How To: Properly Setup and Secure a VPN Router

4

*For simplicity reasons, we will refer to the router with a VPN configured, a VPN Router.

The technicality and essential need of a secure router is beyond importance this day and age. With recent security revelations, government intrusion, cybercriminal uprising and the recent amid of security threats, personal security is coming far beyond its much needed time. An effective way of avoiding the amass of threats is to setup a Flashed VPN router, if securely and properly setup, the benefits are huge.

What is a Flashed VPN Router?

A Flashed VPN router is just as it sounds, a router flashed with a third-party firmware and a VPN integrated.

Some pretext, on what a VPN and router are and how they mesh together to create a wonderful VPN router. We’ll talk about the flashing aspect later.

  • VPN: We could speak on Virtual Private Network (VPN) providers all day, but in short, a VPN is a piece of technology that secures, encrypts and masks your internet connection, making you invisible and near impossible to hack by cybercriminals on the network. A VPN can prevent hackers from stealing your passwords on insecure WiFi, can greatly increase your personal sense of security, unlock previously geo-locked content, resist heavy online censorship and more. There are hundreds of VPN providers but our number one choice is Private Internet Access, it’s affordable, fast, secure and has loads of great features. Head over to our Private Internet Access review to get an unbiased overview of the 5-star service.
  • Router: In the most basic explanation possible, a router is the device that broadcasts your WiFi network, allowing you to connect to the physical hardware if you have the network passkey. The router is the physical piece of hardware your devices such as your computer, phone, tablet, consoles and devices connect to wired or wireless. Once connected, the router will receive or forward packets for all your devices, allowing for a fast and secure wireless internet connection/WiFI.

A VPN router is both of the technologies meshed together. A secure router with the capabilities of a VPN being integrated on the entire network. What does all this mean:

  • VPN Router: A router with a VPN pre-configured within the hardware. All connections now run over the router are secured by the VPN connection. Meaning you no longer need to setup a separate VPN configuration on each device separately. The router connects to the VPN, securing each packet as it filters over the network to every single device, including computers, consoles, PC’s, laptops, friends devices or just anything that connects to that network.

Now that we are aware of the two technologies and how they work together, lets dive into the benefits of such a innovative piece of hardware.

Benefits of a VPN Router

A VPN router has immense benefits, first and foremost, enhanced security! The number one benefit to having a VPN router is the added security. Every packet that streams over any device connected to the VPN router will be encrypted, regardless of the settings. All social media logins, all iPhone and Android app connections, simply browsing the web and playing online games are all encrypted. Meaning hackers or spies within the network can no longer sniff your traffic and analyze what you are doing. Hackers will be unable to view any traffic, meaning all connections are successfully encrypted, including passwords and what you are doing on your network . A VPN can also help against government snoops!

Another intensive and important benefit of the VPN router is location spoofing. VPN’s allow you to connect anywhere in the world the provider allows access too, meaning one minute you could be appearing in Morocco, while another minute you could be appearing in Russia. This allows for further unlocking, allowing you to view location restricted content, such as the US version of Netflix, or simply being located elsewhere and being able to tune into the British BBC.

Another benefit is privacy, but not only because your internet connection is encrypted. A benefit included in the location spoofing is that tens of thousands of others are connected to the same VPN server as you, meaning hundreds of thousands of websites are being visited by the same IP address. Data brokers, spies and companies will have a much harder time tracking you, making it virtually impossible for them to do so (excluding 3rd party cookies). While your streaming Netflix, another person on the same connection could be visited their bank. A small key to a VPN and privacy are due to the amount of others using the same VPN and muddying the tracks around the internet. The big key is that you can evade spies, restrictions and intrusion. Note: Being signed into a bank on a VPN will not show others your bank credentials. Such data is stored locally on your computer, not on the network, allowing you to freely browse the internet with piece of mind.

Now that we’ve briefed you on what is a VPN router and the benefits of a VPN router, time to move to the next steps.

