This post is a supplement to my piece of VPN as a whole.
It's an Asus Instant Guard vs Ubiquiti Teleport matchup that explains the use of these two mobile-oriented add-on VPN functions for those owning an Asus or Ubiquiti AmpliFi router.
If you don't know what VPN is or are unfamiliar with setting up a router, make sure you check out the primer posts in the related box below first.
Asus Instant Guard vs Ubiquiti Teleport: Instant home-based VPN access for Android or iOS devices
Instant Guard and Teleport are mobile applications that add a VPN connection to your mobile device on top of its Internet connection.
Specifically, no matter where you're in the world, the device's connection to the Internet is routed through your home router. As a result, you can keep it safe or isolated from the current network that gives it Internet access.
But their similarities, which are basically the benefits of a VPN connection, end there.
Let's start with Teleport.
AmpliFi Teleport: Login account required, proprietary, super-easy to use
To use Teleport, you need to have an AmpliFi router, such as the Alien or the AmpliFi HD -- all variants will work. Alternatively, you can use add Teleport add-on hardware unit to any existing network, though that's a bit cumbersome -- don't bother!
The most important thing to note about Teleport is this: to use it, you must have a login account with Ubiquiti on your router and enable its Remote Management.
Specifically, you need to use the AmpliFi mobile app to manage your router instead of its simple web user interface, which, so far, applies only to the Alien -- the AmpliFi HD has no web interface.
The point is the router will then be connected to Ubiquiti at all times via this account which can be a privacy risk. But this proprietary vendor-assisted management also facilitates the VPN connection.
As a result, Teleport is super easy to use -- there's no need to configure anything on the router's end. On top of that, you can use this feature even when your AmpliFi router is on top of another router in a double NAT setup or working as an access point (bridge mode).
How to use AmplFi Teleport
Designed primarily for mobile devices, Teleport works via another app called Teleport. On Windows or Mac computers, you need a separate Android emulator application. Generally, AmpliFi routers do not have a built-in standard VPN server.
But in any case, Teleport is dead simple to use. Here are the steps:
- Run the AmpliFi app and go the to Guest section, which is the middle tab.
- Under the Teleport section, tap on Generate Code. Share the code with the remote party. (The code is valid for one hour.)
- On the remote party's mobile device, run the Teleport app and enter the code.
And that's it. That remote device is now part of the router's VPN. Specifically, all of its Internet traffic will be routed via the router (and possibly Ubiquiti,) keeping it isolated from its current physical network.
From then on, on the remote device, you have the option to turn that VPN connection on or off using the Teleport app. As a rule, you only need a VPN connection when you, for whatever reason, want to appear as though you were at the VPN server's locale.
And the owner of the router can use the AmpliFi app to manage the remote device, including giving it access to the local network resources or removing it from the VPN network.
By the way, if you have two AmpliFi routers at different locations, you can use Teleport to link them together into a single network.
Asus Instant Guard: Standard, no privacy risk, also easy to use
To use Instant Guard, you need to have an Asus router -- since mid-2021, most, if not all Asus routers support Instant Guard, either right out of the box or via firmware updates.
There might be some Asus routers that don't have this feature but all those I've reviewed have it.
Instant Guard vs standard VPN servers
If you own an Asus router, you might have noticed that it comes with a VPN section where you can set up one or more VPN servers. Note that Instant Guard, a VPN server itself, is separate from the router's standard VPN server function.
In other words, you can use a router's standard VPN server, which supports all types of devices as long as you know how to configure the client, and Instant Guard at the same time. The point of Instant Guard is that it works solely for mobile devices and doesn't require any configuration on the router's end.
That said, if you can make your phone or tablet work with the router's standard VPN, Instant Guard is redundant -- it's not necessary.
However, if you're a home/novice user who doesn't have time to be nerdy, Instant Guard is a much easier alternative. Let's find out how.
Extra: Different types of router-based VPN servers
Below are popular standard VPN server types or protocols supported among Wi-Fi routers. This portion of the content first appeared in the primer post on the virtual private network.
Wireguard is the latest VPN protocol. Debuted in 2016, initially only for Linux, but since 2020 has been available cross-platform (Windows, macOS, BSD, iOS, Android).
Using cryptography, the new protocol is slated to be extremely simple yet fast. WireGuard is still under development but has proven to be the most secure, easiest-to-use, and simplest VPN solution.
WireGuad is on the way to possibly replacing all existing protocols below.
As the name suggests, OpenVPN is a flexible VPN protocol that uses open-source technologies, including OpenSSL and SSL.
As a result, it has a high level of customizability and is the most secure. It also can't be blocked.
In return, OpenVPN requires extra client software, making it less practical. But this protocol is the best if you want to be serious about VPN.
