Setup vpn on edgerouter x is a practical task for anyone who wants safe remote access to home or office networks. Quick fact: a properly configured VPN on an EdgeRouter X can dramatically improve your security posture without slowing down your internet connection. Here’s a concise, user-friendly guide to get you started, plus tips to optimize performance and keep things secure.

• Quick start checklist

  • Verify your EdgeRouter X model and firmware
  • Decide on VPN type IPsec, OpenVPN, or WireGuard
  • Gather required credentials and certificates
  • Back up current configuration before making changes
  • Test the VPN locally before exposing it to the internet

• Step-by-step overview

  1. Prepare your EdgeRouter X: reset or back up, update firmware
  2. Choose a VPN protocol that fits your needs
  3. Configure server-side settings on the EdgeRouter X
  4. Add firewall rules and NAT settings
  5. Install and configure the client on your remote device
  6. Validate the connection and monitor logs
  7. Maintain the setup with periodic updates

• Useful resources and references

  • Apple Website – apple.com
  • OpenWrt Wiki – openwrt.org
  • EdgeRouter X product page – ubnt.com
  • WireGuard official – www.wireguard.com
  • IPsec RFCs – tools.ietf.org
  • Reddit networking thread – reddit.com/r/HomeNetworking

Why choose EdgeRouter X for a VPN

EdgeRouter X is a compact, budget-friendly router with solid performance for small networks. It runs EdgeOS, a fork of Vyatta/VyOS, which provides a familiar CLI and robust options for VPNs. Key benefits include:

• Good throughput for a home setup often 100–150 Mbps VPN when using lightweight ciphers
• Flexible firewall and NAT rules, great for segmenting VPN clients from your LAN
• Low power consumption and easy mounting in a small rack or cabinet

VPN options for EdgeRouter X

IPsec

IPsec is a tried-and-true standard. It’s compatible with many devices and works well with dynamic DNS setups. Pros: stable, native support on most devices. Cons: setup can be fiddly, especially with shared keys and certificates.

OpenVPN

OpenVPN is very versatile and widely supported. It’s straightforward to set up on many clients Windows, macOS, Linux, Android, iOS. Pros: strong cryptography, easy client compatibility. Cons: can be slightly slower than WireGuard on some hardware.

WireGuard

WireGuard is the newer kid on the block, praised for speed and simplicity. Pros: excellent performance, easy configuration, strong security. Cons: still catching up in some enterprise-grade features and device support in older clients.

Prerequisites and planning

• Internet-facing IP or dynamic DNS: You’ll need a public IP or a dynamic DNS hostname to reach your EdgeRouter X from outside your network.
• Port forwarding: VPN servers require specific ports to be reachable. IPsec often uses UDP 500 and 4500, OpenVPN uses UDP 1194 by default, WireGuard uses UDP 51820.
• Certificates or shared keys: For OpenVPN and IPsec, you’ll need either certificates or pre-shared keys; WireGuard uses public/private keys.
• Static LAN assignment: Decide what IP range you’ll allocate to VPN clients to avoid overlaps with your LAN.

Step-by-step setup example: OpenVPN on EdgeRouter X

Note: If you prefer IPsec or WireGuard, the commands differ but the concepts are similar. Secure access service edge gartner 2026

1 Firmware and backup

• Check the EdgeRouter X firmware version and update if needed.
• Backup current configuration: System > Backup Config or via the CLI.

2 Install OpenVPN package if applicable

• EdgeRouter X typically ships with OpenVPN support in EdgeOS. If your firmware doesn’t include it, you may need to install via custom packages or upgrade to a version that includes OpenVPN.

3 Generate server and client certificates

• Use a trusted CA or set up your own lightweight CA within your network.
• Create server certificate and private key, then generate client certificates.

4 Configure OpenVPN server on EdgeRouter X

• Create a VPN server instance with a unique subnet for VPN clients, e.g., 10.8.0.0/24.
• Specify the cipher suite and TLS authentication parameters.
• Enable compression carefully note: some configurations disable it for security.

5 Firewall and NAT rules

• Allow VPN port inbound UDP 1194 by default.
• Create a firewall rule to allow VPN traffic to the VPN interface.
• Set NAT to masquerade VPN client traffic as the EdgeRouter X’s WAN IP.

