VPN router setup in Chiangmai

[No1]

Does anybody have an idea if there is someone who knows how to flash a router and install a VPN-solution on a router here in Chiangmai?

[Crossy]

Do you have the router yet?

 

There are quire simple solutions for Asus (Merlin) and Linksys (DD-WRT and Tomato) which really don't need a specialist.

 

[No1]

Thanks, Crossy! Yes, I have the router and it was not problem to flash it with OpenWRT. The problem is setting up the VPN in OpenWRT. I would even buy a ready-flashed router with the configured VPN if I could find it here

[johng]

When you say configure the VPN...do you mean to use your router as a VPN server

(so others can connect to it)  or as a client  ie:  your router connects to someone else's VPN server

https://openwrt.org/docs/guide-user/services/vpn/overview

 

You also need to decide/know which  type of VPN you want to use  IPsec,OpenVPN,PPTP  etc

[No1]

Hi John,

I would like to configure it as a VPN client. I have chosen OpenVPN which seemed to be the most popular one. Ideally, I would like to connect it to an VPS in Europe where I have openVPN installed as a server.

Anyhow, I have been trying to configure this for a few days now and I am officially stuck and I am now either looking for an easy solution (just buying a ready set-up and configured router) or would like to find someone who can help me setting it up the way it was initally planned.

[TallGuyJohninBKK]

Various ASUS router models have a built-in VPN client as part of their ASUS firmware, and can be configured very easily for PPTP, L2TP and Open VPN connections without having to flash anything.

 

All it takes is going into their firmware under the VPN / Client tab, picking the connection protocol you want, and entering your VPN account's user name, password, and the server name/address you want to connect to. With OpenVPN, there may also be one additional step of uploading to the router the configuration file for the particular OpenVPN server you want.

 

It's not as tweakable as DD-WRT or Tomato firmware where you can adjust all kinds of different settings... But it's very easy and straightforward, and doesn't create any worries about flashing a router and bricking it, or having the flash go wrong, etc etc.

 

 

[johng]

11 minutes ago, No1 said:

just buying a ready set-up and configured router

That probably won't be possible  because the certificates and keys you use on your VPN server are unique

have a read here...

https://help.ubuntu.com/lts/serverguide/openvpn.html.en

there are 2 steps  first you generate the certificates/keys on your server..then you  import those files to your client  in this case your router...I found it easier to  use the openVPNgui client

https://openvpn.net/community-downloads/

on my PC  first to get things working..even so its still a bit of a mystery as to exactly how I got it working     there are a lot of complicated options that can be configured...your  server  and client configurations have to match   keys and certificates have to be correct...lots of reading.

[No1]

Thanks, TallguyJohn! I might end up buying an Asus router. Will check tomorrow if I can find one here which has the VPN option

[No1]

Hey Johng,
you are right.... especially the certificates were giving me trouble and in the end I thought it might be easier to just give up or look for someone to give me a hand with this. Also, the OpenVPN module on OpenWRT has so many options and most of them I do not even understand what they are good for.

But after a couple of days of trying to figure this out, I have decided to give up and look for someone who could help me getting this issue sorted. I know that a lot of reading is required and I wish I could have sorted it out. But eventually I had to admit defeat. Will probably try to find an Asus router tomorrow and see if that approach is easier.

[TallGuyJohninBKK]

1 hour ago, No1 said:

Thanks, TallguyJohn! I might end up buying an Asus router. Will check tomorrow if I can find one here which has the VPN option

 

Usually, when it comes to commercial/retail VPN providers who offer Open VPN connections, along with the location/server address information, they'll also offer for download the Open VPN configuration files to allow you to set up that particular connection. Assuming your router has an Open VPN client functionality.

 

If so, download and extract/unzip the Open VPN configuration file onto your PC desktop. Then go into your router's firmware, choose to create a new Open VPN connection, enter your VPN service user name, password, the server address you're going to use, and then use the firmware's file upload function in the Open VPN setup screen to upload the config file onto your router.  For those that I've used, they sometimes come with separate TCP and UDP protocol config files for each server location, so you can choose which protocol you want to use. TCP is more stable, but UDP is generally faster if it works well with your router and VPN provider's service.

 

[johng]

9 hours ago, TallGuyJohninBKK said:

Usually, when it comes to commercial/retail VPN providers who offer Open VPN connections

Yes but @No1 is  trying to connect to a private VPN that  is setup on a VPS server somewhere in Europe

the only person that could/should have those configuration files is @No1

[No1]

Johng,

I have a private openVPN installed on my VPS already, but I came to the point that anything that works will be fine. So TallguyJohninBKK´s recommendations just give me more options. Will try first with my own VPN and if I fail to configure it again, I will end up with TallguyJohninBKK´s solution.

