentioned that PPTP and IPsec VPNs cannot work with NAT. GRE (Generic Routing Encapsulation) is the part of PPTP that inhibits NAT. VPN passthrough replaces GRE with an upgraded GRE which is compatible with NAT.
PPTP relies on port 1723, which has the TCP channel. This channel facilitates control while the GRE protocol helps PPTP to encapsulate information and establish the VPN tunnel. Remember that the issue lies in the GRE, which doesn’t support ports rather than the PPTP itself. The reason NAT doesn’t work with GRE is that it requires a connection that uses a port number and an IP address, something that GRE lacks. PPTP passthrough addresses this gap.
Standard GRE vs Enhanced GRE
There are various differences between the two GREs but the most important concept is the Call ID. When a PPTP client tries to connect to the internet, they generate a special call ID and embed it in a modified header. The Call ID identifies a PPTP client attached to a NAT. A non-standard router must switch from the port to Call ID when the PPTP traffic approaches.
Can you disable VPN passthrough?
Small office and home network gateway devices use VPN passthrough not as the termination point of a VPN, but a passive device that allows VPN data packets to cross over a firewall. Various protocols are needed to permeate VPN traffic with regards to the type of VPN at hand. For IPsec, the User Datagram Protocol (UDP) is required on port 500 for IKE and port 4500 for NAT traversal. This feature can be disabled in the configuration menu.
What are the pros and cons of disabling VPN passthrough?
Disabling VPN Passthrough improves your online security as it blocks open communication ports on the firewall, which would be accessible and open to anyone. On the bad side, it is not possible to use a VPN connection because the necessary ports are closed at the NAT firewall. If you depend mostly on VPN for your office or home network, these ports must always be open.
But if you don’t need a VPN, you can disable the passthrough feature on your router. By default, all protocols and ports are blocked but you can always open them if need be. By disabling VPN passthrough, you are inhibiting L2P2, IPSec, and PPTP protocols from passing over your router’s firewall. You simply need to go to the settings and select “disable” and save the changes.
How to configure a router to enable VPN passthrough
- First, connect to a local network through your favourite browser
- In the URL bar, enter the IP address, which is provided by the administration program of your router
- You will be prompted to provide the admin ID and password
- Go to the security configuration settings and choose the option that enables PPTP passthrough
- Go to the port forwarding options and activate PPTP on port 1723. This depends on your routers the manufacturer
- Go back to the Windows key to search for VPN in the search bar
- Access the settings and choose Set up VPN connection
- Enter the IP address of the VPN in the field named Internet Address
- Type the VPN name into the Destination Name field
- Tick the Remember my credentials box and create a VPN
- From the Networks pane, click on the VPN and Connect
- After providing the username and password, consider it done
How can you be sure that VPN passthrough is working?
If you are not sure you’ve enabled the passthrough feature on your router, start by checking if your router has settings for IPsec or PPTP passthrough. Then go to your router portal and select the Security tab. Click the VPN passthrough sub-tab. Make sure that IPsec (50, 21/ 500), L2TP (1701), and PPTP (1723) ports are open. If you still can’t connect to a VPN, contact your VPN provider for more information on the software configurations.
The only way to make an outbound VPN connection is by using a router with the PPTP or IPSec passthrough feature. Using the step-by-step guide provided above, you can be certain that the feature is working on your network. By encrypting the traffic flowing between your computer and your network, the VPN ensures that your private information remains anonymous and hard to intercept. That way, no snooper can see what you are doing online.
Tech writer and privacy advocate
Julie is a firm believer in equal rights for everyone. She is a traveler and blogger, focusing her efforts on exposing censorship and discrimination around the world. She wants to hold corrupt governments and shady companies accountable by writing investigative articles and helpful guides.