6 Client configuration

• Export the OpenVPN client profile or create.ovpn file with embedded certificates.
• Import into your VPN client on Windows, macOS, iOS, Android, or Linux.
• Test the connection from a device on a different network.

7 Testing and validation

• Connect remotely and verify you can reach LAN resources printer, NAS, local servers.
• Check traffic routing with traceroute/ping to internal addresses.
• Review EdgeOS logs for errors and adjust as needed.

Security hardening tips

• Use strong authentication: 2048+ bit RSA or Ed25519 certificates for OpenVPN; strong pre-shared keys for IPsec.
• Enforce TLS 1.2/1.3 and disable legacy ciphers.
• Disable VPN access for users who don’t need it; use per-user certificates if possible.
• Rotate keys and certificates regularly.
• Use a separate VLAN or subnet for VPN clients to isolate them from critical LAN resources.
• Keep EdgeRouter X firmware up to date with security patches.
• Enable logging and monitor VPN activity for unusual patterns.

Performance optimizations

• Choose a lighter encryption profile if your router CPU becomes a bottleneck e.g., in WireGuard, use modern algorithms like ChaCha20-Poly1305.
• Avoid pushing all LAN traffic through the VPN unless needed split tunneling. Implement policy-based routing to route only necessary subnets via VPN.
• Enable hardware offloading if your device supports it for VPN encryption tasks.
• Ensure your WAN bandwidth is sufficient to handle VPN traffic without saturating your link.

Network diagram and example setup

• Internet -> EdgeRouter X WAN -> OpenVPN server on EdgeRouter X -> VPN clients remote devices
• VPN clients receive an IP in 10.8.0.0/24
• VPN clients access LAN resources via routing rules

Table: Common ports and protocols

• OpenVPN: UDP 1194
• IPsec/IKEv2: UDP 500, UDP 4500, ESP
• WireGuard: UDP 51820

Troubleshooting quick tips

• If clients can connect but cannot access LAN, double-check routing and NAT rules.
• If DNS resolution fails, push or configure a local DNS server for VPN clients.
• If you see frequent disconnects, review MTU settings and reduce fragmentation.
• If the VPN is slow, test with different ciphers or switch to WireGuard if possible.

Advanced features worth exploring

• DNS over TLS for VPN clients to improve privacy
• Multi-hop VPN setup for extra privacy more complex, requires careful routing
• Guest VPN networks to separate devices like smartphones from critical equipment

Maintenance and updates

• Schedule periodic firmware checks monthly or quarterly.
• Reissue certificates on a schedule that fits your security policy e.g., annually.
• Review firewall rules and VPN access lists to remove stale entries.

Real-world usage examples

• Small home office with a NAS: you can securely access files remotely and sync backups without exposing NAS ports to the internet.
• Remote work with a single EdgeRouter X: employees can securely access internal resources while business devices stay protected behind the VPN.
• Travel-friendly setup: you can connect to your home network from a hotel or cafe, keeping your traffic encrypted.

Performance benchmarks typical

• OpenVPN on EdgeRouter X single core: around 40–80 Mbps depending on cipher and client OS
• WireGuard on EdgeRouter X: often 100–140 Mbps in typical home setups
• IPsec on EdgeRouter X: varies, commonly 50–90 Mbps depending on hardware and configuration

Best practices summary

• Pick the VPN protocol that balances compatibility and speed for your devices.
• Keep firmware and certificates up to date.
• Use strong authentication and isolate VPN clients on a separate network segment.
• Test regularly and adjust routing to optimize performance.

Frequently Asked Questions

What is the easiest VPN to set up on EdgeRouter X?

OpenVPN tends to be the most user-friendly due to broad client support and straightforward configuration steps, especially for mixed device ecosystems.

Can I run VPN on EdgeRouter X without a public IP?

Yes, you can use dynamic DNS and port forwarding to reach your EdgeRouter X from outside your network. Ensure your DNS name points to your public IP, and your firewall forwards the VPN port.

Should I enable split-tunneling?

If you want to minimize VPN traffic and keep your local internet direct, enable split tunneling. If you need all traffic encrypted, route all traffic through the VPN. Review urban vpn ekstensi chrome 2026

What happens if the VPN drops?

Set up a keepalive/heartbeat on the VPN client and server side. For OpenVPN, this can prevent long disconnects and auto-reconnect quickly.