I would still prefer to know if there was one professional, experienced person who just comes to my place or uses a Teamviewer and configures it all on my existing hardware. But it seems I have run out of options as I would not know where else to ask.

Thanks for all the ideas and help so far to all of you.

[johng]

Well good luck and please do keep trying...it took me a good few weeks of trying on and off to get things working...once you get it working  don't forget to take notes of the method and  make backups of certificates,keys and configuration files of both server and client.

[beau thai]

someone will enjoy telling me how dumb I am (true) but why is it important to do this with/to a router rather than just logging in to a vpn, such as pia?

[No1]

@beau thai I don't think it is a stupid question. There are many reasons: some people want to use the same VPN with all of their devices when at home but in my case I need to enable port-forwarding using an ISP who does not offer this. Otherwise cameras and home automization will not be accessible from outside of my home network.

[johng]

someone will enjoy telling me how dumb I am (true) but why is it important to do this with/to a router rather than just logging in to a vpn, such as pia?

Making the VPN connection at the router means that every device (multiple) can use the VPN...you could connect directly without going through the router if you want.

Also [mention=117470]No1[/mention] will be more certain of privacy because he controls/administers both server and client end of the VPN...using a commercial VPN server he will have no idea what they are logging,capturing or sniffing because they control the server end.

 

[TallGuyJohninBKK]

6 minutes ago, johng said:

Making the VPN connection at the router means that every device (multiple) can use the VPN...you could connect directly without going through the router if you want.

Also [mention=117470]No1[/mention] will be more certain of privacy because he controls/administers both server and client end of the VPN...using a commercial VPN server he will have no idea what they are logging,capturing or sniffing because they control the server end.

 

 

Another difference in using a router-based VPN connection vs. VPN apps on individual devices is various VPN providers have number of simultaneous device connection limits on their plans, sometimes 2, often 3, sometimes 5, sometimes unlimited.

 

When you connect via a router based VPN, that counts as one VPN connection regardless of how many devices may be feeding on its wifi. But when you have two PCs, 2 mobile phones and say 2 streaming TV devices, those are going to count as 6 VPN connections assuming they're all logged in at the same time.

 

For me, it's also a case of convenience. I have two wifi routers in my home, one that serves Thai IP wifi, and the other that serves VPN wifi... I never have to fiddle around with launching VPN apps, clicking to make connections, close connections or any of that. When I want a Thai IP, I connect to that wifi SSID. When I want a home country IP, I connect to that wifi SSID. Easy...

 

[No1]

@johng There are some good news: just bought a new  router, an Asus as @TallGuyJohninBKK recommended. I have also seen that there were many tutorials on how to set the Asus routers up and yeah: it worked right away with a test access I set up with a Perfect Privacy VPN. 

 

Quote

For me, it's also a case of convenience. I have two wifi routers in my home, one that serves Thai IP wifi, and the other that serves VPN wifi... I never have to fiddle around with launching VPN apps, clicking to make connections, close connections or any of that. When I want a Thai IP, I connect to that wifi SSID. When I want a home country IP, I connect to that wifi SSID. Easy...

 

I have actually figured out something else which could work out nicely, too: The Asus routers have an addon which is called "Merlin" and allow to setup guest networks and advanced routing. Will try to tell the router that the guest network does not need to use the VPN. So basically it was your idea @TallGuyJohninBKK just that it is all in one and the same router.

 

 

[TallGuyJohninBKK]

6 hours ago, No1 said:

I have actually figured out something else which could work out nicely, too: The Asus routers have an addon which is called "Merlin" and allow to setup guest networks and advanced routing. Will try to tell the router that the guest network does not need to use the VPN. So basically it was your idea @TallGuyJohninBKK just that it is all in one and the same router.

 

My ASUS router also has the "guest networks" feature as part of its firmware. And from my fiddling with it, it clearly allows you to set up separate SSIDs on either the 2.4 or 5 GHz bands, give them their own separate passwords, and control to some extent how much access they have to files on your local network.

 

But, at least in my fiddling, I didn't find a way to configure the Guest Network part to broadcast a different internet connection from the one being used by the main router, such as VPN vs no VPN.... 

[beau thai]

thanks guys for your info, courtesy and patience. Not always features of TVF!  Now I get it.

[No1]

Isak, Veepn does not support port forwarding and my problem was also not that I was looking for a VPN provider but for a solution to get a router setup to use OpenVPN to the instance installed on my own server.