{"id":53,"date":"2019-10-09T21:11:14","date_gmt":"2019-10-09T21:11:14","guid":{"rendered":"http:\/\/beyondgoodandevil.org\/?p=53"},"modified":"2019-10-09T21:11:14","modified_gmt":"2019-10-09T21:11:14","slug":"multi-connection-vpn-home-setup","status":"publish","type":"post","link":"https:\/\/beyondgoodandevil.org\/?p=53","title":{"rendered":"Multi-connection VPN home setup"},"content":{"rendered":"\n<p><em>This post helps set-up a VPN service on a home router such that different devices can use different VPN tunnels. This allows setups such as having gaming go through a local tunnel (or no tunnel), while having your streaming go through a tunnel leading to a different geography.<\/em><\/p>\n\n\n\n<p>I recently decided to start using a paid VPN service for my personal connectivity: mobile, home computing and streaming.<\/p>\n\n\n\n<p>I recently decided to start using a paid VPN service for my personal connectivity: mobile, home computing and streaming.<\/p>\n\n\n\n<p>VPN-s are great in providing you basic privacy and some anonymity, masking your IP, and allowing you to access geo-specific content. You can read more about VPN-s <a href=\"https:\/\/thewirecutter.com\/reviews\/what-is-a-vpn\/\">here<\/a>.<\/p>\n\n\n\n<p>After quickly enabling <a href=\"https:\/\/www.expressvpn.com\">ExpressVPN<\/a> on our family&#8217;s mobile devices, I went about installing it for our home network. While many VPN services offer up to N parallel connections at once (5 in ExpressVPN&#8217;s case, circa October 2019), I encountered two issues:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>We have >5 devices (several phones, personal and work laptops, streamers etc).<\/li><li>Some of our devices (read: Roku Streaming Stick) do not support a built-in VPN connection. <\/li><\/ul>\n\n\n\n<p>To handle these, I decided to install the VPN client on my home router instead of each local device.<br>During the process, a new requirement came in: different devices should connect to different VPN tunnels.<br>This is important since streaming services are insensitive to latency, whereas gaming and work-related remote connectivity is.<br>I therefore wanted to have both a US tunnel (for streaming) and a local one (for most of my other work).<\/p>\n\n\n\n<p>Multiple searches didn&#8217;t come up with a trivial way to do it that is easy for an inexperienced person &#8211; one that&#8217;s not regularly familiar with Linux, routing and towels. Moreover, while you can get routers with a pre-installed VPN service, these were much more expensive than stock routers <em>and<\/em> still do not support the multiple tunnels requirement.<\/p>\n\n\n\n<p>Therefore, I&#8217;m including a very short version here (you still have to work for it) of the setup I ended up with, and how to achieve it. Overall, this should take you less than an hour with the right router.<\/p>\n\n\n\n<p><strong>Step 1<\/strong>: Get an Asuswrt-Merlin compatible router<\/p>\n\n\n\n<p>Asuswrt-Merlin is a custom firmware for some Asus routers (read: it&#8217;s special software that makes the router more customizable). Any router on the <a href=\"https:\/\/github.com\/RMerl\/asuswrt-merlin\/wiki\/Supported-Devices\">supported devices list<\/a> should be fine.<\/p>\n\n\n\n<p>Due to personal preference, I was not initially enthusiastic about getting an Asus router (do not like their looks). After a lot of searching online, I ended up deciding this is the fastest, simplest path forward.<\/p>\n\n\n\n<p><strong>Step 2<\/strong>: Get a VPN subscription<\/p>\n\n\n\n<p>I chose to go with <a href=\"https:\/\/www.expressvpn.com\">ExpressVPN<\/a>. Now that I&#8217;m using the service for a few months, I can say their support is excellent, and the service is definitely worth a few extra dollars a month.<\/p>\n\n\n\n<p><strong>Step 3<\/strong>: Install Asuswrt-Merlin on your router<\/p>\n\n\n\n<p>First, download the firmware <a href=\"https:\/\/www.asuswrt-merlin.net\/download\">here<\/a>. Make sure to choose the latest release, not latest beta.<\/p>\n\n\n\n<p>Now, open your router&#8217;s administration console at <a href=\"http:\/\/router.asus.com\/\">http:\/\/router.asus.com<\/a>. If you haven&#8217;t changed the username\/password, it&#8217;ll be the default (typically admin\/admin).