Disclaimer:
The information in this tutorial is true and complete to the best of my knowledge. All recommendations are made without guarantee. The author(me) disclaim any liability in connection with the use of this information.
Hi peoples :D
Today I thought I show how to create a router with a VPN connection.
For this we need not so much stuff. At first, who would have thought, we need a OpenWRT/LEDE compatible router. For the people who unfamiliar:
OpenWRT is a open source linux distribution which is based on linux and was created for mostly embedded systems like routers and NAS systems. The LEDE-Project is a relativ new fork from OpenWRT and is focused more on embedded devices than routers.
I would recommend to use not your primary router because it's possible to brick or misconfigure the device if wrong used.
To check if the router is compatible open and search for brand or model:
https://wiki.openwrt.org/toh/start
If the device isn't listed there is surely a way but the explanation needs another tutorial.
If the device shows up click the link on the right site under 'Device Page'. A the beginning of the loaded page should be a link to the firmware file which we want to download. In the case of the 'D-Link DIR-645' Router it should be:
https://downloads.openwrt.org/chaos_calmer/15.05.1/ramips/rt3883/openwrt-15.05.1-ramips-rt3883-dir-645-squashfs-factory.bin
After obtaining the "name_of_downloaded_firmware_file.bin" we have to flash it to the router somehow. Normally this process is as simple as click twice on a button in the configuration menu from your router.
Head over to the configuration menu of your device which you should access with just enter the IP-Adress of your router in the url strip from your favorite browser. In most cases 192.168.0.1 or 192.168.1.1 should do the job.
In the configuration interface head to the page where you can upgrade the firmware. In the case of the DIR-645 it should be:
Tools > Firmware > Firmware Upgrade
Click the upload-button and upload the previously obtained "name_of_downloaded_firmware_file.bin" and let the router let do his magic. Don't interrupt this process nor cut power. If so you could end with a brick... mostly not but the recovery process is sometimes really annoying and also needs another tutorial ;)
When the process is finished you have to connect to the device first over 'telnet'. Maybe I should have stated first that I don't use Windows so I can't really tell how to archive this there. I think you have to open the commandline and enter 'cmd' but U'm not sure also... you're surely here because you think about computer security. Think again. Windows and security is a contradiction in itself so ¯\(ツ)/¯
Under Linux/OSX just open a terminal and enter:
#>: telnet 192.168.1.1
You should be welcomed by the OpenWRT-Banner. Now at first a password should be set. This we could do with following command and entering the new password twice:
#:> passwd
After setting up a password we need to activate 'Luci' the LuA based web configuration tool which make things much easier(for noobs :P). This we archive with following commands:
#>: /etc/init.d/uhttpd enable ; /etc/init.d/uhttpd start
If theres a error that the file can't be found we have to install Luci manually but this shouldn't be the case but just for safety here the command for:
#>: opkg update ; opkg install luci
When finished we close the telnet session with:
#>: exit
Now we can head over the the web configuration luci. This is as easy as pasting the IP 192.168.1.1 to the url stripe from your favorite router like mentioned before :D There you've to enter the password you've setup before.
Now it's possible to change the network configuration to your own requirements. When finished head over to:
System > Software
There paste following package names in the "Download and install package:" form and hit the "OK" button:
ppp-mod-pptp kmod-nf-nathelper-extra luci-proto-ppp
When finished head over and click the button "Add new Interface":
Network > Interfaces
In the new page you have to give the interface a name. It's upon you but "VPN_TUN" is nice I think. As Protocol choose "PPtP" and hit "Submit".
There we only have to enter the connection data from our VPN provider... ha you thought so :D Here you'll get some free:
https://www.vpnbook.com/freevpn
Enter the date click save and go to "Advanced Settings". There look if "Bring up on boot" and "Use as default gateway" is checked. If not change that.
This was it. Now the router should be restarted and the VPN Tunnel should start automatically. It can be checked in Luci under:
Network > Interfaces
There should now be a new interface called "VPN_TUN" which should be connected.
Now head over to:
http://ipleak.net
The site now should show a different IP and DNS server address. Which implies the VPN tunnel is working.
Thanks four patience :D
If you've questions feel free to ask.