Jul 25, 2021

Securing internet access of all of your devices using VPN with single configuration on router

 

This was just an experiment, I wanted to be invisible to my ISP so that ISP won’t log my site visits etc. so I decided to setup VPN, I guess there is no other more secure way that this. 

AIM: Securing internet access of all of your devices using VPN 

You can connect all the connected devices to the router to VPN without any configuration or any VPN software on client device. 

First of all you need a OpenWRT supported router, go ahead to this URL and check if your router supports OpenWRT firmware if not you need to buy one. 

OpenWRT is embedded linux firmware for your router. OpenWRT can be configured either through LuCI or SSH. LuCI is web interface for openWRT. 

In this article I am not going to discuss about how to install openWRT on your router. Its pretty straight forward. 

For this experiment I used TP-Link Archer C50 which is a dual band(2.4 & 5GHZ) router, move on

 

Connect to the router via SSH and execute following command to install two packages openvpn-openssl & openvpn-luci

1


opkg update && opkg install luci-app-openvpn openvpn-easy-rsa openvpn-openssl

Create a new DHCP client interface tun0 using following command

 /usr/sbin/openvpn --mktun --dev tun0 

Open the VPN menu in Luci  

Add your configuration:

You can either configure your own openVPN server  or you can use the one which are available on internet,

for this tutorial I am going to use the servers listed at vpnbook.com

I am not affialiated with vpnbook.com in any way I am just using this as an example 

Enable the configuration and save changes 


Reboot the router 

 


You have finished the VPN configuration now, but you still need to configure the interface as well as the Firewall.

From the top menu go to Networking -> Interfaces.
Click the Add new interface… button.
Name: secure_vpn
Click on Interface and write tun0 in the textbox, and press enter.
Click on Create interface button.

 

This will open additional settings.

Make sure there is a checkmark on Bring up on boot
Click on Save

Click on Save & Apply in the Interfaces screen


Now you need to set the firewall rules for the VPN connection 

In LuCi in top menu, go to Network -> Firewall.
Scroll to the bottom of the screen to the Zone section, and Add a new Zone.

4 

In the General Settings tab, set name to secure_fw, change Input to reject, Output to accept, Forward to reject.
Put check mark on both Masquerading and MSS clamping
Covered networks – select secure_vpn
In the Allow forward from source section, lan.

Press Save

Press Save & Apply on Firewall - Zone settings

In the top menu, go to VPN -> OpenVPN. Set the checkbox Enabled for VPN connection you just created, and click Save & Apply.
After the settings are saved, click Start button next to the VPN connection.

Wait a few seconds for connection to establish.
You can check here if you have successfully connected.