How do I test VPN connectivity?

From a remote network, connect to the VPN and try accessing a LAN resource like a file share or printer. Use ping/traceroute to confirm routes.

How can I secure VPN access from brute-force attacks?

Use strong TLS certificates, disable weak ciphers, set up fail2ban-like protections if available, and limitVPN access by IP range if possible.

Can I run multiple VPNs on the same EdgeRouter X?

Yes, you can host multiple VPN servers OpenVPN, WireGuard, etc. but you’ll need careful port planning and routing rules to avoid conflicts.

What logging levels should I use for VPN?

Start with essential logging connection events, errors and enable verbose logs temporarily if you’re troubleshooting. Proxy settings in edge chromium 2026

How do I rotate VPN certificates?

Set a schedule e.g., annually to revoke old certificates and issue new ones, then push updates to all clients.

Do I need to back up VPN configurations separately?

Yes. Keep a backup of VPN server configs, keys/certificates, and client profiles in a secure location alongside your router backup.

Setup vpn on edgerouter x complete guide 2025: how to configure OpenVPN, IPsec, and WireGuard on EdgeRouter X for beginners

Yes, you can set up a VPN on EdgeRouter X. This guide breaks down the steps, options, and best practices so you can protect your home network, access resources remotely, and keep your traffic private without breaking the bank. We’ll cover the most reliable routes: OpenVPN for remote access, IPsec for site-to-site connections, and a note on WireGuard where supported. Think of this as your hands-on roadmap, with practical commands, configuration tips, and real-world gotchas from someone who runs a VPN at home too. If you’re after a quick, plug-and-play option while you learn, NordVPN often delivers solid performance and ease of use—check this deal:

Useful resources you’ll likely want to bookmark as you go:

• EdgeRouter X official docs – ubnt.com
• EdgeOS user guide – help.ubnt.com
• OpenVPN community and quick start – openvpn.net
• Dynamic DNS options for a stable remote address – no-ip.com, duckdns.org
• General VPN education and best practices – en.wikipedia.org/wiki/Virtual_private_network

Introduction: what you’ll learn in this setup guide Setup vpn extension microsoft edge 2026

• Start by understanding why EdgeRouter X is still a solid choice for VPNs in 2025: excellent hardware at its price point, straightforward EdgeOS firewalling, and decent throughput for typical home use.
• Explore three main VPN paths you can implement on EdgeRouter X: OpenVPN Remote Access, IPsec Site-to-Site, and a note on WireGuard where available.
• Get a practical, step-by-step workflow to set up OpenVPN for remote access with client configs that work on Windows, macOS, iOS, and Android.
• Learn how to secure your EdgeRouter X, optimize tunnel performance, and avoid common misconfigurations that can expose your network.
• Walk through real-world tips: how to choose a tunnelSubnet, how to push DNS and gateway settings to clients, how to verify connection integrity, and how to troubleshoot connection drops.
• End with a detailed FAQ that addresses common questions, caveats, and small-edge cases you’ll probably encounter.

What makes EdgeRouter X a compelling VPN host in 2025

• Cost-to-performance: EdgeRouter X remains one of the most affordable, capable routers that support full EdgeOS customization. For many home setups, it provides a robust platform to run a VPN server without needing a dedicated appliance.
• OpenVPN popularity and security: OpenVPN still dominates in many home and small-office environments due to broad client support, mature security options, and strong community documentation.
• IPsec for site-to-site bridging: If you’re connecting multiple sites or want a more “enterprise-like” tunnel between offices, IPsec offers strong negotiation standards and robust performance on capable hardware.
• WireGuard caveats: WireGuard is known for simplicity and speed, but EdgeRouter X hardware may require specific firmware and package support. If your firmware supports it, WireGuard can be a lightweight alternative, but OpenVPN and IPsec remain the most tested options on EdgeRouter X this year.

Prerequisites and planning before you start

• Firmware readiness: Ensure your EdgeRouter X is running the latest EdgeOS firmware compatible with your hardware. Back up your current config before making major changes.
• Static/public IP or dynamic DNS: For remote access, you’ll need a reachable address. If your home IP changes, pair EdgeRouter X with a dynamic DNS provider No-IP or DuckDNS are common choices.
• DNS and routing plan: Decide whether VPN clients should use your home network as their default gateway redirect all traffic or just access local resources. This choice affects push options and client config.
• Certificates and authentication: OpenVPN remote access requires a certificate authority and server certificate at minimum, plus client certificates if you want certificate-based client authentication. IPsec can be simpler on the surface but still benefits from proper pre-shared keys or certificates depending on your topology.
• Client hardware and OS variety: Plan for Windows, macOS, iOS, and Android clients. Each has slightly different steps for importing .ovpn or using built-in VPN clients.

