how to setup a vpn on a router

you need as much internet security as you can get these days. from telecommuting to watching your favorite program on a smart tv, the typical consumer’s attack surface is three to four times larger than it was when most of us just had one computer. that’s not just a concern; it’s also a hassle, since you’ll need to install security software on all of those devices. while you can’t avoid installing different antivirus software on each device, you can make your virtual private network (vpn) worries less vexing by bypassing the per-device process and instead installing a blanket vpn on your router.

why should i get a vpn?

vpns are essential for internet security for a variety of reasons. for starters, they make your computer seem to be at a place other than where you are. that’s because you’re connecting to a vpn provider’s server and conducting your web sessions from there. when cookies or big bad government agencies attempt to track you down via your online activity, they will discover the vpn provider’s server rather than you. even better, hundreds or thousands of people will be performing the same thing on the same server at the same time.

“you have a situation in which your location is concealed and your encrypted data stream is very difficult to discern.”

vpns, on the other hand, do more than just anonymize your session; they also encrypt your traffic. vpns may employ a number of encryption techniques, the most common of which is the aes 128-bit or 256-bit standard. combine that with anonymization, and you have a scenario in which your location is hidden and your individual encrypted traffic stream is extremely difficult to distinguish, because your stream of encrypted gobbledygook is one of hundreds or thousands of other streams of encrypted gobbledygook pouring into and out of that same server farm.
that is the allure of a vpn: you obtain all of these advantages simply by installing a basic web client on your computer and ensuring it is operational before beginning any other online or cloud connection.
however, if you have numerous devices in your house, particularly if you suspect some of them are running linked software that begins before you’ve even had a chance to activate your vpn, something more consistent may be needed. that’s when you should install a vpn client on your wireless router; anybody using your local network to surf the online or use a cloud service will be utilizing the vpn by default, since they can’t connect to the internet without leaping through that always-on hoop.

many different types of vpn routers

while some routers now allow connecting to vpn services using openvpn or the point-to-point tunneling protocol (pptp), this functionality is unlikely to be found on most consumer-oriented routers. it’s also not a simple task to set up. some of the more costly routers will enable vpns through those features, particularly if the maker intends to sell them to small companies as well as households.
in addition, a few (increasing) vpn providers have taken on the job of ensuring that their vpn client may be installed on a router’s firmware—more on that below. however, since such clients aren’t always ubiquitous, you’ll require a router from the vpn provider’s compatibility list. while that is fantastic, you are probably satisfied with your existing network, and spending money on a new router simply to obtain a vpn client may not be an appealing choice.
this forces you to look for alternative firmware that supports either openvpn or the client of your preferred vpn service. the most common of them is dd-wrt, although tomato is an alternative for people who have a broadcom-based router. dd-wrt is the more mature of the two and is compatible with a wide range of routers, both old and new.
alternatively, you may convert an old x86 pc into a router by installing dd-wrt on it and adding an additional network port through an expansion card. this does need some extra effort, but if you have the skills, it’s a fantastic opportunity to build yourself a very configurable and powerful router at a low cost.
most people, on the other hand, will stick to installing dd-wrt on their compatible router, which not only does what it’s supposed to do but is also a fantastic method to upgrade and extend your networking capabilities. the only disadvantage of utilizing your router in this manner is that you risk voiding your warranty or, worse, rendering the router totally unusable if anything goes wrong. the easiest method to prevent this is to install dd-wrt on a router that is not only supported, but has been supported for a long time.
because the development team has had plenty of time to iron out any bugs, the longer your router has been maintained, the easier the firmware upgrade will be. you should also be able to locate a help forum with people who are acquainted with both your router and dd-wrt. some router manufacturers have similar forums linked to their help sites, although they are more frequently found at independent online places, such as the main dd-wrt website or reddit.
i updated three routers in order to create this post. the lapac1200 ac1200 dual band access point and the wrt1200ac v2 were both linksys products. while the update on the lapac1200 failed, most likely due to the fact that it is not a full-fledged router, it went well on the wrt1200ac. i decided to perform another installation just for fun on an old, generic windows pc that i had equipped with two gigabit network interface cards (nics). that procedure likewise went well, and although it is noticeably larger than the wrt1200ac, it is still the fastest of the two.

