Set up a VPN that operates at the level of my DSL modem or main router, so that the tunnel serves my entire LAN

I do not currently have a VPN service, but I am looking in to one to get around some site blocks that my ISP has.

But I want to set up a VPN that operates at the level of my DSL modem or main router, so that the tunnel serves my entire LAN.

I imagine that I would configure my DSL modem or wireless router to use the VPN's tunnel. Thus, every device on my local net would simply see the desired VPN net natively... Without needing any VPN configuration on its own.

What is a good, basic, common way to get this done? I am not an expert, and I have mostly heard about VPNs that work at the level of a computer, not the whole net. But I have to believe that this "my whole LAN" method is commonly needed. How is it done?

estephan500

Posted 2013-01-21T11:30:26.620

Reputation: 149

Answers

It certainly is possible to connect to a VPN at the router and have your whole LAN tunneled through it without having to do any special configuration on the client devices.

If your router doesn't already have OpenVPN client support, it may support third-party firmwares like DD-WRT and Tomato. Both of those have built-in OpenVPN client support, and my VPN provider (Private Internet Access) has guides for configuring both DD-WRT and Tomato to connect to their VPN.

I believe you can even buy pre-configured routers that already have the firmware installed and configured, if you don't feel like setting it up yourself.

Matt

Posted 2013-01-21T11:30:26.620

Reputation: 171

I recently had to tackle the same thing and found great success using pfSense. pfSense is a freely available firewall product that can be easily installed into a virtual machine or any old PC you might have floating around. I chose to purchase an old Watchgaurd Firebox appliance and install it on that. Besides being a great firewall, pfSense has a VPN "package" built in and a very friendly web interface. It took me about 30 minutes to install it on the appliance and set it up as a DNS server, DHCP server, and VPN endpoint. Once complete, I had access to my entire network.

On a side note, I also use LogMeIn.Com. Their free product may be installed on any number of PCs or Macs and gives you direct access to those machines from anywhere on the planet.

Fred Lackey

Posted 2013-01-21T11:30:26.620

Reputation: 237

Also, Fred lackey, you mentioned that it has built in "package" for connecting to VPN. But I am guessing that does not include the actual VPN "service" that you would connect to? So for this part would I just plug in e coordinates for, for instance, a commercial VPN subscription service? – estephan500 – 2013-01-23T00:29:03.047

And question 2 ... Lets say Installed pfSense on a spare laptop. Clearly the Ethernet from my dsl modem would go straight to the pfSense machine. But then how would that machine send "out" the Internet signal for me to then send to my wifi router? I am sure I am being silly in my crude understanding. Thanks much for the help! – estephan500 – 2013-01-23T00:33:26.400

There are hardware devices that can perform a site-to-site VPN, such as a Sonicwall or Cisco ASA. You'd have to shell out a few hundred though, and the Cisco won't be easy to configure if you don't have experience with it.

Bigbio2002

Posted 2013-01-21T11:30:26.620

Reputation: 3 804

Thanks ... so actually doing it by making configurations to direct a regular router or modem to a vpn is not really possible? – estephan500 – 2013-01-22T09:34:13.317