Short for Layer 2 Tunnel Protocol is the second most popular VPN protocol -- it's also a built-in application in most modern operating systems -- and an interesting one.
It has no encryption by default, so it's not secure where the IPsec -- or IP security -- portion comes into play to provide encryption. Therefore, this protocol is rigid in port use and can be blocked by a third party.
The point is L2PT/IPsec is great when it works. And it does in most cases, which ultimately depends on whether the local network of the remote device allows it to pass through.
Short for point-to-point tunneling protocol, PPTP is the oldest among the four and is on the way out.
First implemented in Windows 95 and has been part of the Windows operating systems and many other platforms since PPTP is well-supported and the easiest to use.
However, it's also the least secure. It's better than no VPN at all, and it does its purpose of making a remote device part of a local network.
That said, if you take security seriously, or have other options, skip it. On the other than, it sure is better than nothing and good enough for most home users.
By the way, if you wonder what kind of VPN server Instant Guard uses, that depends. If you use Asus's stock firmware, that'd likely be L2PT/Sect, but if you use the Merlin firmware, then chances it's Open VPN.
Instant Guard: Asus Router mobile app and single NAT are required
A couple of things to note on using VPNs with an Asus router.
First, all Asus routers come with a comprehensive web user interface and an optional Asus router mobile app.
And secondly, no matter if you use the web UI or the app, all Asus routers use Dynamic DNS (DDNS) for remote management, which is required for VPN to work.
The point is, you don't need to register an account with Asus. All you need to have is a DDNS domain.
And speaking of which, as a bonus, each Asus router also comes with a free DDNS domain and an SSL certificate. But you can use any other DDNS domain provider if you don't want your router to connect to Asus at all.
Generally, setting up a remote connection via DDNS is involved and requires a certain level of networking know-how. However, if you merely want to use Instant Guard, Asus has made the process super easy as long as the following requirements are met:
Your router must be the only router in your home network -- it must have direct access to the WAN IP. In other words, it won't work if the router is working in the AP mode or you use a double NAT setup, where you use the router on top of another router.
These are the basic requirements for the DDNS connection to work. And while they seem like a lot, chances are that's already the case in most homes, as long as you're willing to ditch that ISP-provided gateway.
With that, let's find out how to make Instant Guard work. Again, you do not need to do anything on the router, other than the initial setup.
Steps to setup Instant Guard
Instant Guard requires a few more steps than Teleport, but it's still very easy and straightforward. Here are the detailed ABC steps:
A. Install and run Asus Router App
- Make sure your mobile device, like your phone, is connected to the router's Wi-Fi network.
- Download the Asus Router mobile app on the device.
- Run the app, it will ask you to log into the router via its admin password. Do it.
The password mentioned above is not the Wi-Fi password. If you don't know that, maybe this entire post is a bit premature for you and you should start with this one on home networking basics, instead. Or this piece on home router security.
In any case, if you don't know this password, you'll need to reset the router and create a new one during the initial setup process.
B. Enable remote Connection
The screenshots below will help with this step.
- On the Asus Router app's interface, tap on Settings, which is the last tab at the bottom.
- Tap on System Settings.
- Slight the value of Remote Connection to the On position (right).
- Answer the prompt affirmatively (OK).
The router now will enable the remote connection using Dynamic DNS.
This step effectively turns on the router's DDNS feature and connects it to a randomly selected domain using Asus's free Dynamic DNS service.
If you have set up the DDNS feature before, the app will automatically use your current setting, including when you use a third-party server.
Suppose you change the DDNS setting later, including using a new server. In that case, the Router app will automatically update its DDNS configuration as soon as you run it when you're at home and connect to the router's local Wi-Fi network.
C. Intall and run the Instant Guard
On the same mobile device:
- Download and run the Instant Guard mobile app on the same mobile device.
- On the Welcome screen, tap on Get Started and it'll automatically log in using the setting of the Router app's information.
- Tap on the shield icon to enable/disable the VPN connection.
Both Teleport and Instant Guard are excellent VPN solutions for mobile devices.
While Teleport is more flexible and easier to use -- it makes sharing the VPN access with any remote party easy -- it does require a login account for the router, which can be a privacy risk for the owner. Still, it's much better on this front than using free VPN services of Google, Apple, or even Cloudflare.
On the other hand, in a nutshell, Asus's Instant Guard is a streamlined version of standard VPN. As such, it doesn't cause privacy concerns but requires a standard network setup to work.
Specifically, it requires a network that supports Dynamic DNS. On top of that, the VPN only works for those who have the access to the router's settings, a.k.a, the owner(s) of the router. So it's more restrictive in terms of who can use it.
But in any case, either of these two is much better than using a third-party paid VPN service that makes you pay for giving away your online data.
That said, if you own an Asus or AmpliFi router, it doesn't hurt to check them out.