How To Install a VPN on Your Router

FeaturesPCmag

These days, privacy and security often overlap. Even for the average consumer, virtual private networks (VPNs) can be a fantastic security aid, and if you're operating a small business, they're effectively mandatory to protect data in transit. That's all due to their use of encryption. But for those concerned with privacy, a VPN has a couple of additional benefits.

Continue Reading Below

First, they make your computer appear as if it's in a geographic location other than where you actually are. That's because you're logging into a server operated by the VPN provider and then running any web sessions from there, which means when cookies or Big Bad Government Agencies try and trace you from your web activities, they'll find the VPN provider's server, not you. Even better, just like you, hundreds or thousands of people will be doing the same thing off the same server.

That means you're sharing that location, which makes it even harder to pick your particular stream of encrypted gobbledygook out of the hundreds or thousands of other streams of encrypted gobbledygook pouring into and out of that same server farm at any given moment. That's the draw of a VPN: You get all those benefits just by installing a simple web service client on your device and making sure it's active before starting any other web or cloud session.

However, what if you wanted to have that privacy all the time at your home or office? Or what if you didn't want to install separate VPN clients on all your devices as well as all those being used by your family or small business co-workers? That's when you opt for installing a VPN client on your router. With a VPN client on your router, anyone using your local network to browse the web or access a cloud service will automatically be using the VPN as it'll be running 24x7.

More From PCmag

Back in the day, most routers supported a VPN client because businesses used them to connect different office sites to give their employees the feeling of being on a single network even though everyone at a remote location was actually connecting via the Internet. However, those VPN clients were usually proprietary, meaning each router maker built their own and they usually didn't work across brands. With the rise of cloud services, this use of VPNs, while still popular among business-class routers, became less important for consumer or small business routers. That's why many consumer and gaming routers don't offer VPN support anymore.

Numerous Possibilities

Today, while some routers support connecting to VPN services via OpenVPN or Point-to-Point Tunneling Protocol (PPTP), this feature is typically nonexistent or poorly implemented in the standard firmware of most low-cost routers. There are a few VPN routers out there being re-sold by third party vendors or the VPN providers themselves and those folks have taken on the task of installing their VPN client on the router's firmware. While that's great, you're probably happy with your current router and dropping the bucks for a whole new router just to get a VPN client might not be an attractive option. This leaves you to hunt for an alternative firmware that'll support either OpenVPN or your chosen VPN provider's client. The most popular of these is DD-WRT, though another option is Tomato if you have a Broadcom-based router. DD-WRT is the more mature of the two and works on many routers, both old and new. You can check to see if your particular router is supported here.

Alternatively, you can turn an old x86 PC into a router by adding an extra network port and then installing DD-WRT, though this does take a bit of additional work. If you've got the chops, though, this is a great way of building yourself a highly customizable and capable business-class router without the added cost.

Most folks, however, will stick to installing DD-WRT on their compatible router, which is not only what it's intended to do, but also a great way to update and expand your networking capabilities. The only downside of using your router this way is that you can void your warranty, or worse, render the router completely inoperable if things go very wrong. The best way to avoid this is to make sure your aiming to install DD-WRT on a router that's not only supported (check that link above), but has been supported for a good long while.

The longer your router's been supported, the smoother the firmware install will go since the development team will have had lots of time to smooth out any kinks. You should also find a support forum with users familiar with both your router and DD-WRT. Some router manufacturers have such forums off their support pages, but more often you'll find them in independent web locations, such as the main DD-WRT website (link above) or Reddit.

Once you've got those resources in place, here's how to get started upgrading your router. To write this article, I performed an upgrade on three routers. Two of them carried the Linksys brand, namely the LAPAC1200 AC1200 Dual Band Access Point and the WRT1200AC v2 . While the upgrade on the LAPAC1200 failed, probably due to the fact that it's not a full-fledged router, the process worked fine on the WRT1200AC. For grins, I decided to do another installation on an old, generic Windows PC that I outfitted with two gigabit network interface cards (NICs). That process also went fine, and while it's certainly bulkier than the WRT1200AC, it's still the faster of the two.