OpenVPN remote access on EdgeRouter X: a practical, reliable path
Overview

• OpenVPN remote access lets each device outside your network connect securely to your home network. It’s robust, widely supported, and relatively easy to troubleshoot.

High-level workflow

• Create a CA, server certificate, and client certificates.
• Configure the OpenVPN server in EdgeOS with a tunnel network for example 10.8.0.0/24.
• Push necessary options DNS, gateway to clients.
• Create firewall rules to allow VPN traffic UDP 1194 by default and NAT for VPN clients if needed.
• Export client configuration files or provide individual .ovpn profiles to everyone who needs access.

Step-by-step outline EdgeRouter X
Note: The exact commands and file locations can vary slightly depending on firmware, but the flow stays consistent. If you’re unfamiliar with TLS certs, you may want to generate them on a PC and then import to EdgeRouter, or use a small OpenVPN-ready USB key for testing. Set up vpn on edgerouter x 2026

1. Prepare the VPN certificates

• Create a CA, a server certificate, and a client certificate. You can do this on a PC with Easy-RSA, or you can generate them on the EdgeRouter if you’re comfortable with OpenSSL commands.
• Save the CA certificate and server certificate on the EdgeRouter in a secure path, e.g., /config/auth.

2. Configure the OpenVPN server on EdgeRouter X

• Access EdgeOS via SSH or the web UI.
• Enter the configuration mode and set up the VPN server:
  • VPN/OpenVPN: enable server
  • Server mode: remote access
  • VPN subnet: 10.8.0.0/24 or another private range
  • Protocol: UDP recommended for performance
  • Port: 1194 default
  • Cipher and TLS: use modern defaults AES-256-CBC or AES-256-GCM depending on firmware, TLS-auth/hmac key ta.key if you’re using TLS auth
  • Server certificate: path to server.crt
  • Server key: path to server.key
  • CA certificate: path to ca.crt
  • Client certificates: sign and distribute as needed
  • DNS: push DNS to VPN clients e.g., 1.1.1.1 or your home DNS
  • Redirect-gateway: decide if you want to route all traffic through VPN redirect-gateway def1
  • Keepalive and renegotiation: set ping and ping-restart to keep connections alive

3. Firewall and NAT

• Create rules to allow VPN traffic: allow UDP 1194 or your chosen port through the WAN to the OpenVPN server.
• Add a firewall rule to allow traffic from VPN clients to access the LAN if you want remote devices to reach local devices.
• If you’re using NAT for VPN clients, ensure you NAT the VPN subnet to the WAN interface so Internet access works for VPN clients.

4. Client configuration

• Create a client config .ovpn that includes the CA certificate, client cert, and client key, plus the server address, port, and protocol.
• Distribute the client config files to users, or provide an .ovpn file for import into common OpenVPN clients Windows, macOS, iOS, Android.
• Test from outside your network using a mobile network or a different Wi-Fi to confirm the VPN tunnel is active and routes as expected.

5. Testing and validation

• Verify the VPN tunnel is up by checking the EdgeRouter’s VPN status page or the system logs.
• Check that devices connected via VPN can ping internal resources and reach the Internet through the VPN if you pushed the redirect-gateway option.
• Ensure split tunneling or full tunneling behaves as intended by testing multiple client devices.

6. Maintenance and security practices

• Rotate TLS keys periodically and reissue client certificates if you suspect a compromised device.
• Restrict VPN client access by IP or MAC address where possible to reduce exposure.
• Keep EdgeRouter firmware up-to-date and review open VPN logs for anomalies.

IPsec on EdgeRouter X: site-to-site and remote access commentary

• IPsec is a strong, performant choice especially for site-to-site connections between two offices or networks. It’s also viable for remote access with a different client setup strongSwan or built-in EdgeOS IPsec client support in newer firmware.
• For site-to-site, you’ll typically configure a tunnel with a pre-shared key or certificates, match phase 1 and phase 2 algorithms, and define the left/right networks.
• For remote access via IPsec, you usually rely on a client that supports IPsec IKEv2 or Cisco AnyConnect-like behavior. OpenVPN remains the more universal remote-access choice on EdgeRouter X for most home users.

