Today, I am showing you another way by using a supporting router. You may ask why another router? Why don't you just do it on the router? There are few reasons I can think of. For example, you may not want to touch your existing router settings; you don't want your entire network to use VPN etc.
You may also ask why bother to do it at the router level when it is much easier to use a plugin or a utility from VPN providers. One of the reasons I can think of is performance. If you running a VPN software on its host, all the work is done there and in turn it increases the load on that machine. This may not be a problem on a high performance computer but this can be an issue on a mobile or low performance device. With VPN is done on the router, all network traffics are just as normal, no extra work is needed. The caught of this setup is your VPN performance is limited by the performance of chosen hardware specs of your supporting router.
For this type of setup, I highly recommand to use an OpenWRT router. In this example, I use a Raspberry Pie 3B+ (rpi) due to its cost and its relatively more powerful processor (Quad Core 1.2GHz Broadcom BCM2837 64bit CPU). As mentioned before, a better CPU can improve the VPN performance. Hence, the newer Raspberry 4 or something better may be a better choice. However, for my own use, I am also looking for a solution that can run on passive cooling without a huge bill. The RPI 3B+ hits the spot.
To start, first you go to the OpenWRT site and get the latest image for the rpi.
https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi
The version of image I used for this example is
OpenWrt 19.07.3 r11063-85e04e9f46 / LuCI openwrt-19.07 branch git-20.136.49537-fb2f363
The file is in GNU zip format (e.g. rpi-3-ext4-factory.img.gz). If you are using Windows, 7-zip should do the trick to decompress it. Once it was extracted, I used Rufus to write it onto my microSD card.
By default, the rpi is set to the static IP 192.168.1.1. We need to change this IP to an IP within our network subnet range. For example if you network is 192.168.100.1/24, then you need to set the rpi to an IP such as 192.168.100.2
Here are the steps for changing the IP
1) type
uci set network.lan.ipaddr='new-ip-address' (“new-ip-address” is the new IP address you want for the LEDE device in your network, e.g. 192.168.100.2) and press Return, 2) type
uci commit && service network restart and press Return Alternatively, you can achieve the same by editing the /etc/config/network file using vi, e.g.
vi /etc/config/network
Now use your browser to go to the IP you set up.
Under Network -> Interfaces, edit the LAN setting as below
Now save the settings using the Apply Uncheck option.
Next is to setup the rpi as a VPN client. If your VPN provider provides you ovpn config file, then things can't be easily. You simply upload the config file to the OpenWRT, setup the password, and off you go. A setup walk-through can be found on my another post, https://xpwithubuntu.blogspot.com/2019/05/set-up-openwrt-with-vpn-on-raspberry-pi.html
You are almost there. To use this router, you need to change your computer network setting to manual so you can define the parameters yourself, e.g.
Instructions for Windows can be found at: https://kb.netgear.com/27476/How-do-I-set-a-static-IP-address-in-Windows
For Linux with Network Manager Applet, settings are:
Now, verify you setup by using sites such as https://www.expressvpn.com/what-is-my-ip
The network is now ready to be used.
With Network Manager Applet in Linux, you can easily change your network configuration by setting up profiles and changing between them. With Windows, you aren't that lucky. However, there is a way to get round the pain of Windows useless Networking GUI. You can use good old batch script to give your profile equivalent in Linux. Below is what I am using for switching between configurations.
@echo off
SET interface="Ethernet 2"
SET staticip="192.168.1.10"
SET vpnip="192.168.100.10"
SET vpngateway="192.168.100.2"
REM Quad9 DNS
SET dns1="9.9.9.11"
SET dns2="149.112.112.11"
REM dnsforge.de DNS for Ad Blcoking
SET dnsab1="176.9.93.198"
SET dnsab2="176.9.1.117"
:begin
netsh interface ip show config name=%interface%
:options
echo.
echo Select a task:
echo =============
echo -
echo 1) Pi-Hole DNS
echo 2) DHCP DNS
echo 3) VPN
echo 4) VPN (With adblock)
echo 5) Static IP %staticip%
echo 6) Default (DHCP)
echo 7) Show Config for All Interfaces
echo 10) Exit
echo -
set /p op=Type option:
if "%op%"=="1" goto pihole
if "%op%"=="2" goto dhcpdns
if "%op%"=="3" goto vpn
if "%op%"=="4" goto vpnab
if "%op%"=="5" goto staticip
if "%op%"=="6" goto dhcpip
if "%op%"=="7" goto allconfig
if "%op%"=="10" goto exit
echo Please Pick an option:
goto begin
:pihole
echo Set to use Pi-Hole DNS
netsh interface ip set dns name=%interface% source=static address=10.0.100.2
goto begin
:dhcpdns
echo Set to use DHCP DNS
netsh interface ip set dns name=%interface% dhcp
goto begin
:staticip
echo Set to use DHCP DNS
netsh interface ip set address name=%interface% static %staticip%
goto begin
:vpn
echo Set static IP to %vpnip%
netsh interface ip set address source=static name=%interface% address=%vpnip% mask=255.255.255.0 gateway=%vpngateway% gwmetric=0
netsh interface ip set dns name=%interface% source=static %dns1%
netsh interface ip add dns name=%interface% %dns2% index=2
goto begin
:vpnab
echo Set static IP to %vpnip%
netsh interface ip set address source=static name=%interface% address=%vpnip% mask=255.255.255.0 gateway=%vpngateway% gwmetric=0
netsh interface ip set dns name=%interface% source=static %dnsab1%
netsh interface ip add dns name=%interface% %dnsab2% index=2
goto begin
:dhcpip
echo Set to use DHCP DNS
netsh interface ip set address name=%interface% dhcp
netsh interface ip set dns name=%interface% dhcp
goto begin
:allconfig
netsh interface ip show config
goto options
:exit
@exit
This is it. Hope you find this useful.
Update 2020-08-10:
Tested with FreeVPN.Me, the rpi 3B+, I managed to get 64Mb/s down and 16Mb/s.
