Hello, I have a question about setting up a VPN on a home wifi network. How it looks today: - I use nordVPN, but I have a vpn application installed on each of the end devices (smartphones and laptops) - Internet access is provided by netia (optical fiber) using the Huawei HG8245Q Router ONT...

Why do you need this VPN. Does it make sense for television and watching foreign programs, and for the rest?

Having a VPN client. But the VPN itself is already cutting bandwidth, and you want it on your router, then cheap toys are too weak to handle it. How much money do you expect for it?

I have access to NordVPN for 3 years and as for the bandwidth, I am very pleased. I watch tv, use torrents and the bandwidth loss is minimal, same for iPhone. This can also be seen on the speed test. I know the device is going to have a vpn client, but my point is is it supposed to be a modem_router or maybe just a router that will connect to my modem? Or maybe accel point? I do not really understand this nomenclature, hence the questions. In fact, I can spare two hundred dollars. If there will be less, also OK ;) regards, If you have any specific device models in mind, please enter the names. I will be obliged.

It must be a router with a VPN client. Nord himself points out such equipment And here's a video on how to do it on cheaper equipment (but read the comments under the video):

I would rather buy Mikrotik. It will be more flexible in configuration. It can be especially useful to work as a router on a stick *, ie you use only one port, set the IP from the same pool as Huawei and clients. who need a VPN, indicate the MT address as the gateway, others can use Huawei directly. Packets going to MT are encapsulated and sent out to the world via an edge router. Such a solution will not create multiple NATs and there will be no problems, for example, with the console and online gaming, movies via DLNA, VoIP and other services.

Further questions from the technical series. 1) Is an ethernet cable plugged into the current netii modem router to the LAN socket and the same to the LAN socket in the new router (or to the blue WAN socket) enough to start the router? 2) do I have to turn off the router (routing) options on Netia hardware or can I use wifi on both devices? (with encrypted vpn on new router and usually connection on netia)? Thanks in advance !

If you are making a router on a stick, then the cable is connected to the LAN port of the Netia router and one MT port. in MT and other more advanced devices there is no distinction between LAN / WAN ports. What role a given port plays depends on its configuration. In this case, the port will have a dual function, both LAN and WAN.

Is there something I don't know about? MT has been supporting IKEv2 for quite a long time (although it was a tragedy at the beginning). Even NordVPN gives you an official guide:

The same passwords as router, acces point, vpn IKE .. - I get it, the same MT (Mikrotik) or router on a stick is a complete blast. How does connecting this wonder to the netia router and subsequent configuration look like?

[Solved] Setting Up NordVPN on Home WiFi Network with Netia Fiber & Huawei HG8245Q Router ONT Combo

sapporo1985 8991 13

Treść została przetłumaczona

Zobacz oryginalną wersję tematu

Report a violation of the law

| New topic

#1 18287217 19 Nov 2019 09:42

sapporo1985 sapporo1985

Level 7

Posts: 11
» | Topic author

Post #1
18287217 19 Nov 2019 09:42

Hello,
I have a question about setting up a VPN on a home wifi network.
How it looks today:
- I use nordVPN, but I have a vpn application installed on each of the end devices (smartphones and laptops)
- Internet access is provided by netia (optical fiber) using the Huawei HG8245Q Router ONT Combo equipment.

I would like to use a VPN but on all devices in the house and without installing the app on every device.
I would like the VPN to be configured on the router (?) So that every device connected to the router uses the VPN directly

I know my netia modem / router doesn't support VPN. What device should I buy so I can set up a VPN? I would also like this solution to be minimal in terms of costs.

I will be grateful for your help.
AND.
ADVERTISEMENT
#2 18287632 19 Nov 2019 14:37

IC_Current IC_Current

Network and Internet specialist

Posts: 9093

Help: 1493

Rate: 2491
» | Helpful post? (0)

Post #2
18287632 19 Nov 2019 14:37

Why do you need this VPN. Does it make sense for television and watching foreign programs, and for the rest?

Helpful post? Buy me a coffee.
#3 18289167 20 Nov 2019 07:54

KOCUREK1970 KOCUREK1970

Network and Internet specialist

Posts: 35131

Help: 3786

Rate: 5326
» | Helpful post? (0)

Post #3
18289167 20 Nov 2019 07:54

sapporo1985 wrote:
What device should I buy so I can set up a VPN?

Having a VPN client.

sapporo1985 wrote:
I would also like this solution to be minimal in terms of costs.

But the VPN itself is already cutting bandwidth, and you want it on your router, then cheap toys are too weak to handle it.

