{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreih5ejb7fhga4skc32ishjehvy7pgaq7yetyfmhpm5edbrnaejvq3y",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mmtipin3rkq2"
  },
  "path": "/t/any-more-innovation-on-using-a-vpn-on-a-router/38132#post_9",
  "publishedAt": "2026-05-27T11:56:11.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "polyester_apricot650:\n\n> Would you guys agree that using these VPNs at the router level may be less feature-rich and potentially less private and secure at the router level?\n\nMullvad’s DAITA multihop, QUIC, LWO obfuscation are indeed vendor locked in. iVPNs V2Ray is vendor agnostic, but no user friendly way of setting up a router exists, so yeah, i’d agree. The good news are, they’re in the process of developing an OpenWRT package.\n\nSecurity wise, even stock settings OpenWRT has a large attack surface for an attacker\n\n\n     * **dnsmasq:** backport six upstream CVE-fix patches to dnsmasq 2.91:\n\n      * CVE-2026-2291: heap buffer overflow in DNS domain-name handling.\n\n      * CVE-2026-4890 / CVE-2026-4891: DNSSEC crashes via crafted NSEC bitmaps / RRSIG packets.\n\n      * CVE-2026-4892: buffer overflow on large DHCPv6 CLIDs (only with `--dhcp-script`).\n\n      * CVE-2026-4893: broken EDNS Client Subnet validation.\n\n      * CVE-2026-5172: buffer overflow in `extract_addresses()` on crafted resource records.\n",
  "title": "Any more innovation on using a VPN on a router?"
}