How to: Setup a (Flashed) VPN Router

There are three ways to setup a VPN router, but before we get into that, there is a little pre-text. For a VPN to run on a router, there must be some kind of third-party firmware running on the router for the VPN to be configured. There are two major firmwares and several ways to run them on different configurations:

  • DD-WRT Firmware: The most popular firmware that supports VPN integration. DD-WRT is the most popular routing firmware that allows for an easy and seamless integration. DD-WRT does have its drawbacks, but DD-WRT is widely supported by the most prominent VPN providers on the market. DD-WRT is a smart choice for easy integration and universal support. To buy a pre-configured DD-WRT router click here.
  • Tomato Firmware: Tomato is another great firmware that allows for a seamless VPN integration. Tomato is my personal preferred firmware, due to its strong support for the OpenVPN protocol, an extremely secure encryption protocol. Tomato is not the most popular firmware, making that ones of its main drawbacks. The firmware is not supported by a large number of VPN providers such as the DD-WRT firmware, but Tomato is still supported across any number of providers. Tomato is a smart choice when looking for the most secure VPN and router integration. To buy a pre-configured Tomato router click here.
  • Flashing your own: Now lets be clear, flashing your own router does not mean making a half-assed effort to configure some spammy/buggy configuration firmware. No, flashing means installing one of the two firmwares above, or another firmware that allows for VPN routing. The two above are the most popular, but alternatives include OpenWrt (foundation for DD-WRT), OpenWireless and hundreds of others. We are not going to overview how to flash your own router at home in this article, but a simple online search for “how to install *router firmeware* on *router name*,” should bring you to an up to date guide with the latest links on how to do so.

Can I grab Pre-Configured VPN Routers?

Yes, we will list reasons for this and our favorite brands, companies and personal experience.

Reasons to buy a pre-configured VPN router:

  • Your current router is slow and out of date.
  • You want to upgrade your router without the hassle.
  • New router will have more power, making connections faster, more stable, and improving the overall quality of the connection.
  • VPN Routers offer immense benefits.
  • Don’t have to deal with the hassle and guides of flashing your own router.
  • The router is accurately flashed, meaning it is secure, unbricked and pre-tested. No hassle!

Reasons not buy a pre-configured VPN router:

  • Your current router can already be flashed.
  • You already have a router capable of integrating a VPN into.
  • Pre-configured routers can be pricey and/or just flat out not worth it.

Through our years of router dealings, we have found the best pre-configured VPN routers come from FlashRouters, a company dedicated to selling top of the line, pre-configured flashed VPN routers. Last year I reviewed a router I bought from the company, the Asus N66U TomatoUSB, a high-powered pre-configured Tomato router. The router was great, clean, fresh, powerful and just a straight Tomato install. The router worked perfectly, allowing for an easy and secure VPN integration.

After receiving several other VPN routers after that, we found a number of issues lodged in these other company routers. While going through the VPN router settings, we found a number of hard-coded bloatware items to be pre-installed in the router. Out-of-box, we are getting a VPN configuration pre-installed with unnecessary software and features that we can’t uninstall? After working with several other companies, nothing compared to Flashrouters clean, fast and out-of-box usability.

VPN Router Setup

If you chose a router from Flashrouters, your router is already partially configured out of the box, now you just choose the network password and follow the VPN setup instruction guide. After following the guide, your VPN should be working and ready to go. Continue reading to check if your VPN router is secure and working properly.

When buying your router make sure you have access to the admin panel, big box retailers include instructions inside the box, flashrouters comes with a paper documenting how to easily access the panel and other routers should have a paper inside detailing how to access your admin panel. If the router does not have an admin panel where you can configure settings, the router is essentially useless, as you cannot change anything or properly configure a VPN.

Non-Flashed Router: If you have a router that is not pre-configured or flashed, please search your exact router model and check if it is compatible with one of the desired firmwares. If it is, follow the instructions given on the page. There are many different models and methods to setting up routers we couldn’t possibly cover them all.

DD-WRT Routers: If you have a DD-WRT panel, play around in the settings. We have found DD-WRT to be very point-and-click friendly, allowing you to browse the router panels without getting yourself into to much trouble. Through our testing of DD-WRT routers, they offer a great array of features, including quality of service bandwidth management, remote wake on lan, integrated VPN options, guest network, hotspot setup, and wireless extender options. Due to DD-WRT having massive updates overhauling the look, a guide may become outdated quickly. DD-WRT has great documentation allowing users to easily browser and get to know the router and its features. The panel should look somewhat like this, may have a few re-arraignments in future updates.