How much money do you expect for it?
#4 18292720 21 Nov 2019 20:33

sapporo1985 sapporo1985

Level 7

Posts: 11
» | Topic author Helpful post? (0)

Post #4
18292720 21 Nov 2019 20:33

I have access to NordVPN for 3 years and as for the bandwidth, I am very pleased. I watch tv, use torrents and the bandwidth loss is minimal, same for iPhone. This can also be seen on the speed test.

I know the device is going to have a vpn client, but my point is is it supposed to be a modem_router or maybe just a router that will connect to my modem? Or maybe accel point? I do not really understand this nomenclature, hence the questions.
In fact, I can spare two hundred dollars. If there will be less, also OK ;)

regards,

If you have any specific device models in mind, please enter the names. I will be obliged.
ADVERTISEMENT
#5 18292932 21 Nov 2019 21:41

KOCUREK1970 KOCUREK1970

Network and Internet specialist

Posts: 35131

Help: 3786

Rate: 5326
» | Helpful post? (0)

Post #5
18292932 21 Nov 2019 21:41

sapporo1985 wrote:
should it be modem_router or maybe just a router that will connect to my modem? Or maybe accel point?

It must be a router with a VPN client.
Nord himself points out such equipment
https://www.flashrouters.com/vpn-types/nordvpn#a_aid=123456
And here's a video on how to do it on cheaper equipment (but read the comments under the video):
https://www.youtube.com/watch?v=-nSkgU1l6k0
#6 18293281 22 Nov 2019 05:28

IC_Current IC_Current

Network and Internet specialist

Posts: 9093

Help: 1493

Rate: 2491
» | Helpful post? (+2)

Post #6
18293281 22 Nov 2019 05:28

I would rather buy Mikrotik. It will be more flexible in configuration. It can be especially useful to work as a "router on a stick *", ie you use only one port, set the IP from the same pool as Huawei and clients. who need a VPN, indicate the MT address as the gateway, others can use Huawei directly. Packets going to MT are encapsulated and sent out to the world via an edge router. Such a solution will not create multiple NATs and there will be no problems, for example, with the console and online gaming, movies via DLNA, VoIP and other services.

Helpful post? Buy me a coffee.
#7 18293795 22 Nov 2019 12:41

sapporo1985 sapporo1985

Level 7

Posts: 11
» | Topic author Helpful post? (0)

Post #7
18293795 22 Nov 2019 12:41

Further questions from the "technical" series.
1) Is an ethernet cable plugged into the current netii modem router to the LAN socket and the same to the LAN socket in the new router (or to the blue WAN socket) enough to start the router?
2) do I have to turn off the "router" (routing) options on Netia hardware or can I use wifi on both devices? (with encrypted vpn on new router and usually connection on netia)?

Thanks in advance !
#8 18294141 22 Nov 2019 16:17

IC_Current IC_Current

Network and Internet specialist

Posts: 9093

Help: 1493

Rate: 2491
» | Helpful post? (0)

Post #8
18294141 22 Nov 2019 16:17

If you are making a "router on a stick", then the cable is connected to the LAN port of the Netia router and one MT port. in MT and other more advanced devices there is no distinction between LAN / WAN ports. What role a given port plays depends on its configuration. In this case, the port will have a dual function, both LAN and WAN.

Helpful post? Buy me a coffee.
ADVERTISEMENT
#9 18294158 22 Nov 2019 16:25

szwagros szwagros

Level 33

Posts: 1835

Help: 231

Rate: 269
» | Helpful post? (0)

Post #9
18294158 22 Nov 2019 16:25

IC_Current wrote:
I would rather buy Mikrotik.

You won't run NordVPN on MT.
#10 18294514 22 Nov 2019 19:11

IC_Current IC_Current

Network and Internet specialist

Posts: 9093

Help: 1493

Rate: 2491
» | Helpful post? (0)

Post #10
18294514 22 Nov 2019 19:11

szwagros wrote:

IC_Current wrote:
I would rather buy Mikrotik.

You won't run NordVPN on MT.