<br>Exact instructions to upload the new firmware are <a href=\"https:\/\/www.asus.com\/support\/FAQ\/1008000\/\">here<\/a>.<\/p>\n\n\n\n<p>When you&#8217;re done, you will need to connect to your router using its IP; that will typically be at http:\/\/192.168.50.1. <\/p>\n\n\n\n<p><strong>Step 4<\/strong>: Configure your VPN tunnels in the router<\/p>\n\n\n\n<p>In the router administration console, go to &#8216;Advanced Settings&#8217;, &#8216;VPN&#8217;, &#8216;VPN client&#8217;, &#8216;OpenVPN&#8217;. You have up to 5 configurable tunnels.<\/p>\n\n\n\n<p>For each tunnel you want to set up, just give it a name (the Description field), and choose &#8216;Automatic start at boot time&#8217;.<br>Finally, you&#8217;ll need an OpenVPN (*.ovpn) file with the actual VPN settings.<\/p>\n\n\n\n<p>If you went with ExpressVPN, log in to your account; choose &#8216;My account&#8217;, &#8216;Set up ExpressVPN&#8217;; &#8216;Router&#8217;; &#8216;Asus (including Merlin)&#8217;; &#8216;Configure OpenVPN&#8217;.<\/p>\n\n\n\n<p>Now, just copy the username and password (and place them in the router&#8217;s tunnel configuration; these are <strong>not<\/strong> the username and password you used to register with your provider; the VPN provider&#8217;s page you&#8217;re currently on will have these; copy them from that page).<\/p>\n\n\n\n<p>Next, select the exact VPN location you want for this tunnel; you will then download the relevant OpenVPN file, and that file can be uploaded to your router through the &#8216;Import .ovpn file&#8217; option in the screen you&#8217;re currently at.<\/p>\n\n\n\n<p>After you&#8217;re ready, change the &#8216;Service State&#8217; from Off to On. If it works, you&#8217;ll see a &#8216;Connected&#8217; note near it.<\/p>\n\n\n\n<p>Note: do not forget to click &#8216;Apply&#8217; when done <strong>on each screen<\/strong>, otherwise your settings may not get stored.<\/p>\n\n\n\n<p><strong>Step 5<\/strong>: choose the right tunnel for each device<\/p>\n\n\n\n<p>To associate a device with the right tunnel, simply go to the tunnel&#8217;s settings (same way you did in step 4).<\/p>\n\n\n\n<p>At the bottom of the screen, click &#8216;Source IP&#8217; and choose your device from the list. For &#8216;Iface&#8217; (interface), choose <em>VPN<\/em> if you want traffic from this device to go through this tunnel, or <em>WAN<\/em> if you do not want it to go through the tunnel.  No value is needed in the &#8216;Destination IP&#8217; field; just press the + button on the right when ready.<\/p>\n\n\n\n<p>Again, do not forget to apply the settings before leaving this screen.<\/p>\n\n\n\n<p><strong>Step 6<\/strong>: Testing<\/p>\n\n\n\n<p>For mobile devices, go to your VPN provider&#8217;s page and use their IP check. <a href=\"https:\/\/www.expressvpn.com\/what-is-my-ip\">This<\/a> is the one for ExpressVPN.<\/p>\n\n\n\n<p><strong>Step 7<\/strong>: Bender is great!<\/p>\n\n\n\n<p>Relax and enjoy your new setup.<\/p>\n\n\n\n<p>Cheers.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post helps set-up a VPN service on a home router such that different devices can use different VPN tunnels. This allows setups such as having gaming go through a local tunnel (or no tunnel), while having your streaming go through a tunnel leading to a different geography. I recently decided to start using a &hellip; <a href=\"https:\/\/beyondgoodandevil.org\/?p=53\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Multi-connection VPN home setup<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5],"tags":[9,11,13,14],"class_list":["post-53","post","type-post","status-publish","format-standard","hentry","category-privacy","category-technology","tag-merlin","tag-streaming","tag-vpn","tag-wirecutting"],"_links":{"self":[{"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=\/wp\/v2\/posts\/53","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=53"}],"version-history":[{"count":0,"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=\/wp\/v2\/posts\/53\/revisions"}],"wp:attachment":[{"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/beyondgoodandevil.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}