This was just an experiment, I wanted to be invisible to my ISP so that ISP won’t log my site visits etc. so I decided to setup VPN, I guess there is no other more secure way that this.
AIM: Securing internet access of all of your devices using VPN
You can connect all the connected devices to the router to VPN without any configuration or any VPN software on client device.
First of all you need a OpenWRT supported router, go ahead to this URL and check if your router supports OpenWRT firmware if not you need to buy one.
OpenWRT is embedded linux firmware for your router. OpenWRT can be configured either through LuCI or SSH. LuCI is web interface for openWRT.
In this article I am not going to discuss about how to install openWRT on your router. Its pretty straight forward.
Connect to the router via SSH and execute following command to install two packages openvpn-openssl & openvpn-luci
opkg update && opkg install luci-app-openvpn openvpn-easy-rsa openvpn-openssl
Create a new DHCP client interface tun0 using following command
/usr/sbin/openvpn --mktun --dev tun0
Open the VPN menu in Luci
Add your configuration:
You can either configure your own openVPN server or you can use the one which are available on internet,
for this tutorial I am going to use the servers listed at vpnbook.com
I am not affialiated with vpnbook.com in any way I am just using this as an example
Enable the configuration and save changes
Reboot the router
You have finished the VPN configuration now, but you still need to configure the interface as well as the Firewall.
From the top menu go to Networking -> Interfaces.
Click the Add new interface… button.
Name: secure_vpn
Click on Interface and write tun0 in the textbox, and press enter.
Click on Create interface button.
This will open additional settings.
Make sure there is a checkmark on Bring up on boot
Click on Save
Click on Save & Apply in the Interfaces screen
Now you need to set the firewall rules for the VPN connection
In LuCi in top menu, go to Network -> Firewall.
Scroll to the bottom of the screen to the Zone section, and Add a new Zone.
In the General Settings tab, set name to secure_fw, change Input to reject, Output to accept, Forward to reject.
Put check mark on both Masquerading and MSS clamping
Covered networks – select secure_vpn
In the Allow forward from source section, lan.
Press Save
Press Save & Apply on Firewall - Zone settings
In the top menu, go to VPN -> OpenVPN. Set the checkbox Enabled for VPN connection you just created, and click Save & Apply.
After the settings are saved, click Start button next to the VPN connection.
Wait a few seconds for connection to establish.
You can check here if you have successfully connected.