This post helps set-up a VPN service on a home router such that different devices can use different VPN tunnels. This allows setups such as having gaming go through a local tunnel (or no tunnel), while having your streaming go through a tunnel leading to a different geography.
I recently decided to start using a paid VPN service for my personal connectivity: mobile, home computing and streaming.
I recently decided to start using a paid VPN service for my personal connectivity: mobile, home computing and streaming.
VPN-s are great in providing you basic privacy and some anonymity, masking your IP, and allowing you to access geo-specific content. You can read more about VPN-s here.
After quickly enabling ExpressVPN on our family’s mobile devices, I went about installing it for our home network. While many VPN services offer up to N parallel connections at once (5 in ExpressVPN’s case, circa October 2019), I encountered two issues:
- We have >5 devices (several phones, personal and work laptops, streamers etc).
- Some of our devices (read: Roku Streaming Stick) do not support a built-in VPN connection.
To handle these, I decided to install the VPN client on my home router instead of each local device.
During the process, a new requirement came in: different devices should connect to different VPN tunnels.
This is important since streaming services are insensitive to latency, whereas gaming and work-related remote connectivity is.
I therefore wanted to have both a US tunnel (for streaming) and a local one (for most of my other work).
Multiple searches didn’t come up with a trivial way to do it that is easy for an inexperienced person – one that’s not regularly familiar with Linux, routing and towels. Moreover, while you can get routers with a pre-installed VPN service, these were much more expensive than stock routers and still do not support the multiple tunnels requirement.
Therefore, I’m including a very short version here (you still have to work for it) of the setup I ended up with, and how to achieve it. Overall, this should take you less than an hour with the right router.
Step 1: Get an Asuswrt-Merlin compatible router
Asuswrt-Merlin is a custom firmware for some Asus routers (read: it’s special software that makes the router more customizable). Any router on the supported devices list should be fine.
Due to personal preference, I was not initially enthusiastic about getting an Asus router (do not like their looks). After a lot of searching online, I ended up deciding this is the fastest, simplest path forward.
Step 2: Get a VPN subscription
I chose to go with ExpressVPN. Now that I’m using the service for a few months, I can say their support is excellent, and the service is definitely worth a few extra dollars a month.
Step 3: Install Asuswrt-Merlin on your router
First, download the firmware here. Make sure to choose the latest release, not latest beta.
Now, open your router’s administration console at http://router.asus.com. If you haven’t changed the username/password, it’ll be the default (typically admin/admin).
Exact instructions to upload the new firmware are here.
When you’re done, you will need to connect to your router using its IP; that will typically be at http://192.168.50.1.
Step 4: Configure your VPN tunnels in the router
In the router administration console, go to ‘Advanced Settings’, ‘VPN’, ‘VPN client’, ‘OpenVPN’. You have up to 5 configurable tunnels.
For each tunnel you want to set up, just give it a name (the Description field), and choose ‘Automatic start at boot time’.
Finally, you’ll need an OpenVPN (*.ovpn) file with the actual VPN settings.
If you went with ExpressVPN, log in to your account; choose ‘My account’, ‘Set up ExpressVPN’; ‘Router’; ‘Asus (including Merlin)’; ‘Configure OpenVPN’.
Now, just copy the username and password (and place them in the router’s tunnel configuration; these are not the username and password you used to register with your provider; the VPN provider’s page you’re currently on will have these; copy them from that page).
Next, select the exact VPN location you want for this tunnel; you will then download the relevant OpenVPN file, and that file can be uploaded to your router through the ‘Import .ovpn file’ option in the screen you’re currently at.
After you’re ready, change the ‘Service State’ from Off to On. If it works, you’ll see a ‘Connected’ note near it.
Note: do not forget to click ‘Apply’ when done on each screen, otherwise your settings may not get stored.
Step 5: choose the right tunnel for each device
To associate a device with the right tunnel, simply go to the tunnel’s settings (same way you did in step 4).
At the bottom of the screen, click ‘Source IP’ and choose your device from the list. For ‘Iface’ (interface), choose VPN if you want traffic from this device to go through this tunnel, or WAN if you do not want it to go through the tunnel. No value is needed in the ‘Destination IP’ field; just press the + button on the right when ready.
Again, do not forget to apply the settings before leaving this screen.
Step 6: Testing
For mobile devices, go to your VPN provider’s page and use their IP check. This is the one for ExpressVPN.
Step 7: Bender is great!
Relax and enjoy your new setup.
Cheers.