How to Develop a Dedicated VPN Router

This tutorial will teach you how to set up a dual-router configuration with a dedicated VPN router behind another router (the primary router). This will work with any VPN-enabled router firmware, including DD-WRT, ASUSWRT (including Merlin), and Tomato.
We will be using what is known as LAN-to-WAN router cascading, where each router is on a separate subnet.

Tutorial Asus Dual-Router Setup with one dedicated VPN-Router 2021

SNBForums Code of Conduct SNBForums is a community for everyone, no matter what their level of experience. Please be tolerant and patient of others, especially newcomers. We are all here to share and learn! The rules are simple: Be patient, be nice, be helpful or be gone!

Kingslayer

New Around Here

This tutorial will teach you how to set up a dual-router configuration with a dedicated VPN router behind another router (the primary router). This will work with any VPN-enabled router firmware, including DD-WRT, ASUSWRT (including Merlin), and Tomato.
We will be using what is known as LAN-to-WAN router cascading, where each router is on a separate subnet.

• to access VPN and Non-VPN connections,
• to switch devices to/from the VPN simply by switching networks,
• to connect devices like an Xbox, a PS4, a fire stick, or a Chromecast to a VPN, and
• to apply/add more insulation of VPN network (double NAT = greater security).

Below is a diagram of the home network structure we are going to create. Traffic is encrypted by the VPN router and flows through the primary router to the modem/internet. All devices connected to the #2 (VPN) Router will use the VPN tunnel.
All devices connected to the #1 (primary) Router will use your normal internet connection.

Part 1: Setup the Primary Router

There is only minimal setup required on the main router because it is not actually doing anything besides passing on the already-encrypted traffic from the VPN router.
You can use virtually any router in the world if it supports “VPN-Passthrough” (which most modern routers do).
In my setup there are 2 routers an Asus RT-AC68U White (Router #1) and a second Asus RT-AC68U Black (Router #2). Both run the asuswrt-merlin firmware. And BOTH are configured as Routers.

Log into your first Router (for Asus users 192.168.1.1) and Enable VPN-Passthrough. On Asus may vary between different firmware’s: Click on „WAN“, then „NAT Passthrough“ and enable these options. (Picture 1)

The primary router 192.168.1.1 for simplicity. The second router can be given the IP of 192.168.1.2 on your static manual assignment. This will show up as the WAN IP on the second router as well.
Go to LAN then DHCP-Server and set a manually assigned Ip for your Router #2. (Picture 2)

The second router will then be given its own built in IP’s from a pool of IP’s let us call this 192.168.2.1 The only downside to this is that all devices on 192.168.2.1 will be able to communicate to 192.168.1.1,
but none of the devices on 192.168.1.1 will be able to talk to devices on 192.168.2.1. You can resolve this issue with static route on router 1. For this, go to LAN then Route and enter your Route (Depends which Subnets you use). (Picture 3)

This was all the Setup you need to do on Router #1. Now, of too Router #2.

Part 2: Setup the Secondary Router

In this section, we will change the subnet of the VPN router, so that it does not overlap with the primary router. We also need to enable DHCP,
so the VPN router hands out IP addresses to devices that connect to it. Go to LAN and then LAN IP and set the IP of the router. (Picture 4)

After that, click on DHCP Server and set the IP-Range that the Secondary Router gives. (Picture 5)

After that, you need to configure the DNS-Server, and this varies for the VPN-Provider you use. Just check their website – I really recommend AirVPN. Their DNS is “10.4.0.1” Secondary does not matter just use OpenDNS or something. (Picture 6)

Almost done. Now we just need to setup the VPN. You need a .opvn Profile. I am here using AirVPN config generator. And I turned IPV6 off because I have disabled it on my router.
The Last step is just uploading the .opvn to your Router #2. I did not enable any options just upload and turn on. (Picture 7)

Cable Setup is very easy just connect LAN* on Router #1 with WAN of Router #2 and select “Automatic IP” for the WAN-type of Router #2.

Proof: I am not in Germany nor the Netherlands and I can ping devices from Subnet 192.168.1.xxx

I hope this helps and I’am sorry if there is any ****ty english.

