I started an earlier discussion on this topic, but I realized that a poll was probably really more what was called for. I don’t think this is really a question with a right or wrong answer, but I’m more looking for the prevailing opinion or “gut feeling” on this topic within the community:
Would you feel safe using the VPN server built in to a consumer-grade router to provide access to your home network? (Assume up-to-date firmware.)
No, I would deploy and maintain my own VPN instead.
I said yes, but it would depend on the router. I have the most basic Ubiquiti router, the express one that only has two Ethernet ports. This feels consumer level to me, but could be used in a small office.
I relatively trust them since they are well regarded. They are also more businesses oriented and their VPN feature is used by businesses buying more expensive models.
If it’s a less widely used model from a different company, I might go with wireguard to ensure privacy and a vetted open source solution.
Yeah, in my particular case the router is Asus, but I figured making about Asus routers specifically was too niche. The logic about routers that are marketed to small businesses and therefore the VPN is more of a prime feature makes sense, though. One of my areas of concern was if the VPN server is a much less used feature of the router in question maybe not as much attention is paid to it (in terms of default configurations, patching, etc.).
I’m not very familiar with ASUS. I tried searching for info and found this:
Which makes it sound like they are fairly serious about the VPN feature and intend for it to be used by small businesses.
And this says latest firmwares can use wireguard:
This sounds relatively safe to me, as long as you are using the latest firmware and receiving security updates. I think I would recommend most people to use router’s version in this case.
Thanks for taking a look! While not that exact model, mine also offers Wireguard, so as long as they’re using the normal open source Wireguard and their firmware updates keep up with any patches for any significant vulnerabilities, then I assume it should be okay. Now that you mention it, I guess I could at least go check with the open source Merlin software uses for it’s wireguard VPN, as it might be reasonable to guess it’s the same as the proprietary firmware. Then I could look at upstream security updates for that software vs. firmware update dates for my router to see if track eachother well.