Advantages/drawbacks of setting up Windscribe at the router level?

I mainly use Windscribe on one Windows PC, but I use this PC as a server and would like Windscribe to work without having to log on to Windows. This led me down the rabbit hole of using OpenVPN/Wireguard at the router level, which I’m not very familiar with. I have a custom plan with unlimited data through only some US server locations. I have an ASUS router which supports OpenVPN configurations. I have some questions:

1. I’m worried about speed/bandwidth through the VPN. If all of my internet goes through VPN, will I experience lower performance when streaming Netflix, gaming, having Zoom calls? Will it have any negative effects on streaming on a smart TV?
2. The Windscribe client has options for blocking ads, malware, etc. Will using the OpenVPN configuration on my router still block these things?
3. Will blocking ads cause YouTube or any other sites to stop working?
4. Are there any other caveats I should know about when considering setting this up at the router level?

In general, I’d like to know more about configuring at the router level and whether this is generally recommended.

Not an exhaustive list but some positive / negatives.

​

Advantages:

• All devices connected to it and run via the same ip and server
• All devices secured
• Counts as 1 Device ( wireguard as an example )
• Internal network between your device isnt affected at all.
• Can Multihop ( Router 1 country , device app another )
• Weaker devices like Tvs and Fire TV /sticks and stuff dont need to lift the burden of encryption ( Example my TV can do between 36-72 mbit on wireguard…)

​

Negatives:

• All devices are connected ( maybe you dont want some , and not all routers support fine grain configs )
• Needs a strong CPU router or your speeds plummel which usually means a pretty expensive router Specially at Ovpn… expect HARD punishments in speed on router set ups.
• if you want to swap countrys all devices disconnect shortly ( or you install the app on the devices too )
• Missing all the features the windscribe apps deliver.

I have Windscribe configured on my OPNsense gateway, policy route for my CentOS server running my Arr-stack to be routed over the tunnel.

If you can’t control routing to exclude specific clients, you may be better served running it client side.

I use it on my Deco network. I am able to pick and choose what clients are able to use the VPN so it doesn’t affect the whole network.

Are there any other caveats I should know about when considering setting this up at the router level?

If you take a device (laptop, phone) to another LAN (travel, McDonald’s, whatever), you suddenly have no VPN, and may forget that.

I’ve tried it recently with my Asus router that has this VPN fusion feature and it worked well at first, but I think it was too much for the router and the connection kept dropping until I restarted it.

I have a restrictive ISP, and I don’t have the choice to change.

They provide the router, and insist that if you want WiFi, you use their system, and pay monthly extra for it.

I have circumvented that, by switching the WiFi off at the ISP router, and I use a Google Nest mesh network for the WiFi.

I know I can’t put the VPN on the ISP router, but is it possible to put it on the Google network?

Others have answered but what you can safely change is the dns, ahadns is pretty nice because it uses oisdb as default or any other free public unencrypted dns or encrypted if your router supports it

Like others said, is easier on the clients side if you can control which clientem uses the VPN. I have windscribe running on my server but inside a namespace with Transmission for torrents.

Thanks for the detailed response. I’m now more hesitant to set this up at the router level because I doubt my ASUS RT-AC68U router could maintain speed while handling OpenVpn encryption. Maybe I could flash a firmware that supports Wireguard and get better results. Maybe I could get a new router. But my needs are not so pressing as to merit such effort at this time.

I like this idea for policy routing selectively compared to my approach of send all down the tunnel minus ones defined by an alias. Got some research to do now

but I think it was too much for the router and the connection kept dropping until I restarted it.

Ye… most router are made for Lightweight processing and some spikes.

My router Overheats in the summer allways and i fixed it with buying a PC case fan which can be powered via usb and put it beneath it on slowest setting thats plenty of cooling for it.

I’ve used it on a 10 year old buffalo router running DD-WRT with no problems.

Also now have an ASUS AX86U Pro running ASUSWRT-Merlin, and it works very well using the wireguard option.

My router is the ASUS RT-AC68U.

Like u/skateguy1234 I run Merlin (the Gnuton variety in my case) on my ASUS router.

Have configured two wireguard VPNs on it that run concurrently. All devices connect via the 2nd VPN, unless I have defined a rule for a device to connect to the 1st VPN or to connect directly (no VPN).

The ad / malware blocking in Windscribe runs at server level, so is equally applied to WS router configurations.

Flash the latest Merlin firmware, it’s easy. If for some reason it bricks (it won’t), ASUS has a nice and easy to use firmware reset tool. https://www.asus.com/support/faq/1000814/

I think you will be more than fine with this router and be surprised at how much overhead you have left after running the VPN.

I will say I’ve never ran more than one device through the VPN when doing so though.