VPN Passthrough vs IPsec Passthrough: Understanding the Difference

In the domain of computer networking, you will come across the term “VPN Passthrough," a feature that is built into a router, and the terminology can be quite confusing. In this article, we will try to cover what VPN passthrough is, how it works, and why it is even required.

What is a VPN Passthrough?

VPN passthrough is a feature available on the router that allows any device connected to the router to establish an outbound VPN connection. For example, if you want to connect to a VPN server using a VPN client in your device, the router VPN passthrough feature on the router enables that VPN traffic.  VPN Passthrough feature is mainly required for routers with older protocols such as IPsec and PPTP.

Most modern routers have a feature called Network Address Translation (NAT) which allows several devices on a LAN to share a public IP address. Older protocols such as IPsec and PPTP are not compatible with NAT. Older routers with these protocols will allow the VPN traffic to establish; it may drop the packet and block the connection.

How does VPN Passthrough Work?

For a VPN connection to establish, VPN traffic originates from the VPN client on a device that goes through the router to the VPN server. Modern routers with NAT can’t comprehend older protocols which can result in dropping or blocking VPN connections. VPN passthrough feature bypass NAT and auto forward the VPN traffic using additional ports.

Some of the disadvantages of enabling VPN passthrough include the following:

• It weakens the security of the local network as it is based on outdated protocols, which is less secure
• It can be complex to setup with previous technical experience
• It requires port forwarding to be enabled on the router

VPN Passthrough: Enable or Disable?

Generally, the VPN passthrough is already enabled by default on the active router. However, if the VPN doesn’t have updated protocols, you must enable it. Further, to access protocols like L2TP and OpenVPN, one needs to enable the VPN passthrough.

What is IPsec Passthrough?

IPsec Passthrough is a secure network protocol suite that helps to set up encrypted connections between devices. It is used to secure VPN connections by encrypting IP packets and authenticating the source from which the data originates. Modern routers with NAT protocol don’t support IPsec. IPsec VPN passthrough feature allows to establish secure IP connection over the gateway and makes it work with NAT protocol.

How to Enable IPsec Passthrough?

Some of the disadvantages of IPsec passthrough include:

• It is not very secure. Any vulnerabilities at the IP layer could be passed to the corporate network through the IPsec tunnel.
• Without proper IPsec Passthrough configuration, traffic can be blocked by a firewall.
• Most modern routers come with VPN passthrough and IPsec passthrough features. VPNs are not secure as it provides excessive trust to its users.

Zero Trust solutions by InstaSafe, such as VPN Alternatives, eliminate the risk of excessive trust by providing granular access controls to users by enabling access to applications on a need-to-know basis.

You can also visit our official website to learn more about InstaSafe’s Zero Trust solutions.

FAQs on VPN Passthrough and IPsec Passthrough

1. Should VPN passthrough be enabled?

By enabling VPN passthrough, you can connect any device through a VPN connection.

2. Should I turn off the VPN passthrough?

By turning off the VPN passthrough, all open communication would be blocked, which results in enhanced security.

3. What is the difference between a VPN server and a VPN passthrough?

A VPN server is a server network that helps in establishing secure networks over the internet. At the same time, a VPN passthrough is a router feature allowing outbound connection.

4. How do I enable VPN passthrough?

To enable VPN passthrough, you must go to VPN settings or the VPN option. Then choose the “Allow VPN connection for this device” option. After clicking on it, the turn option on or off will appear. Choose the enable option.

5. What happens if I turn off the VPN passthrough?

The network's security would be enhanced since the network won’t be open and accessible. But the user won’t be able to use a VPN connection.

6. Should I enable IPsec passthrough?

The routers that rely on NAT protocol enabling IPsec passthrough, will establish secure IP connection.

7. How do I enable IPsec pass-through on my VPN connection?

Many routers have IPsec passthrough enabled by default. But if it is not, read the router manual to enable it.