VPN router

[isdarit]

hi folks  hope your all well, We’re in need of a VPN router  just wondering if any of you have any advice?  I’ve found preconfigured jobs which sound like no headaches hopefully.  My memory or my brain capacity is not what it once was so I’m absolutely dreading  the forthcoming drama. Any advice greatly appreciated thanks John

[Dave Rice]

There are so many questions I need to ask.

Do you want to VPN in to your site from a PC etc. or connect your site to another via VPN?

Most of the “VPN” routers you’ll find are the latter not the former i.e. they are a VPN client and not a VPN server. This may of course be what you need, in which case my next question is why do you need a VPN?

If it’s the former, i.e. you need to VPN in to your site you need something like a Draytek.

To confuse matter you’ll find article in places like How To Geek referring to setting up VPN servers when they are in fact setting up a site wide VPN client.

Whatever, I can point you in the right direction but I may disagree a router is the best way to go about it.

 

[blacklion1725]

Be interesting to see how this goes but don’t want to hijack the thread till the original question is answered. [Been playing with this a LOT lately – both on my Asus router running custom Merlin firmware and more recently with Microtik boxes which are certainly not plug and play but are incredibly flexible, cheap and quite fun for what they do as both clients and servers].

[Dave Rice]

I suspect it’s a VPN to get around geographical issues with Netflix etc. I wouldn’t go down the router route as everyone will be affected all the time which will have unintended consequences for anything that wants you to be in the UK. I would be looking at Nord VPN as you get 6 devices for £2.29 a month.

VPN for “security” is over hyped, it’s hard to make a case for anyone needing it at home. If you use public internet, fair enough. What follows is for security, not geographical redirection.

I set up my own OpenVPN server in DigitalOcean for $5 a month, there’s a script that does it all for you. Mine is in London, but I could have a server in the US or any other country DO have a data centre in. How well that works with Netflix I have no idea but all they have to do is block DO’s IP range and that’s that (the same applies to any VPN exit point). There are OpenVPN clients for all the major devices.

Or get Kaspersky Total Security or Security Cloud , it comes with Secure Connect @ 300MB per day (random nearest country). More than enough for most peoples use for when they really need a VPN – and Kaspersky advises you on that **. If that’s not enough unlimited and choice of country for 5 devices is £50 a year, comparable with Nord. I have it installed on Windows, Android and iOS. Kaspersky licences are cheap enough on Amazon, Security Cloud – Family | 20 Devices | 1 Year £25. Even Kaspersky’s prices only work out at £7.50 a device.

I would never impose a VPN on my whole network, there really is no need and it won’t protect you where you really need it which is outside of the home. Just put a dedicated VPN client, like Nord, on each device that needs it or use Kaspersky to get the best of both worlds and sort out the other aspects of internet security at the same time.

I have both Kaspersky and my own VPN server. Why? Because it was a learning exercise and at $5 a month I can offer it to customers as a freebie plus all my family and friends share my Kaspersky Cloud so I need to know how that works when they get over enthusiastic. **

If you need geographical obfuscation then you really need the likes of Nord who will try and keep one step ahead of Netflix and allow you to change back to UK if you need to. But never, ever on the router.

If you need a VPN for secure site connections, ignore everything I’ve said ? Plus it’s a lot easier!

** one friend is a freelance draughtsman who does work for the business I built the mega-cad machine for. I also do the rest of their IT from the (Draytek) router onward so I know everything is secure. Kaspersky decided the office SSID had too common a name so must be insecure and prompted him to invoke Secure Connection, which he did. He then phoned me as his laptops’s WiFi was dropping connection to their server after a few hours every time he was there. Given the size of the cad files they chuck about I’m amazed it wasn’t a few minutes. When he connects to the office from home via the Draytek VPN, Kaspersky is quite happy – which it should be. So the caveat is, as always, nanny doesn’t know best.

[blacklion1725]

Dave for geo-restrictions I’ve played with a few options. First is policy-based routing on the Asus router (running Merlin). That firmware allows up to five outgoing VPNs, and you can assign (by IP address) which devices route over which VPN (by default devices won’t use the VPN).