accessing your router configuration

every router is a little different, but most linksys routers follow a similar pattern when it comes to logging in and making configuration changes. that procedure is similarly comparable to that of most other router manufacturers, thus it serves as a suitable example for this article. the first step is to get your router’s internet protocol (ip) address. on microsoft windows 10, go to the start menu, type command prompt, and press enter. then enter ipconfig and press enter once more. you should see something similar to what is seen in the image below, but with different address numbers. the ip address of your router will be displayed as the default gateway. that is 192.168.13.1 in this case. then, launch your browser and enter your router’s ip address as the url (http:192.168.13.1). this will bring you to a login screen for your router’s administrative panel.
if you’ve never updated your router’s username and password, searching for your router model on the linksys website should take you to a support page with the default credentials provided. if it is not a linksys router, just locate your original installation instructions from when you originally installed the router, and the default credentials will be present. if that document is no longer available, go to the website of your router’s manufacturer to discover instructions for restoring your router to factory settings. the default credentials should also be present. if it doesn’t work, you’ll need to contact your router’s support team.
“go to your router manufacturer’s website and look for information on resetting your router to factory defaults.”
once you’ve gained access to the router’s administrative capabilities, look for the console that enables you to upgrade the firmware. this is usually located under the administration tab. check the company’s website for specific instructions for linksys routers. similar instructions will be accessible on the help sites of other router manufacturers.

dd-wrt download and installation

this is probably the most critical step, since if anything goes wrong, you may possibly “brick” (that is, make your router unusable). this may occur as a result of software incompatibility or a power loss at a crucial stage of the update process. i’m not trying to frighten you—the overwhelming majority of dd-wrt installations work perfectly—but the truth is that something terrible may happen to the router, so please proceed with caution.
navigate to this website (https://dd-wrt.com/support/router-database/) and input the model name of your router. you will be given a list of possible applicants. choose the one that corresponds to the brand and model number of your router, and then download the bin file.
now, from the firmware update screen, upload the bin file and wait for it to finish. if everything went as planned, your router will be running dd0-wrt and therefore compatible with openvpn. don’t be alarmed if things go wrong and your router thinks you’re no longer on speaking terms. that is what occurred to me when i attempted to upgrade the linksys lapac1200 access point. simply follow my example: follow the steps on this website (https://wiki.dd-wrt.com/wiki/index.php/recover from a bad flash). with luck, you’ll be able to return to a decent starting point and attempt again.
when everything lights up as it should, the default ip address of a fresh dd-wrt installation is http://192.168.1.1. enter that address as a url into your pc’s web browser again, and you’ll see a page prompting you to reset the default login and password. following that, you may proceed to the fundamentals of configuring your new router. for corporate customers and those with more sophisticated network needs, dd-wrt has a plethora of additional options, thus going through them all is beyond the scope of this tutorial. however, for most residential and small business installations, you’ll need to configure the connection type for your wide area network (wan), which is your internet service provider. in general, this is typically located under the dynamic host configuration protocol (dhcp), so if you’re not sure where to go, that’s a decent place to start.

configuration of the vpn client

to begin, connect your router to the internet on one side and your local area network on the other. then configure any other network settings you need, such as quality of service (qos) or access restrictions. only after the router is completely operational should you think about installing a vpn client.
to do so, go to the services page and choose the vpn tab. check the enable bubble next to “start open vpn client.” there is currently no one set of instructions for making this work. simply follow the directions for your vpn provider, and you’ll be fine.

verify your handwork

dd-wrt includes a great status page with a vpn part that displays whether or not you’re connected and whether or not everything performed as expected. if you want to go the additional mile, you may look up your ip address in google by entering “what is my ip?” if your vpn is functioning correctly, you should receive something different than what you began with since you’ll be browsing to google from your vpn vendor’s server rather than your pc. if it occurs, congratulations! you may now surf the web anonymously across all of your connected devices.