Is there something I don't know about? MT has been supporting IKEv2 for quite a long time (although it was a tragedy at the beginning). Even NordVPN gives you an official guide:
https://support.nordvpn.com/Connectivity/Rout...0295132/Mikrotik-IKEv2-setup-with-NordVPN.htm

Helpful post? Buy me a coffee.
#11 18294646 22 Nov 2019 20:00

sapporo1985 sapporo1985

Level 7

Posts: 11
» | Topic author Helpful post? (0)

Post #11
18294646 22 Nov 2019 20:00

The same passwords as router, acces point, vpn IKE .. - I get it, the same MT (Mikrotik) or router on a stick is a complete blast. How does connecting this wonder to the netia router and subsequent configuration look like?
#12 18294712 22 Nov 2019 20:29

IC_Current IC_Current

Network and Internet specialist

Posts: 9093

Help: 1493

Rate: 2491
» | Helpful post? (0)

Post #12
18294712 22 Nov 2019 20:29

IC_Current wrote:
If you are making a "router on a stick", then the cable is connected to the LAN port of the Netia router and one MT port. in MT and other more advanced devices there is no distinction between LAN / WAN ports. What role a given port plays depends on its configuration. In this case, the port will have a dual function, both LAN and WAN.

So you connect one cable to the Netia router. You can also two. Configuration will be difficult (very difficult) if concepts like router on a stick are abstract to you.

Helpful post? Buy me a coffee.
#13 18295640 23 Nov 2019 12:51

szwagros szwagros

Level 33

Posts: 1835

Help: 231

Rate: 269
» | Helpful post? (+1)

Post #13
18295640 23 Nov 2019 12:51

IC_Current wrote:
Is there something I don't know about? MT has been supporting IKEv2 for quite a long time (although at the beginning it was a tragedy).

Not long ago, only since July this year. Previously, this was missing:

Quote:
ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator

I have not tried on the new software - maybe it will actually work.
ADVERTISEMENT
#14 18304619 27 Nov 2019 13:29

sapporo1985 sapporo1985

Level 7

Posts: 11
» | Topic author Helpful post? (0)

Post #14
18304619 27 Nov 2019 13:29

Thanks ! I am letting go of the VPN topic for the moment, but I will definitely come back to it.
Create an account, log in here and be active on the forum — ads won't appear. Earn points for registering and replying.

Install Elektroda application

Didn't find an answer? Ask Artificial Intelligence

*I agree to send the question to OpenAI, Anthropic PBC, Perplexity AI, Inc., Kagi Inc., Google LLC - owners of language models in order to prepare the best response. The companies may monitor and log information entered into the form.

*I agree to publicly display my question and answer. The question and answer will be publicly available to everyone. The process may take a few minutes. Upon completion, you will be redirected to the page with the answer.

Wait...(2min)

| New topic

Report a violation of the law

Topic summary

✨ The discussion revolves around setting up NordVPN on a home WiFi network using a Netia fiber connection and a Huawei HG8245Q router. The user seeks a solution to implement VPN on all devices without installing individual applications. Responses suggest that the current Huawei router does not support VPN functionality, prompting recommendations for alternative devices. Suggestions include purchasing a router with a built-in VPN client, such as Mikrotik, which offers flexible configuration options. The conversation also covers technical aspects of connecting the new router to the existing Netia modem and configuring it for optimal performance, including the concept of "router on a stick." Users express concerns about bandwidth and the complexity of setup, with some sharing links to resources for further guidance.
Generated by the language model.

FAQ

TL;DR: For Netia fiber + Huawei HG8245Q users, whole‑home NordVPN works by adding a VPN‑client router. In July 2019 MikroTik gained IKEv2 EAP support; "ike2 - added support for EAP authentication methods..." Use router‑on‑a‑stick to avoid double NAT. [Elektroda, szwagros, post #18295640] Why it matters: You’ll secure every device without per‑app installs and sidestep gaming/DLNA issues from double NAT.

Quick Facts

You need a router with a VPN client, not just an access point. [Elektroda, KOCUREK1970, post #18292932]
Router‑on‑a‑stick uses one port and avoids multiple NAT that disrupts consoles, DLNA, and VoIP. [Elektroda, IC_Current, post #18293281]
On MikroTik, connect Netia LAN to any port; roles are configurable, not fixed WAN/LAN. [Elektroda, IC_Current, post #18294141]
MikroTik works with NordVPN via IKEv2; NordVPN even publishes a setup guide. [Elektroda, IC_Current, post #18294514]
Router‑based VPN reduces throughput; low‑end routers may struggle with encryption. [Elektroda, KOCUREK1970, post #18289167]

What gear do I need to run NordVPN on my whole home network?

You need a router that can act as a VPN client. Put it behind the Huawei HG8245Q. MikroTik routers fit because they support IKEv2. Do not buy only an access point. It lacks routing features you need. "It must be a router with a VPN client." After setup, every device connected to that router uses the VPN automatically. You can also keep the original Netia Wi‑Fi for non‑VPN devices. [Elektroda, KOCUREK1970, post #18292932]

Does my Huawei HG8245Q support a VPN client?

