Keenetic routers are among the best for setting up VPN in your home network. They support modern protocols and allow protecting all devices simultaneously. Let’s go through the setup step by step.
Advantages of VPN on Router
| Advantage | Description |
|---|---|
| All devices | Smart TV, consoles, IoT - everything protected |
| Set up once | No need to install clients on each device |
| Transparent | Devices don’t know about VPN |
| Always on | VPN works 24/7 |
Supported Protocols
| Protocol | Keenetic | Speed | Masking |
|---|---|---|---|
| WireGuard | ✓ | Very High | Low |
| OpenVPN | ✓ | Medium | Medium |
| SSTP | ✓ | Medium | Medium |
| L2TP/IPsec | ✓ | Low | Low |
| VLESS (sing-box) | ✓* | High | Excellent |
*VLESS requires installing Entware and sing-box.
Method 1: WireGuard (Simple)
WireGuard is the fastest protocol. Suitable for protecting your home network.
Step 1: Enable WireGuard
- Open my.keenetic.net
- Management → General settings → Change component set
- Find WireGuard VPN → Install
- Reboot router
Step 2: Create Connection
- Internet → Other connections → WireGuard
- Click Add connection
- Enter name (e.g., “VPN”)
Step 3: Import Configuration
Get WireGuard configuration from provider. It looks like this:
[Interface]
PrivateKey = your_private_key
Address = 10.0.0.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = server_public_key
Endpoint = server.example.com:51820
AllowedIPs = 0.0.0.0/0
Fill in Keenetic fields:
- Private key: from [Interface] PrivateKey
- Address: from [Interface] Address
- Peer public key: from [Peer] PublicKey
- Peer address: from [Peer] Endpoint
- Allowed subnets: 0.0.0.0/0
Step 4: Configure Routing
- Network → Routing
- Add route:
- Type: Route to network
- Network address: 0.0.0.0
- Mask: 0.0.0.0
- Interface: your WireGuard connection
Step 5: Enable and Verify
- Activate connection
- Check IP on network devices (should change)
Method 2: VLESS via Entware (Advanced)
VLESS provides excellent traffic masking and works well in public networks.
Requirements
- Keenetic with USB port
- USB drive (4+ GB flash drive)
- Basic command line knowledge
Step 1: Install Entware
- Format flash drive to ext4
- Insert into router
- Management → General settings → Change component set
- Install Entware package environment
- Reboot router
Step 2: Connect via SSH
ssh admin@192.168.1.1
Step 3: Install sing-box
opkg update
opkg install sing-box
Step 4: Create Configuration
nano /opt/etc/sing-box/config.json
VLESS configuration example:
{
"inbounds": [
{
"type": "tun",
"interface_name": "tun0",
"inet4_address": "172.19.0.1/30",
"auto_route": true,
"strict_route": true
}
],
"outbounds": [
{
"type": "vless",
"server": "your-server.com",
"server_port": 443,
"uuid": "your-uuid",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "your-server.com",
"reality": {
"enabled": true,
"public_key": "your-public-key",
"short_id": "your-short-id"
}
}
}
]
}
Step 5: Start sing-box
/opt/etc/init.d/S99sing-box start
Step 6: Configure Autostart
sing-box will start automatically after installation through Entware.
Selective Routing
You can route only specific devices or sites through VPN.
Only Specific Devices
- Create Device group in Keenetic
- Assign VPN connection as gateway for this group
- Add needed devices to the group
Only Specific Sites
In sing-box use routing rules:
{
"route": {
"rules": [
{
"domain_suffix": [".youtube.com", ".googlevideo.com"],
"outbound": "vless"
}
]
}
}
Performance
| Keenetic Model | WireGuard | OpenVPN | sing-box |
|---|---|---|---|
| Viva (KN-1910) | ~150 Mbps | ~30 Mbps | ~100 Mbps |
| Giga (KN-1010) | ~300 Mbps | ~50 Mbps | ~150 Mbps |
| Ultra (KN-1810) | ~400 Mbps | ~80 Mbps | ~200 Mbps |
| Peak (KN-2710) | ~800 Mbps | ~150 Mbps | ~400 Mbps |
Problems and Solutions
| Problem | Solution |
|---|---|
| VPN won’t connect | Check configuration |
| No internet after VPN | Check routing |
| Low speed | Try different server |
| Entware won’t install | Reformat flash drive to ext4 |
FAQ
Which Keenetic supports VPN?
All modern models. For sing-box, USB port is needed (Viva and above).
WireGuard or VLESS?
WireGuard is faster and simpler to set up. VLESS provides better masking. Choose based on your needs.
Will internet speed drop?
Yes, by 10-50% depending on protocol and router model.
Summary
Keenetic is an excellent choice for VPN on router. WireGuard is easy to set up, VLESS via Entware provides maximum protection. Choose based on your needs.
Tainet provides configurations for WireGuard and VLESS optimized for Keenetic.
