How to set up a dedicated VPN router with two routers ‘This tworial will teach you how to set up a dual-router configuration with a dedicated VPN router behind another router (the primar outer), This will work with any vpa-enabled router fiemwaze, including DD-WRT, ASUSWRT (including Merlin) and Tomato, ‘We'll be using what's known as LAN-to-WAN router cascading, where each router ison a separate subnet. ‘This isan incredibly popular home network setup because: + It gives you access VPN and Non-VPN connections ‘+ Switch devices tafrom the VPN. simply by switching networks + Connect devices like xbox, PS4, fire stick, or chromecast to 2 VPN ‘+ Adéed insulation of VPN network (double NAT = greater suri). Visualizing the setup two-router setup Below is a diagram of the home network structure we're going to create. Traffic is encrypted by the VPN router, and flows through the primary router to the modem/intemet, All devices connected tothe #2 (VPN) router will use the VPN tunnel. ll devices connected to the 41 (primary) router will use your normal internet connectionVPN Server The Internet Decrypt ai Request rom vPH server Eneypted VPN Tate Router #2 Router #1 (VPN Router) Router) What you'll need for this tutorial 1. A'VPN.Capable Router: You can use any router with a CPU that can handle VPN math, end has (or suppor's) VPN-capable router firmware like Tomato, DD-WRT, or ASUSWRT (our favorite) Here’s our guide tothe best VPN routers. 2. A 2nd router: This will be the primary router (non-VPN). Itcan be any mid-range router that ean comfortably handle the number of devices on your network. Mealy it should support AC wizeless (for faster speeds) but it doesn't need a fast CPU like the VPN router. 3. Rellable, Fast VPN Provider: Preferably one that supports the Open\VPN protocol. We highly recommend Private Intemet ‘Access, NordVPN of IPVanish for router usage, PLA bas 128-bit configs which allow for faster speeds, 4, Ethernet Cable: This will be used to connect your two routers, for the dual-router setup. I love these low profile ones,Part #1: Setup the primary router There's only minimal setup required on the main router, because it's not actually doing anything besides passing on the already-enerypled traffic fom the VPN router. You can use virtually any router inthe world as long as it supports “vpn-passthrough’ (which most modem routers do) Frequently people will use the router provided by their ISPyIntemet Provider as the primary router. Infact, some cable TV/internt providers (like Verizon Fios) require you to use thei router (or else your TV won't work properly). ‘The Steps 1. Check the router's submetigateway 2, Check/Enable VPN-Passtbrough 1. Check what subnet your router is on Each device (including routers) on your home network has a “Tocal’ IP addvess that identifies it's location on your home network, Usually, [IP addeesses will start with 192.168.x,y aad your router is the gateway, which is usually located at 192.168.x.1 2X" the subnet that your router is located on ‘We're going to need to put each router on a separate subnet so they don’t hand out the same IP address to different devices. To do tha, we fist have to check what the IP and subnet of your primary routers, The easiest way to do that (on Windows) is 1. Connect to your router's wireless network Run emd.exe from the start mem Type ‘ipconfig‘on the command line and hit ‘enter’ Look forthe line that says ‘Default Gateway. at's your router's IP ‘The second to lst set of numbers (192.168.X.1) isthe subnePareeeeey Pa Pere eens ise ene es eee er ‘Most consumer routers use 192.168. 1.1 as the default gateway if tha IP is available on your network, Don't worry if yours isn't, you don't need to change i, Just remember the IP address for later, 2, Enable VPN Passthrough Most routers have a seting to allowblock VPN traffic flowing though it I’ usually enabled by default, ut i's worth checking. To do this, you need fo log into your router's control panel by typing it's local IP address into your web browser (eg. 192.168.1.1) ‘You can usually find the relevant setting under Firewall or NAT settings. Below is the VPN-passthrough settings in DD-WRT fimmwareoleh met hd ‘Virtual Private network (VPM) ven passthrough And ASUS’s ASUSWRT Firmware:pees DUE ued @- Coag Ce ee OT ae ee ae ag ee Cee Cord eon Pree eee = fe oP Paso coor eng Georg Thats it, your primary router is now properly configured Part #2: Set up the VPN Router In this section, we'll change the subnet of the VPN router so that it doesnt overlap with the primary router. We also need enable DHCP so the VPN router hands out IP addresses to devices that connect to it And Finally, you'll need to it ‘you haven't already. ‘Steps 1. Change the router subnet 2. Enable DHCP3. Specify DNS Servers 4, Connect VPN router to Primary outer 5. Test your setup 6. Configure VPN Connection (if you havea’t already) 1. Change VPN router’s subnet 1, Make sure your VPN router is powered on. It doesn't need to be connected tothe intemet, and should NOT be connected to your primary roster via ethernet cable yet 2, Connect to your VPN router's wifi network (orrun an ethemet cable from your computer tothe router) 5. Log into the router's control pane (type the router's IP into your browser window and hit enter. If your not sure what iis, use Peonfig as in part #1 above). 