Can I print if PIA is running on the router?

I have a printer I plan to connect to my router via Ethernet cable. This allows any other device connected to the router to send print jobs to the printer. I also know that printing still works even if I'm connected to a VPN via a VPN software client on a PC.

But what if the VPN is running on the router itself, via customized firmware like Tomato or DD-WRT? Would I still be able to send print jobs or would there be a problem?


  • Posts: 863
    It should work just fine! As you'll be running the VPN on your router, your computer and your printer will both be on the same physical network. The VPN will effectively only replace the WAN side of things on your router so everything local will continue working just fine. This is only an issue sometimes when running the VPN on a computer depending on the firewall rules and whether the killswitch is enabled or not.

    Fun fact, most consumer routers are made of an embed computer that's internally connected to a hardware switch. So the router could literally crash and local traffic would continue as if nothing happened because it only traverses the switch. Only the Internet traffic and services provided by the router itself actually go through the processor. So a VPN running on your router is extremely unlikely to affect anything that runs locally.
  • Thanks for helping a newbie out! I was nervous about committing to buying a router until I was sure it wouldn't prevent printer access.

    I wanted to follow up on this a bit. Let's say I have 2 routers. Router 1 is right behind the modem, and router 2 is right behind router 1. Presumably, if I connect a printer to router 2, I can't print to it from any device connected to router 1 because of NAT. But what if I have a printer connected to router 1? Should I be able to print to it from a device connected to router 2 if router 2 is running a VPN but router 1 isn't?

    I wanted to check this because I had trouble accessing my ISP's router from a router connected behind the ISP's router. This is even without any VPNs on either router.
  • Posts: 863
    But what if I have a printer connected to router 1? Should I be able to print to it from a device connected to router 2 if router 2 is running a VPN but router 1 isn't?

    This one is a bit more tricky. In this situation it should work without the VPN because router 2 will just forward to router 1 which will understand. But with the VPN on router 2 that becomes problematic because it essentially replaces the WAN with PIA, so that will hide everything on router 1.

    If router 2 is flexible enough to let you add custom routes, you can probably fix that by re-adding the route but any auto detection will still be broken. You could also bridge the WAN but filter DHCP so both routers don't conflict with eachother. A really cool setup (and probably simpler) you could do if you run LEDE/OpenWRT/DD-WRT/pfSense on your main router, is do some magic with the firewall to selectively pick which internal IPs (or MAC addresses) go to the VPN and which doesn't.

    In fact, it's possible to do that with a single router running the VPN on another device on the network. As long as that device is configured to forward traffic to the VPN, it's just a matter of having your DHCP server tell the clients to use that IP as their default gateway. I used to run DHCP, DNS and VPN on my Raspberry Pi but since I had 300 Mbps Internet and the Pi only has a 100M port I didn't want everything to go through it as it would be a huge bottleneck. So I just made the Pi tell clients to use the ISP's router as their default route but set itself as the DNS server and the default gateway for specific devices which it would route through the VPN. All on the same WiFi access point, no problem. It can get messy really fast tho, so I would recommend making sure you fully understand what you're doing before getting into it!

    The easiest method would be to just run the VPN on the devices themselves whenever possible, or only put those that can't be configured on their own behind the VPN device as they likely won't need to print either. Make sure to research how well that router performs on OpenVPN before buying it as most routers depend on hardware acceleration for everything and have fairly slow processors.

  • Running VPN on the devices themselves is not an option because some of the people I want to protect don't know how to use a VPN. I want the whole thing to be transparent to them. I also want them to be able to print without any problems.

    I am interested in that firewall option you mentioned because it would allow me to exclude myself and switch on/off the VPN at will; there are some applications for which I would not want to use the VPN. How can I make it happen on DD-WRT?
Sign In or Register to comment.