How to Develop a Dedicated VPN Router

One of the best privacy and anonymity measures that you can implement is a VPN. However, virtual private networks are not as dependable as one would imagine. This is so because not all VPN service providers allow multiple connection for all your devices.

Such devices may include your media player, smart TV set and game console. The most profound solution to the above mentioned problem is setting up a dedicated VPN router. A dedicated VPN router automatically routs all the devices connected to it through the VPN.

Table of Content

• The Connection Plan
• What you need to configure a DD-WRT VPN Client
• Before you get started
• Physical configuration of the VPN router
• Installing DD-WRT for VPN
• Setup: Router as VPN Client
• Setting up the dedicated VPN on the router
• Getting the networks to communicate
• Forwarding the VPN router
• Forwarding the primary router

The Connection Plan

The most outstanding plan that you can engage should include at least two routers, such as a secondary router and a primary router. Usually, most people have in place a secondary router in their homes. Then again, you will be better off if you connect a second router to the existing one. The additional router’s main purpose will be to provide VPN services.

You can refer to the router that you did set up initially as the primary router. This enhanced setup will ensure that all your devices are connected through a VPN. You can conveniently connect device between the primary router and dedicated router as needed. You can simply achieve this by connecting them to different Wi-Fi networks.

What You Need To Configure DD-WRT VPN Client

For this plan to work, you will need:

• A second broadband router (with an Ethernet WAN port)
• A special firmware (DD-WRT) to be installed in order to set up the router as a VPN client

Before You Get Started

1. Take note of your primary router’s LAN IP, which is simply the one you use to access the router admin console on your browser. Depending on the model of your router, the IP can fall under any of the following variations: 192.168.x.x / 10.1.x.x
2. You should know the model of the router you wish to set up as the VPN router; you can achieve this by searching the router’s model in the router database. Then double click on the router model to access its page
3. At the designated router page you will come across a link that will redirect you to the router’s DD-WRT Wiki page. When you follow the link, you will be redirected to an instruction page that will guide you on how to set up the router.
4. The Wiki page will also provide you with a link to an acclaimed DD-WRT build. You will most definitely have to download this file, because you will need it for flashing the router.

Physical Configuration of VPN router

• Get hold of the Ethernet cable and then connect the internet (WAN) port on the VPN router to whichever LAN port on your primary router.
• Then using an Ethernet cable, connect your PC to a LAN port on your VPN router to start the flashing process.

Installing DD-WRT for VPN

• Do a 30/30/30 hard reset on the router.
• Log into the router admin page and access the firmware upgrade section.
• In the firmware upgrade, use the file option to select the bin file that you downloaded previously and click start.
• Once the firmware has been updated, go ahead and do another hard reset.

Set Up: If your router is successfully flashed, go ahead and open your browser. In the browser, insert into the address bar the default IP of DD-WRT which is 192.168.1.1. The default username and password are root and admin consecutively. Once you have done this, the DD-WRT interface will appear.

Setup: Wireless – To set up wireless simply click on the wireless tab. Then set up the wireless access point by using its own inimitable SSIDs. This wireless set up allows you to conveniently switch between the primary router and the dedicated VPN router by simply changing Wi-Fi networks.

Setup: Router as VPN Client:

• Plug your VPN router into a port on your primary router.
• Set the WAN connection (DHCP) is the default connection) type on the Basic Setup Page.
• You can also opt to switch to static IP address.
• Always take note of the WAN IP of our VPN router regardless of whether you go DHCP or Static.
• To ensure that everything is working, you should try to connect to the internet while connected to the VPN router.

Setting up The Dedicated VPN on Router

• Access the homepage of your VPN provider, which will provide you with details and guides that you require to configure the VPN on the router.
• You can set up the VPN by using OpenVPN or PPTP. Of the two, OpenVPN is difficult to configure, but more secured.
• To configure PPTP, you will need a server address from the VPN provider; in addition to a VPN username and password.
• Enable the PPTP client in DD-WRT under Services->VPN; then insert into the box the details provided to you by the VPN provider.
• For OpenVPN, you will have access the provider’s support page and search for the DD-WRT/OpenVPN setup guide and follow it to the very end.