The second is as per above except with a stand alone wireless AP routed through one of the Asus VPNs and so its own wifi becomes a VPN wifi and you can switch devices to/from the VPN by switching between the router wifi and tha AP wifi

The third is using one of the little Microtik routers (those little GL-Net boxes also work). You can set the Microtik with its own VPN credentials and its own wifi (it connects out through the main router), so again you just toggle between the main router wifi and the microtik wifi to go vpn or no vpn). I have a mate in the states and his own VPN server is L2TP-IPsec which is not supported by the Asus but is on the Microtik (not theGL-Net). So I use the microtik Wifi to connect to him.

One advantage of VPN on the router (and I take your point in general) is that in some cases it gets round issues where an (e.g.) Android app can tell if a vpn app is installed locally on the device.

[Dave Rice]

That sounds fine to me as you have to “opt-in” as it were. But how does a PC assigned to a router VPN temporarily disable it? I guess it can’t. May not be an issue. It still doesn’t solve the public WiFi scenario.

Whatever the technical solution you still need a VPN service provider. It looks like Nord allow router connections (via OpenVPN or IKEv2) so you can have a mixture of router (or proxy) and app under the same account i.e.the best of both worlds.

I’m not sure I’d buy a device preflashed with Nord, what happens if you need a security update? But one of the Asus Merlin routers looks good, or one of the proxy devices for more plug and play. There’s the usual potential WiFi issues with any box.

[blacklion1725]

yeah if you need to toggle vpn on/off then the microtik or similar is a better bet as you can toggle vpn by switching wifi. I use reserved DHCP addresses on the Asus rather than static IPs on the clients – so no need to reconfigure if you take the device somewhere else, and also takes care of my Roku which doesn’t support a static IP config itself. On the Asus once it is assigned to a VPN you can only change that assignment through the router web interface (clunky and kicks everyone off that VPN temporarily).

For VPN providers, Nord is very good value and yes you can download OVPN files and then the router VPN only counts as one of your 6 allowed connections. I have used Nord and probably will again.

If a certain streaming service is your main reason for wanting a USA connection then worth keeping an eye out for one of the lifetime subs for Windscribe. They have dedicated servers for that service called Windflix for UK and USA.

The general issue (which is getting worse) is that streaming providers are getting better at blocking ranges of IPs that they can tell are coming from a VPN provider. So – example – the ovpn config for NordVPN that works today may not work tomorrow. They (Nord) are very quick to respond and tell you what will work, but still a pain.

I’ve used Torguard for a while now. Their annual (5 devices) charge is $30 ($15 every 6 months), but a dedicated “streaming IP” in the USA is $4/month, making the whole lot $78/year or about £60/year at todays rates – very good value in my opinion. These IPs are static as close to bulletproof as you can get (apart from the one in my mate’s house). Most other services offering a dedicated IP are much more expensive.

[Drezha]

The mini GL-net routers are handy for travelling. I keep one in my bag for when I’m working. They can have VPN profiles added to them – I use PIA, as I have a yearly subscription to them. But the main use is to overcome Travelodge’s restriction to only 2 devices. With Mac address cloning, I sign up with my laptop, and then can connect my iPad and phone to the wifi as well.

I have the basic two models, and on VPN they have been slow – the previous time I’m putting down to the wifi in Travelodge Bangor!

I’ve also used the Synology one on my router in the past to connect to my home network whilst out. That’s work perfectly fine as well – I guess that would be handy for linking two sites together as well – maybe not full time or for large files, but it’s working for general use for just me.

"Everything looks interesting until you do it. Then you find it’s just another job" - Terry Pratchett

[isdarit]

Sorry for the paused reply I’m  layed up with bad back. It is very confusing but the more I read over your replies  I will catch up hopefully.  One of the sons does view streams and that’s where my need of vpn comes in. The WiFi here is terrible so upstairs the rooms have there own Ethernet cable. The son in question ( has ADHD and needs lots of stimulation he can play games whilst watching tv  and chatting) has put another router on his cable in order to have multiple devices. It was his router I was going to replace  with one of these pre flashed  jobs .  Thanks for all your input  boys unbelievable  the knowledge on here.

[Dave Rice]

I think your plan will work as only his devices would then be on the VPN. But you could achieve the same thing with a client on each of his devices. Same horse, different jockey ?

[Author]

Posts