Accessing Your Router Configuration Page

Every router is a little bit different, but most Linksys routers follow a similar pattern when it comes to login and making changes to the configuration, and this process is very similiar to what you'll find on most other router brands, too. The first thing to do is figure out what your router's Internet Protocol (IP) address is. To do this on Microsoft Windows 10 , click the Start menu and type in Command Prompt and click Enter. Then type in ipconfig and click Enter again. You should see the same thing as in the screen shot below, though with different address numbers. Your router's IP address will be listed as the Default Gateway. Here, that's 192.168.13.1.

Next, open your browser and type in your router's IP address as the URL (http:\192.168.13.1). That'll get you to a login prompt for your router's administration console. If you've never changed the username and password for your router, then it will be one of the defaults on this page if it is from Linksys. If it's not Linksys, then just find your original installation instructions from when you first installed the router and the default credentials will be there. If that document is long gone, then head over to your router maker's website and find the instructions for setting your router back to factory defaults. The default credentials should be there, too. If that doesn't work, you'll need to call your router's support line and ask.

Once you get access to the router's administrator functions, you'll want to find the console that allows a firmware update. Generally, this will be found under the Administration tab. For specific instructions for Linisys routers, check here. Other router vendors will have similiar instructions available off their support pages.

Downloading and Installing DD-WRT

This step is arguably the most important piece since you can potentially "brick" (that is, render inoperable) your router if anything goes wrong. This could happen due to incompatiblity on the software side or simply because you suffer a power outage at a particularly critical step of the update process. I'm not trying to scare you off here, and the vast majority of DD-WRT installs run just fine, but the reality is that something bad could actually happen to the router, so please do exercise caution.

Navigate to this page and enter the model of your router. You'll get a list of potential candidates. Pick the one that matches your router's brand and model number, and then download the bin file.

Now, from the Firmware Update screen, upload the bin file and wait. If everything worked the way it should have, then you will have a router that's running DD0-WRT and is therefore compatible with OpenVPN. If things go south and your router decides that you aren't on speaking terms anymore, do not panic. That happened to me when I tried upgrading the Linksys LAPAC1200 Access Point. Just do what I did: Go to this page and follow the instructions exactly. With any luck, you'll get back to a good starting place to try again.

Once everything lights up the way it's supposed to, the default IP address of a new DD-WRT install is http://192.168.1.1. Again, enter that address into your PC's web browser as a URL, and you'll see a screen that prompts you to reset the default username and password. Afrer that step, you can move on to the basics of your new router's configuration process. For business users and those with more advanced network requirements, DD-WRT offers a lot of advanced possibilities here, so running through everything is beyond the scope of this article. But for most home and small business implementations, you will need to set the connection type for your wide area network (WAN), which really means your Internet provider. Generally speaking, this will usually be found under the Dynamic Host Configuration Protocol (DHCP), so if you aren't sure, that's a good place to start.

Setting Up the VPN Client

First get your router talking to the Internet on one side and your local area network on the other. Then set up any more advanced network settings you need, such as Quality of Service (QoS) or access controls. Only once the router is fully humming should you consider installing your VPN client.

To do that, you will need to navigate to the VPN tab under Services. From there, check the Enable Bubble next to "Start Open VPN Client." At this point, there is no single set of instructions to make this work. The settings will be completely unique to the VPN provider. However, there are ready-made instructions for setting up your VPN client on DD-WRT for several of PCMag's top VPN players. For example, NordVPN has DD-WRT setup instructions here, and Private Internet Access VPN has the same thing for its VPN here. Some VPN brands will want to install their own software, some will want to use OpenVPN. Just follow the instructions for your VPN brand, and you'll be right on track.

Checking Your Handiwork

DD-WRT has a nice Status tab with a VPN section that will show you if you're connected and everything worked as anticipated. If you want to go the extra mile, then you can check your IP by typing "What is my IP?" into Google. You should get something back that's different than what you started with since you'll be surfing to Google from your VPN vendor's server rather than your PC if your VPN is working properly. If that happens, great job! You can now browse the web with more anonymity on all of your connected devices.

This article originally appeared on PCMag.com.