Getting the Networks to Communicate

To ensure that you will not encounter any problems, you should try to connect to devices that are linked to the other router. This requires you to carry out upstream connections. You should ensure that you connect devices from VPN router to primary router in order to avoid problems.

Forwarding the VPN Router

The most recommended solution as far as set up is concerned is to set up forwarding on both primary as well as VPN routers. This will ensure that data transfer between the routers progresses smoothly.

• You need to connect to the VPN router, then again enter the admin interface.
• You should enter iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT in the command shell box and click save. (assuming your primary router has the following IP: 192.168.1.x)
• Enable the radio button for Web GUI Management in the Management section under Administration.

Forwarding the Primary Router

• Connect to the primary router and then log onto the admin interface and access the Static Routes section under Advanced Routing.
• Create a newfangled rule and give it a name.
• Configure the destination IP as 192.168.2.0 (assuming that your VPN router IP is 192.168.2.x)
• Configure the subnet mask to 255.255.255.0
• Set up the gateway IP to the WAN IP of the VPN router.
• And then save the route.

Please see the step by step guide on how to configure VPN router here.

Did this step by step explanation help you in setting up your own VPN router ? Let us know in the comments below

How To Install a VPN on Your Router

If you need VPN security but you’re tired of installing one on every device in your home or small office, maybe it’s time to add one to your router. Router VPNs protect any device connecting through them. Here’s how to do it.

Updated June 2, 2021
https://www.pcmag.com/how-to/how-to-install-a-vpn-on-your-router

These days, you need as much internet security as you can get. From telecommuting to simply watching your favorite show on a smart TV, the average consumer’s attack surface is three to four times the size as when most of us had only one PC. That’s not just a worry, it’s also a chore since you’ll need to install protective software on all those devices. But while you can’t get around installing separate antivirus software on every device, you can at least make your virtual private network (VPN) concerns less aggravating by skipping the per-device procedure and simply installing a blanket VPN on your router.

Why Get a VPN?

VPNs are internet security must-haves for a number of reasons. First, they make your computer appear as if it’s in a geographic location other than where you actually are. That’s because you’re logging into a server operated by the VPN provider and then running your web sessions from there. That means when cookies or Big Bad Government Agencies try and trace you from your web activities, they’ll find the VPN provider’s server, not you. Even better, just like you, hundreds or thousands of people will be doing the same thing off the same server.

But VPNs do more than anonymize your session. They also encrypt your traffic. VPNs can use a variety of different encryption methods, but the most popular is the AES 128-bit or 256-bit standard. Combine that with anonymization, and you’ve got a scenario where your location is hidden and your individual encrypted traffic stream is ridiculously difficult to pick out because your stream of encrypted gobbledygook is one of hundreds or thousands of other streams of encrypted gobbledygook pouring into and out of that same server farm.

That’s the draw of a VPN: You get all those benefits just by installing a simple web client on your device and making sure it’s active before starting any other web or cloud session.

But if your home has multiple devices, especially if you think some of them might be running connected software that starts before you’ve even had a chance to activate your VPN, something more constant might be required. That’s when you opt for installing a VPN client on your wireless router. With a VPN client on your router, anyone using your local network to browse the web or access a cloud service will automatically be using the VPN because they can’t get out to the internet without jumping through that always-on hoop.

Many Kinds of VPN Routers

Today, while some routers support connecting to VPN services via OpenVPN or the Point-to-Point Tunneling Protocol (PPTP), you probably won’t find this feature on most consumer-oriented routers. It’s also not a lightweight chore to configure. Some of the more expensive routers will support VPNs using those features, especially if the manufacturer is looking to sell them into small businesses as well as homes.

There are also a few (though growing) number of VPN providers who’ve taken on the task of making sure you can install their VPN client on a router’s firmware (more on that below). But those clients usually aren’t universal, so you’ll need a router from the VPN provider’s compatibility list. While that’s great, you’re probably happy with your current router and dropping the bucks for a whole new router just to get a VPN client might not be an attractive option.

