Happy New Years! If you've compared the dates on my previous blog posts you would notice that it's been about 3 months since my last post. I've decided to try to make more of an effort to create some new content being that it is a new year and you know, resolutions and such. Spurred by my recent lust of security I decided to get a VPN account and see how easy it would be to set up a secure and private browsing environment. Single machine setup was a breeze as most VPN providers now have client programs that do it all for you, but I wanted more. It seemed much more convienent if I could just put an entire network onto a vpn and thus skip client setup. It turns out that this is easily achieved and not overly complicated but is unfortunately not documented too much. After figuring it out myself I figured I would share how to do this so that others could bask in the VPN spring of life.
- ASUS RT-N56U Link
- Padavan Firmware Link *Thank you Jens for the update
- Private Internet Access subscription (Or any other VPN service) Link
The first thing to do is get the router and set it up. If you don't know about this router yet I wrote a review about it a while ago. These routers have never let me down and have had every feature I've ever needed. Before this weekend I actually was very happy with the stock firmware but then I came across Padavan and was impressed. Padavan is just some custom firmware written to make your router even more awesome than it already is. I referenced this article for installation instructions, the quick and dirty is:
- Go to the Padavan Repository, click on RT-N56U and get the .trx file of your choice. I used RT-N56U_188.8.131.52-081_aria.trx, you should use the md5 file to verify the trx file if you know how to do that
- Login to your router and navigate to Advanced Settings -> Administration -> Restore/Save/Upload Settings and backup your settings in case this goes sideways
- Go to the Advanced Settings | Administration | Firmware Upgrade page and upload the .trx from Padavan
- Remove your hands from the keyboard, don't even breathe, and pray to the network gods that nothing goes wrong.
After this you will have some really awesome firmware and be half way to VPN mountain, isn't this much less painful than you expected? Next up is getting an account with a VPN provider. I decided to use private internet access but you do not have to, there are a myriad of options to choose from so make sure that the one you choose has the features you need. Once you have an account and some credentials, for private internet access you have to login in to their client page and generate a username/password, you will want to log into your newly flashed router, complete with gradient background. Click on the the tab the says VPN Client and enter the following settings:
- VPN Client Protocol: Open VPN
- Remote VPN Server (IP or DNS host): Given by Provider
- Port: 1194, Unless otherwise specified
- Transport: UDP
- Authentication: TLS: username/password
- Login: Given by provider
- Password Given: Given by Provider
- Obtaining DNS from VPN Server: Replace All existing
- Restrict Access from VPN Server Site: No (Site-to-Site access)
The rest can be left default. There is also a tab called OpenVPN Certificates and Keys which you will need to feed some information into. Your provider should have some information located in their tutorials on openvpn settings or config files, private internet access has theirs on this page. Download the configuration files and look for a file called ca.crt. Open this file with your choice of text editor and copy the contents of that into the Root CA Certificate text field. After all that is said and done click apply and double check the settings you entered to confirm correctness. You should be able to navigate to speedtest or google “What is my ip” , either of which should show you at a new IP address/location. Congrats! you now have private browsing!
Update: I recently had issues with my router not working and I found that I had to click into the extended configuration and make sure that cipher AES-128-CBC was the chosen cipher. You should just have to uncomment that line (remove the beginning ‘;') and make sure no other ones are uncommented.