DD-WRT VPN Router, Freedom HackerTo begin accessing the VPN configuration part of the router, click Security, navigate to VPN and check your VPN providers list of compatibility. If you went with our recommendation, Private Internet Access has an easy DD-WRT VPN setup guide. For more detailed information on how the DD-WRT panel works, read some of the Tomato options below to get the hang of navigating through a router.

Tomato Router: Tomato routers are very easy to setup. Assuming you bought a pre-configured tomato router, the provider should give you the details to your admin panel. Our routers admin panel was http://192.168.10.1. From there we typed in out username and password and were granted access to the almighty Tomato admin panel.
Tomato Router Admin Panel, Freedom Hacker
The left side-bar offers a wide array of options to navigate through. Clicking on each will expand a small sub-bar below it, offering even more features than before. Below we will highlight key panels and what you can do with each.

  • Tools>System Commands: Allows you to easily execute any command of your choice within the router.
  • Basic>Network: Easily change the DNS, LAN settings, network name, network password, and Internet settings.
  • Access Restriction: Seamlessly block websites, set filters, and tailor the router to your needs. The panel allows you to create filters, meaning you can type a word, and any domain associated with that word can be easily blocked or changed. Individual devices can be blocked from websites, certain filters can be set on a group of devices or the entire network (every device). Access restrictions is great for blocking malware-laced domains, ads, intrusive trackers and more.
  • Bandwidth Limiter: Allows you to seamlessly limit how much bandwidth devices can consume. Lets you allocate more bandwidth, restrict bandwidth, restrict devices, ban users and more.
  • USB and NAS: Great panel filled with hundreds of great features, take a look and see what interests you.
  • VPN Tunneling>OpenVPN Client: Allows you to configure two VPN providers, meaning you can have two different services setup. One service may be located in the USA while another in Canada. Easily edit and configure providers within the panel. Choose which configuration you want the network to run on at any time. It is strongly recommended you utilize OpenVPN as it is one of the strongest VPN protocols, PPTP and L2TP are outdated and insecure.
  • Administration: Easily configure hundreds of important settings from here, including bandwidth, debugging, JFFS, logging, scheduler, scripts, and upgrades.
  • Reboot: Allows you to remotely reboot the router, meaning you can restart the router from itself.

To configure a VPN within the flashed router, check the VPN providers client support. If your using our preferred Private Internet Access VPN, you can follow their Tomato client support guide.

Check if the VPN Router is Secure

Now aside from having a strong wireless network password and admin panel password, we are going to test if the VPN router is secure. Meaning the VPN is properly configured and securing our connections. (Note, we will not be discussing firewalls and other complex pieces within the router in this check security section.)

    • Basic IP Test: This website will tell you the basis of what websites and servers will see when you are accessing them. While connected to a California-based server on Private Internet Access, the website returned the following results.
      Testing VPN Security, Freedom HackerTest one complete and the VPN is working properly.
    • Extended IP Address Test: Whoer is a great site with a variety of tools to see if your VPN is working properly. First, they show you your IP address, then your interactive detection, location, HTTP headers, scripts and plugins. This site is especially great as it shows you all the data websites may collect, and inform you if anything is leaking or does not match up. As we have flash and java uninstalled, both plugin requests returned no results. But the DNS, flash and java will request items from your computer itself, and return what IP address is coming from the application (VPN secures the entire network). If properly configured, every single packet that flows through that network will have the VPN securing and encrypting each packet while giving off another location. Upon our first visit we received the following while connected to a California-based server on Private Internet Access VPN. The time on the computer was set to match the VPN location as well.VPN Security Check, Freedom Hacker
    • DNS Leak Test: Testing for a DNS leak is essential. The photo below will explain what a DNS leak is and why it is a huge security threat.

What is a DNS Leak, Freedom Hacker

As you can see, you essentially defeat the entire purpose of a VPN with a DNS leak. To check your DNS, visit the link and click extended test. If any of the results turn up with your local DNS, you likely have a leak.

