I don’t know how many or if IVPN and Mullvad own their servers at locations around the world. This thread pertains to using either of these two VPNs at the router level.
My understanding is that most, if not all, VPNs lease the servers and use their own software.
What advantage or disadvantage does either VPN have over the other?
Is it possible to configure a WireGuard multihop configuration using any location as the entry and exit points?
Any other things worth mentioning with respect to these two VPNs used at the router level?
From what I understand, if you’re running either IVPN or Mullvad VPN directly on a router, the practical differences become smaller because you’re typically using WireGuard or OpenVPN configs instead of their apps. Many of the advanced features (like IVPN’s AntiTracker or app-level firewall) only work in the official client, so they won’t apply at the router level.
Both providers are privacy-focused and support manual WireGuard configurations, so in terms of core VPN tunneling and security they’re fairly comparable when used on a router. The main differences tend to be:
Server network size: Mullvad has a larger network and more locations, which can help with speed or latency.
Extra privacy features: IVPN offers things like MultiHop routing and tracker blocking, but those benefits are mostly visible in the app environment.
So for a router setup, the decision may come down more to server availability, pricing model, and performance from your location rather than feature differences. Testing both with a short subscription might be the most practical way to see which performs better on your specific router and ISP setup.
All of Mullvad’s servers are diskless (RAM-only).
Mullvad physically owns a portion of their servers, whereas IVPN owns none, all IVPN servers are rented bare-metal hardware:
Mullvad has DAITA (Defense Against AI-guided Traffic Analysis); IVPN does not.
For a router setup I would recommend Mullvad, with IVPN deployed on endpoint devices. IVPN’s Pro plan supports more simultaneous connections than Mullvad and, in my opinion, offers better client-side features overall. IVPN Pro subscribers with at least one year remaining on their account get free beta access to both Mailx (email aliasing service) and modDNS (DNS filtering service). Both services will remain free after public release for beta participants, provided you maintain an active IVPN subscription.
1 Like
I use Clouldflare Warp (WG config) on my router. This gives me whole-of-network coverage and a local exit-point (for banking or for when I’m sick of captures and the activity doesn’t demand more extreme privacy). Then on endpoint devices I add whichever vpn client I want (Mullvad/Proton or one of my personal wireguard servers). Yes, I guess there is added latency because my laptop packets have to travers first through the cloudflare vpn tunnel before routing through one of the others vpn’s I listed. Honestly, I don’t really notice any latency ..but then again, I’m not a gamer and my threat model might not be as high as yours.
I’m also exploring switching up my router to PFsense/Opnsense for split tunnelling at the router level. Hardware has been acquired (dual min PC’s for redundancy) 
I just need to find the time to deploy it. So many fun projects, not enough time 
Maybe someone else can chime in and provide input on that idea for you.
What are the privacy differences at the router level?
Has there been an actual comparison made about the differences in the number of locations and servers between the two VPNs?
How do we check which location has Mullvad-owned servers?
Does DAITA work at the router level? I thought that was only available on the apps.
I’m not worried about the increased latency, as it’s not that big of a deal when browsing.
Can you elaborate on this Cloudflare Warp (WG config) setup? Are you using Cloudflare with Mullvad and IVPN?
I’m also interested in deploying an OPNsense router myself. Is their split-tunneling implementation better than other brands? Any other read-up about it? I want to fully secure the networking side.
BTW, I think your Mullvad/Proton combination is a great idea.
DAITA is an application feature on clients.
To check which servers Mullvad owns, you can use:
For router specifically, iVPN is better as it relies on open standards for obfuscation against DPI while Mullvad doesn’t. Read about their V2Ray offerings. If you’re using plain Wireguard - both are fine.
It doesn’t. Posters were referring to app client features/were misinforming you.
OPNSense isn’t as flexible as OpenWRT and doesn’t support any other protocol except legacy VPN. But, given the fact you’re not as technical as i am, i think you will be fine with OPNSense. Their out of the box policy based routing sucks and i found myself fighting against the OS just to do PBR tailscale. I don’t know a single reason to continue using *BSD routers in all honesty.
We can only use standard WireGuard configuration on a router, right? How does IVPN have the advantage with obfuscation?