The HG8245Q, as supplied by Netia, does not provide a built‑in VPN client. Add a downstream router that supports VPN. Keep the HG8245Q as your ONT and primary gateway. [Elektroda, sapporo1985, post #18287217]

Should I buy a modem‑router combo or only a router?

Buy a router, not a modem‑router combo, for this setup. The HG8245Q already handles access to the fiber network. Your new router must include a VPN client. It sits behind the HG8245Q and handles encrypted traffic. [Elektroda, KOCUREK1970, post #18292932]

How do I wire the new router—LAN‑to‑LAN or LAN‑to‑WAN?

Connect a cable from a LAN port on the Netia router to one MikroTik port. MikroTik assigns roles by configuration, so ports are not fixed as LAN or WAN. That single port can act as your LAN access and WAN uplink. This approach is called router‑on‑a‑stick. [Elektroda, IC_Current, post #18294141]

Do I need to disable routing or Wi‑Fi on the Netia device?

You can leave routing enabled on the Netia device. Use a router‑on‑a‑stick design to steer only selected clients through VPN. Give the MikroTik an IP in the same subnet as Huawei and clients. Point VPN devices to the MikroTik gateway and others to the Huawei gateway. This avoids double NAT and keeps consoles, DLNA, and VoIP working. [Elektroda, IC_Current, post #18293281]

Can MikroTik actually run NordVPN?

Yes. MikroTik supports IKEv2 with EAP, which NordVPN uses for routers. "Even NordVPN gives you an official guide." Follow that guide to create the tunnel and routes. Use your MikroTik as the VPN endpoint and gateway for selected devices. [Elektroda, IC_Current, post #18294514]

Is this configuration hard for a beginner?

It can be challenging. If "router on a stick" feels abstract, expect a steep curve. "Configuration will be difficult (very difficult)." Consider preconfigured gear or help from a specialist to reduce errors. [Elektroda, IC_Current, post #18294712]

How do I set up router‑on‑a‑stick for selective VPN routing?

Use this quick flow to build selective VPN via router‑on‑a‑stick:

Cable Netia LAN to one MikroTik port, and set that port’s IP within Huawei’s pool.
On devices needing VPN, set the MikroTik address as their default gateway.
Create the VPN tunnel on MikroTik and route those devices through it. [Elektroda, IC_Current, post #18293281]

Which VPN protocol should I use on MikroTik?

Use IKEv2 with EAP on MikroTik. RouterOS added EAP methods for IKEv2 in July 2019. "ike2 - added support for EAP authentication methods" enabled NordVPN authentication. Update RouterOS, then configure IKEv2 for your tunnel. [Elektroda, szwagros, post #18295640]

How much should I budget for a VPN‑capable router?

A practical budget is about $200, as the original poster planned. That sum can cover a capable consumer router with VPN client support. Confirm features and expected throughput before buying. [Elektroda, sapporo1985, post #18292720]

Will a router‑based VPN reduce my Internet speed?

Yes. Running VPN on the router reduces throughput compared to raw fiber speeds. "The VPN itself is already cutting bandwidth, and cheap toys are too weak." Choose hardware with enough CPU to handle encryption. [Elektroda, KOCUREK1970, post #18289167]

Can I keep two Wi‑Fi networks: one through VPN, one direct?

Yes. Keep Netia and MikroTik Wi‑Fi enabled with separate SSIDs. Join the MikroTik SSID for encrypted traffic. Join the Netia SSID for direct traffic. This split keeps services stable while letting you choose per device. [Elektroda, IC_Current, post #18293281]

What happens if I use LAN‑to‑WAN and create double NAT?

Double NAT can break services and complicate port forwarding. It often affects consoles, DLNA, and VoIP. Router‑on‑a‑stick avoids this by keeping a single NAT edge. Use the MikroTik as a selective gateway instead of nesting routers. [Elektroda, IC_Current, post #18293281]

Where can I find compatible router models for NordVPN?

NordVPN highlights compatible router models through its partner list. Use that list if you prefer preconfigured hardware and support. It can reduce setup time and troubleshooting. [Elektroda, KOCUREK1970, post #18292932]

Can I use an access point instead of a router?

No. An access point cannot terminate and route a provider VPN for all devices. You need routing and a VPN client in the device. "It must be a router with a VPN client." [Elektroda, KOCUREK1970, post #18292932]

Generated by the language model.