This leaves you to hunt for an alternative firmware that’ll support either OpenVPN or your chosen VPN provider’s client. The most popular of these is DD-WRT, though another option is Tomato if you have a Broadcom-based router. DD-WRT is the more mature of the two and works on many routers, both old and new. You can check to see if your particular router is supported here.

Alternatively, you can turn an old x86 PC into a router by adding an extra network port via an expansion card and then installing DD-WRT on that. This does take a bit of additional work, but if you’ve got the chops, it’s a great way of building yourself a highly customizable and very capable router without much added cost.

Most folks, however, will stick to installing DD-WRT on their compatible router, which is not only what it’s intended to do, but also a great way to update and expand your networking capabilities. The only downside of using your router this way is that you can void your warranty, or worse, render the router completely inoperable if things go very wrong. The best way to avoid this is to make sure your aiming to install DD-WRT on a router that’s not only supported (check that link above), but has been supported for a good long while, too.

The longer your router’s been supported, the smoother the firmware install will go since the development team will have had lots of time to smooth out any kinks. You should also find a support forum with users familiar with both your router and DD-WRT. Some router manufacturers have such forums off their support pages, but more often you’ll find them in independent web locations, such as the main DD-WRT website or Reddit.

Once you’ve got those resources in place, we’ve put instructions on how to get started upgrading your router below. To write this article, I performed an upgrade on three routers. Two of them carried the Linksys brand, namely the LAPAC1200 AC1200 Dual Band Access Point and the WRT1200AC v2. While the upgrade on the LAPAC1200 failed, probably due to the fact that it’s not a full-fledged router, the process worked fine on the WRT1200AC. For grins, I decided to do another installation on an old, generic Windows PC that I outfitted with two gigabit network interface cards (NICs). That process also went fine, and while it’s certainly bulkier than the WRT1200AC, it’s still the faster of the two.

Getting to Your Router Configuration

Every router is a little bit different, but most Linksys routers follow a similar pattern when it comes to login and making changes to the configuration. That process is also similar to what you’ll find on most other router brands, too, so it’s a good example for this article. The first thing to do is figure out what your router’s Internet Protocol (IP) address is. To do this on Microsoft Windows 10, click the Start menu and type in Command Prompt and click Enter. Then type in ipconfig and click Enter again. You should see the same thing as in the screen shot below, though with different address numbers. Your router’s IP address will be listed as the Default Gateway. Here, that’s 192.168.13.1.

Next, open your browser and type in your router’s IP address as the URL (http:\\192.168.13.1). That’ll get you to a login prompt for your router’s administration console. If you’ve never changed the username and password for your router, then looking up your router model on the Linksys website should lead you to a support page where the default credentials are listed. If it’s not Linksys, then just find your original installation instructions from when you first installed the router and the default credentials will be there. If that document is long gone, then head over to your router maker’s website and find the instructions for setting your router back to factory defaults. The default credentials should be there, too. If that doesn’t work, you’ll need to call your router’s support line and ask.

Once you get access to the router’s administrator functions, you’ll want to find the console that allows a firmware update. Generally, this will be found under the Administration tab. For specific instructions for Linksys routers, check here. Other router vendors will have similar instructions available off their support pages.

Downloading and Installing DD-WRT

This step is arguably the most important piece since you can potentially “brick” (that is, render inoperable) your router if anything goes wrong. This could happen due to incompatibility on the software side or simply because you suffer a power outage at a particularly critical step of the update process. I’m not trying to scare you off here, and the vast majority of DD-WRT installs run just fine, but the reality is that something bad could actually happen to the router, so please do exercise caution.

Navigate to this page and enter your router’s model name. You’ll get a list of potential candidates. Pick the one that matches your router’s brand and model number, and then download the bin file.

Now, from the Firmware Update screen, upload the bin file and wait. If everything worked the way it should have, then you will have a router that’s running DD0-WRT and is therefore compatible with OpenVPN. If things go south and your router decides that you aren’t on speaking terms anymore, do not panic. That happened to me when I tried upgrading the Linksys LAPAC1200 Access Point. Just do what I did: Go to this page and follow the instructions exactly. With any luck, you’ll get back to a good starting place to try again.