I don’t want to write an article on how to set up a VPN as there are thousands of them on the Internet each for different tastes and specific needs. Today I just want to talk about just a few simple things that bring a lot of misunderstandings and tons of questions (even from geeks). VPN client can be installed on almost any access point Even with very old access point you can get an upgrade or install the desired package. For example, for my old Zyxel Keenetic Ultra, I was able to find an unofficial update that contained a lot of useful things, including the client. OpenVPN For your access point, there may also be a firmware available for free download. If you have initially set up all the access points for working with VPN, then life as a whole becomes much easier. VPN allows to selectively route traffic You only need to know the address of the subnet you want to connect to using a VPN. Then you add\update the list of these networks on your VPN server, the client receives them and starts to drive only the necessary\specified traffic through a VPN. The rest of traffic goes directly and without VPNs. Important: there are many guides and instructions, after following which you route 100% of your traffic through a VPN. This is often slow, expensive, and you hardly need it all the time. Mobile devices For some reason, many people believe that VPN and mobile devices work by the principle: “All or Nothing.” No, it is not so. Even with iPhone, you can also drive only the necessary traffic through a VPN. Tor I would also like to add that, for reasons unknown to me, most people forget about , which also helps with similar tasks, and currently works stably and quickly. Tor My example As a simple home solution, I would recommend , where at the lowest cost I have an OpenVPN server running. Of course, you can choose any other hosting provider and VPN server. Google Compute Engine The clients for this server are present on my access point (the native client), on the laptop, and on the phone. (Android, the standard client, for some reason, refused to read the config, but the client from got installed and started). It works just fine, no complaints at all. Arne Schwabe I am much more confident in the security and durability of a personal server than any free or even paid one. I am able to control everything here including possible . I believe it will always be up and running without downtimes, there is no reason to believe the opposite (well, except that the huge range of Google addresses , but changing the server’s IP address is pretty easy). virus penetration attempts get blocked Bellow, I am providing my client setup example (of course, without keys). The server and client were set up within several hours in the evening, despite the fact that this is my first experience deploying OpnVPN. Configuring the client Certificates can be added directly to the configuration file to feed it smoothly to the access point or phone: client dev tun proto udp remote YOUR_SERVER_IP 1194 resolv-retry infinite nobind persist-key persist tun verb 3 <ca> PUT YOUR CA CERTIFICATE HERE </ ca> <cert> PUT YOUR CERTIFICATE HERE </ cert> <key> PUT YOUR PRIVATE KEY CERTIFICATE HERE </ key> key-direction 1 <tls-auth> PUT YOUR STATIC KEY CERTIFICATE HERE </ tls-auth> I am using almost default server settings. Just one thing — I added there — so that only the necessary traffic goes through a VPN: pushes It looks like this: push “route x.x.x.x 255.255.255.255” push “route x.x.x.0 255.255.255.0” That’s it. All the best!