WireGuard on EdgeRouter X: what to know

• WireGuard offers simpler configuration and excellent performance. If your EdgeRouter X firmware supports WireGuard, you’ll typically enable a WireGuard interface, set private/public keys, assign a tunnel network e.g., 10.9.0.0/24, and add allowed IPs for clients.
• Caveat: WireGuard support varies by firmware version and hardware. If your EdgeRouter X doesn’t support WireGuard natively, you’ll want to rely on OpenVPN or IPsec.

Security considerations and best practices

• Use strong authentication: For OpenVPN remote access, use client certificates in addition to or instead of username/password when possible. If you must use a username/password, pair with TLS-auth or an additional layer such as a VPN portal with MFA.
• TLS and cipher choices: Favor AES-256 for bulk encryption and TLS 1.2 or higher. Disable older ciphers that are known to be weak.
• DNS leakage protection: Push a trusted DNS server to VPN clients to prevent DNS leaks that could reveal your activity on the public DNS layer.
• Kill-switch behavior: If you’re routing all traffic through VPN defgw redirect, ensure that a proper kill-switch is in place on clients to avoid accidental exposure if the VPN drops.
• Logging and privacy: Only enable necessary logs and store them securely. If you’re experimenting with routes, keep test logs separate from production traces.
• Firmware and backup: Regularly back up your EdgeRouter X configuration before major changes. Keep a backup of your OpenVPN/IPsec configuration, keys, and certificates in a secure offline location.

Common issues and troubleshooting tips

• VPN doesn’t connect from outside: Check port forwarding on your ISP modem/router. ensure your EdgeRouter X is directly exposed to the internet or properly double-NAT’d with appropriate port forwarding.
• DNS leaks: Make sure the VPN push DNS is active and that clients are using the VPN DNS rather than their ISP’s DNS resolver after connecting.
• Client authentication failures: Verify that the certificate chain is complete on both server and client sides. Reissue client certificates if needed.
• Connectivity within LAN via VPN is blocked: Review firewall rules and ensure VPN clients are allowed to access LAN resources. Confirm that the LAN’s subnet is reachable through the VPN route.
• Slower performance than expected: Check your VPN cipher settings, the server’s CPU load, and the MTU on the VPN tunnel. Adjust MTU if you see fragmentation or dropped packets.

Client setup quick-start: Windows, macOS, iOS, Android Proton vpn edgerouter 2026

• Windows/macOS: Install OpenVPN client, import the .ovpn profile or copy server cert, key, and CA into the client and configure manually. Connect and verify your IP shows as coming from your home network when the VPN is active.
• iOS/Android: Install OpenVPN Connect or a compatible client, import the .ovpn profile, and connect. It’s common to see a prompt requesting permission for VPN configuration. accept and proceed.
• Troubleshooting client devices: If a device fails to connect, recheck the server address, port, and protocol. Ensure the client’s time is synchronized. TLS can fail if clocks diverge significantly.

When to prefer EdgeRouter X VPN over buying a dedicated firewall appliance

• For a typical home user with a few devices, EdgeRouter X offers a cost-effective, flexible solution and allows you to experiment with OpenVPN, IPsec, and, if available, WireGuard.
• If you have high throughput requirements, a larger home network with many remote connections, or you want advanced VPN features with polished UI, you might consider a purpose-built firewall with integrated VPN management.

Data and market context: VPN adoption, security awareness, and performance expectations

• In recent years, the global VPN market has continued to grow as more people work remotely, seek privacy, and want secure access to home networks from public Wi-Fi. Analysts project steady growth driven by privacy concerns, streaming access needs, and enterprise security demands.
• A significant share of households now run their own VPN servers or use home-based VPN gateways to access resources securely while traveling. This trend is likely to continue as smart home devices proliferate and more services require secure remote access.
• The majority of VPN users still rely on OpenVPN or IPsec due to compatibility across devices, strong security profiles, and broad vendor support. WireGuard is gaining traction for its speed, but adoption on consumer routers varies by firmware and hardware compatibility.

