Whilst @ozsat 's comments are the best way to go, VPNs do require significant CPU grunt so a higher end router would be required.

What type of VPN are you wanting to setup? (incoming client server or VPN endpoint)

I have a common or garden home network which I am thinking of protecting against attacks from scroats who think they have more rights to my unimportant data than I do. I have a TP-Link AC2300 router sitting in wait for me to install on my network, I could set up a VPN (I'm considering NordVPN, by the way) on each of my computers and phones, I'm just trying to find an easier way of covering everything in one go.

Thanks for your input, you obviously have more experience than me, I just testing my foot in the water, so to speak.

Set up a VPN on your router/switch. Not on devices.

For a while I did use Nord connected by openvpn from my pfsense with routing rules so certain devices used the nord circuit. This meant stuff that couldn't have a vpn client were still using a vpn for external.

Also by placing a openvpn server on your router/firewall you can then support road warrior access from your phone/tablet/laptop to give you home network access away from home.

Additionally I also use StrongSwan on my remotely hosted servers to connect back via an IPSEC VPN on the firewall to make my remote servers part of the home network. The reason for the different VPN type (OpenVPN, and IPSEC) being I never know the remote Openvpn client address and therefore impose certificates and is a client initiated connection, but for the remote servers, I need either end to be able to initiate the connection. remotes are fixed IP. and I use a dynamic name for my VM connected firewall. 

Hi Timwilky

It's clear your networking experience is far greater than mine, I'm not sure I'd be able to do all that.

I take it putting a VPN onto a router is not as simple as I had first thought, to do what you have done, I'd need my hand held throughout the process, so I think it's not going to happen. I appreciate your input and I'll try to see if Youtube has any answers, maybe even similar to your setup.

Thank you so much for your help.

The TP-Link router should be more than up to the job. Timwilky is clearly an expert but most of us arent and dont need that strong level of protection and even I managed to set up VPN's over the years. It should be straightforward once you are in modem mode.

Set the router up in this sequence and try it.
_____________________________________

Set up your own router/Mesh unit (in its settings) with the WAN port set to be in DHCP (& Nat) mode, it may be pre-set that way anyway.

Then, disconnect all cables from your new router (or Mesh first unit) and switch it off and unplug it. Then, put the VM Hub into modem mode
( https://www.virginmedia.com/help/virgin-media-hub-modem-mode )
and wait for the base light to turn magenta/purple (on a Hub3 - but not on a Hub4!).

Once it’s in modem mode, the VM hub “MUST” then be powered off. Switch your router on and make sure it’s fully initialised (leave 5 min) and then put in the ethernet cable from its WAN port to the VM hub (any port will do).

NOW… power up the VM hub and wait 5-10 minutes for The Hub to initialise and and you should get a connection. Use the recommended App to connect any other Mesh units to the first one. This order only needs to be done the first time you connect the router to the VM hub.

@Pilkie before we get too far down the rabbit hole here, I should point out that a VPN is nothing more than an encrypted tunnel between two endpoints which passes through the public internet. There is a huge amount of confusion, if not downright lies about what they are and what they do.

One thing though is that for the vast majority of home users, a VPN will do precisely nothing to improve security, indeed unless you fully understand what they are doing, it's arguable that they make your home network less secure.