DNS Leak Test, Freedom Hacker
DNS Security Test, Freedom Hacker

To patch a DNS leak in the Tomato router, access the admin panel and navigate to Basic>Network, and choose a static DNS. When choosing a DNS, make sure it is secure. To find a secure DNS, check if the VPN offers one, if so, use their secure DNS, input the numbers within one of the 0.0.0.0 charts and hit save. You can also add multiple DNS choices within the router. From there, the DNS will failover onto each other or use that by default. Hit save, and reboot then do another extended test. The DNS should now be secure.

If the DNS is still leaking, contact the VPN provider and see if there is an issue on their end causing the problem. If not, there are a number of third-party DNS options. We recommend browsing the web as DNS operators open new service and shut down often, so naming a certain DNS now might not be beneficial as more secure and encrypted DNS providers are on the rise. We hope to see all DNS queries encrypted one day, it’s a big step but the benefits would be groundbreaking.

To alter your DNS via the entire Windows system, open your start menu, aka the little Windows icon on the bottom left, if on Windows 8, navigate to Settings>Control Panel. Windows 7 users can just click the bottom left Windows icon and click Control Panel.

Navigate through the following panels shown in the pictures below: View network status and tasks>Change Adapter Settings. Find your adapter, or device that is keeping you connected to the internet, then right click and navigate to properties. Click IPv4 (or IPv6 as seen fit), then properties once again. From there you will be able to manually set your DNS. Below is a guide with pictures on how to manually migrate to a secure DNS.
Change DNS WindowsChange Adapter Settings

 

Windows Network Properties DNS

Change DNS Windows IPv4

From there you can enter the DNS numbers and continuously exchange DNS providers as you see fit. For default DNS settings provided by your Internet Service Provider (ISP), you can always just click Obtain DNS server address automatically.

Google also has their own DNS provider, remember, the service is operated by Google, a company that has not deleted a single search querie, email or analytic piece of data since they began back in 1995. A company that saves everything about everyone’s life. Google’s public DNS is labeled to be one of the fastest, extremely secure and not one of the most privacy conscious. More information on the enterprise security and free DNS Google offers can be found on their public DNS page.

After all that, you should have a secure VPN router that is ready to go.

To avoid an DNS leaks by default, if using Private Internet Access they offer their own customer-exclusive DNS. Connect to VPN, add the DNS in after a successful connection and now your internet packets and DNS queries are encrypted and sent to the non-logging VPN. Customer-exclusive DNS servers can cause issues if implemented improperly. Meaning you must connect to the VPN first, then enter the DNS server and save. If the VPN cuts out, the DNS will not let you connect and fail. You will need to change the DNS to the default settings, connect to the VPN and then again re-enter the DNS information. This can also be avoided by using multiple secure DNS servers.

Conclusion

VPN’s do not make you invincible or %100 anonymous, there are millions of other ways to fingerprint people, remember that. But VPN’s can be incredibly useful and have been becoming more and more commonplace on the internet. Encryption is a must, it deters cybercriminals, rogue government, censorship, and protects the rights of free speech and privacy online once again.

Whether its DD-WRT, Tomato or another open source build, attaching a VPN to the router is always a novelty. Not only is your personal security online enhanced, the router has a number of enhancements itself, adding additional vulnerability patches, and letting it tailor to you with your own set of scripts and rules.

It’s always nice to remember a VPN can retain your privacy, stop identity theft, block trackers, deter data collection, deter online fingerprinting and more. A VPN can perform a number of tasks with the essentials of security.

Sources:

DD-WRT Photo via Technopride/Wikimedia [CC BY 3.0]

About Author

Brandon Stosh is the founder and CEO of www.freedomhacker.net. Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

4 Comments

  1. hi, thanks for this. I don’t want to use google dns, but don’t know which one to put instead? OpenDNS? Can you recommend something?

    • Hello,

      Yes OpenDNS can work, also DNSBench can help you find secure providers. I recommend searching online for a DNS that fits your needs, but in short, OpenDNS is a great choice.

    • Hello John,

      Yes, a VPN can be used on an iPhone 6. You just need to ensure the provider offers OpenVPN support for iPhone, which any number of providers do. We would recommend Private Internet Access, as they offer support for nearly all mobile devices including the iPhone 6. Take a look at their client support page for details on how to set it up.

Leave A Reply

Send this to friend