Frequently Asked Questions

Frequently Asked Questions

Can I run a VPN server directly on EdgeRouter X?

Yes, EdgeRouter X supports OpenVPN and IPsec configurations, which let you host a remote-access VPN for clients or set up site-to-site tunnels. WireGuard may be available on newer firmware builds, but OpenVPN and IPsec remain the most reliable options on most EdgeRouter X setups.

Do I need a static IP for VPN access?

Not strictly. You can use dynamic DNS to map a changing public IP to a stable hostname, which your VPN clients use to connect. This is the most common setup for home networks. Planet vpn edge: the ultimate guide to Planet vpn edge features, performance, setup, pricing, security, and comparisons 2026

Which VPN protocol is best for EdgeRouter X?

OpenVPN for reliability and broad client support, IPsec for site-to-site or certain remote-access scenarios, and WireGuard if your firmware supports it and you prefer a simpler, faster setup.

How do I generate certificates for OpenVPN on EdgeRouter X?

You’ll typically generate a CA, a server certificate, and client certificates with OpenSSL or Easy-RSA on a separate machine, then import the resulting certificates and keys into EdgeRouter X. Some firmware images also support in-UI certificate creation.

How do I push DNS settings to VPN clients?

Configure the OpenVPN server to push DNS e.g., 1.1.1.1 or your local DNS resolver so connected clients use your chosen DNS provider while the VPN tunnel is active.

How can I test my VPN setup?

From a device outside your network, connect to the VPN and verify your external IP shows the home network or your chosen VPN exit, and test internal resource access pings to LAN devices, file shares, printers.

How do I ensure VPN traffic doesn’t leak?

Avoid split tunneling by routing all traffic through the VPN. If you need split tunneling, clearly define which resources go through VPN and which go directly to the internet, and test for DNS leakage. Proxy interfiriendo con vpn edge 2026

What firewall rules should I implement for VPN?

Allow inbound traffic on your VPN port UDP 1194 by default on the WAN interface, and create a rule to permit VPN clients access to the LAN or to the Internet, depending on your goals. Restrict access to authenticated clients where possible.

Can I use my existing router with EdgeRouter X for VPN?

Yes, many users place EdgeRouter X behind a primary router, using double NAT or bridging in a controlled way. Make sure you configure port forwarding on the primary router to forward VPN traffic to EdgeRouter X or choose a single-router topology to minimize complexity.

How often should I update VPN certificates and keys?

Rotate certificates and keys on a regular basis, typically every 1–2 years, or immediately if you suspect a compromise. Keep backups and revocation lists up to date.

Additional tips and common-sense guidance

• Start small: Begin with a single OpenVPN remote-access user to validate the tunnel and then scale up to a few devices. This minimizes risk and makes troubleshooting manageable.
• Document changes: Keep a change log for your EdgeRouter X configuration, certificate issuance dates, and client profiles so you can rebuild or revert quickly if something breaks.
• Performance realism: Expect VPN overhead to reduce throughput by 10–40% depending on protocol, cipher, and hardware. EdgeRouter X is capable of handling typical home VPN workloads, but real-world numbers depend on your uplink speed and the number of concurrent clients.
• Community and support: When you’re stuck, search community forums and official EdgeOS docs. The OpenVPN community and EdgeRouter user groups are good sources of practical tips and troubleshooting steps.

Conclusion to keep in mind not a formal section
While EdgeRouter X isn’t a “set-it-and-forget-it” appliance, it remains a strong DIY VPN platform for a lot of homes. With careful planning—certificates, network topology, and firewall rules—you can have a secure, fast VPN that serves personal and small-business needs. Remember: security is a process, not a one-time configuration. Regularly review access, rotate credentials, and stay informed about firmware updates and best practices. Proxy microsoft edge: how to set up proxies, VPNs, and SOCKS5 in Edge for privacy, security, and regional access 2026

End of guide: empower your home network with a robust VPN

• If you’re looking for a faster, more turnkey experience while you learn the ropes, consider complementary options like a dedicated VPN client or service for mobile devices while you build your own EdgeRouter VPN. Just make sure you pick a solution that aligns with your privacy and performance goals, and test everything thoroughly before depending on it for sensitive activities.

Checkpoint vpn price: comprehensive guide to pricing, plans, features, and comparisons for Check Point VPN in 2025