4, Find the router's IP address settings (often in LAN or basic setup) 5, Change the router toa diferent subnet than the primary router (80 192.168.2.1 if primary router is 192.168.1.1) For DD-WRT: Go to; Setup > Basie Setup > Network Setup (section) > Router IP [And i the router's IP and subnet matches that ofthe primary router, change it: etwork setup Suet Hose talons For ASUSWRTYASUS Routers: Go to: Advanced Setings > LAN > LAN IPPe age meee oe Ce Cee ‘You can make the subnet anything you want as long as i's 25 or less. In gener remember it fr fuure router pane! logins pick smaller umber (2 or 3) so you can easily 2.3, Enable DHCP and specify DNS ‘We need to enable DHCP so your router cen hand out IP addresses tall your other connected devices onthe same subnet, We'll also ‘manually specify a DNS server as a troubleshooting step justin ease your VPN provider doesn’t have their own, DIICP and DNS setings can usualy be found near each other, and probably inthe same sereen where you just specified your router's IP address ‘Which DNS To use: If your VPN provider has i’s own DNS servers, you can get its IP addresses from their supporthelp documeatation and use that in this step: Otherwise, you ean use any public DNS provider like FreeDNS, GoogleDNS, or ComodoDNS. In our example we used GoogleDNS. + GoogleDNS: 888.8 & 8844 + ComodoDNS: §.26,56.26 & 8,20.247.20 + OpenDNS: 208.567.222.222 & 208,67.220.220 Don't worry if your router firmware only allows one DNS server (like ASUSWRT) that should be fineDDWRT: set Subnet Network Address Server Settings (DNC) ‘Chent Lease Time |__ seo) minutes ee Itt fons sense ao DUC nd pct ONS so th ge) ASUSWRT:Ce ear De ee ee ee ee ee server can assign each cent an IP address and informa the lent of he of ONS server IP and default gateway IP. RT ACSBU eee Cy Sr) 4. Connect the VPN router to the Primary router Now that your router settings are properly configured, we need physically connect the two routers via and Ethernet cable, It's important 9 ‘make sure you plug each end into the correct port though! Pug the ethemet cable into each router a follows: + Primary Router: Any open LAN port ‘+ VPN Router: WAN Port (where you'd usually connect the modem)PCa cig Note: The WAN port of the primary router should be connected to your modem (or however you get internet access), 5. Test the Two-Router setup Make sure both routers are powered on and the ethernet cables or connected tothe correct ports: VPN WAN > Primary LAN and Primary WAN > Modem. 1. Connect wii network of your VPN router 2. Try to open any web page in your browser the website loads properly, con don't already bave a VPN connec ratulations! You now have a properly configured two-router setup with a dedicated VPN route. Ifyou mn configured on your route, continue to part #3 to learn hove‘Troubleshooting: Ityou don’t have internet connectivity right away, here are @ couple things o try (on Windows machines): 1, Disable the VPN on your VPN router (to make sure that’s not the issue) 2, Doublecheck you have a valid DNS server configured 3, Open CMD exe and run IPeonfig to make sure your computer hasan IP assigned on the VPN router's subnet (if not, your DHCP server isn’t working correctly), ‘Ty flushing your computer's DNS: 1, Open CMD.exe 2. Type IPConfig/FlushDNS and press Enter 3. Type IPConfig/RegisterDNS and press Enter 4 5 Type IPConfigirelease and press Enter Type IPConfig/Renew and press Enter 5. Ifyou still get a DNS ertor, manually specify a DNS server in your TCPAP settings 6, Reboot the router Part #3: Set up the VPN connection Ifyou haven't already done so, you need to configure your 2nd router to create a full-time VPN connection, The exact method depends on the router firmware you're running. ‘Currently there are 3 main router firmwares that can connect to 8 VPN, Here are the OpenVPN client setup instructions for each: You can also use a PPTP or L2TP/PSec VPN connection ifyou prefer (or if your router doesn't support OpenVPN). Setup guides are usually available from your VPN provider's knowledgebase Ifyou don’t have VPN yet, we recommend IPVanishor Private Internet Acces, They ae both fast and stable when run on a VPN-enabled A few extra tips: ‘Statie Routes: Because each route is oni’s own sulbet, devices: devices on the VPN router can connect to some devices on the ys Separate subnets may not be able to find each other. In my experience, ary router (e printer for example) but not vice-versa. IFyou need devicesto talk to each other between networks, you'll need to build static out networks, The details ofthis ae rather complicated, but , where you basically build a map or a path for adeviee between are tutorials for asset and dwt to get you started. ‘Speed: If you've never sun a VPN on your router before, prepare for some speed loss. Tis is doubly true if your outer has a single-core CPU or you're using 256-bit AES encryption. The complex math behind VPN encryption quickly overwhelms the CPU on even high-end routers, 80 you'll need to lean to be happy with 15-35mbps. If you need more bandwidth, you'll have o zun the VPN on yout PC instead ‘That’ it I really hope you enjoyed this tutorial! IFyou sill have any issues or questions, please make sure to leave a comment below. And don't forget to fllow us (@vpnuniversity for the latest tutorials, reviews, and VPN deals. \We'd love your feedback on immersive Reader. idl content appear properly on this webpage? CQ