cancel
Showing results for 
Show  only  | would you rather see results for 
Did you mean: 
Need help?

3rd party VPN enabled router with TT

Reply
10 REPLIES 10
Highlighted
Chatterbox

Hi all, hoping for some help with this.

I share a NBC subscription with a relative in the US and use a VPN on devices to access content. I would rather have the VPN on the router instead. Wondered if any other members had done this.

I am looking for help with suggestions for a suitable router choice for use with fibre TT.

I currently use Nord VPN and think this would be ok or not?

How difficult is this to set up?

 

Thanks and regards in hope of guidance

Neil

 

Highlighted
Whizz Kid

Key things

  • VDSL2 modem
  • Open VPN Client  support is what is needed. 

 

 

Take a look at Asus VDSL routers, for example:

https://www.asus.com/uk/Networking/DSLAC68U/ 

 

the setup process is straight forward:

 

https://support.nordvpn.com/Connectivity/Router/1047410562/How-to-configure-your-Asus-router-running... 

 

 

Highlighted
Chatterbox

Thanks for the reply Speedy,

I have been on Nord VPN website and these are the routers they recommend 

Asus RT-N18U, Asus RT-AC66U, Asus RT-AC68U, Asus RT-AC87U, Asus RT-AC3200

All have RT in their model. I take it that these are no longer supported and I need a DSL model as you suggest.

 

Thanks again Neil

Highlighted
Whizz Kid

The RT models are for cable/ fibre  WAN provided over ethernet. 

 

DSL-AC models are the ones to investigate

 

https://www.asus.com/uk/Networking/xDSL-Modem-Routers-Products/

 

 

Highlighted
Chatterbox

Thanks again Speedy, please correct me if I am wrong but was thinking that it would be easier to keep the existing dlink dsl3782 and connect an asus router to it via ethernet setting this up with the VPN. 

 

This would hopefully let me connect wirelessly to the asus to access US content and the dsl 3782 for UK content.

 

Maybe I am not understanding the models correctly and what I am suggesting won't work.

 

Your input is much appreciated 

Neil

Highlighted
Whizz Kid

yes your scenario works.  

 

Internet <>Talktalk router <> VPN router   

  • connect the VPN router to the existing TalkTalk router via ethernet.
  • place the VPN router into the DMZ 

 

you can  purchase any wireless router with VPN client support, such as the RT routers from Asus. 

 

example:

 

talktalk router (UK) 192.168.1.1 

  • DMZ : set the IP address  of the vpn router. 

 

VPN router (US).  192.168.10.1

 

any clients connecting to the VPN router will get a 192.168.10.x IP, all traffic tunnelled through the VPN. 

 

 

 

 

 

Highlighted
Chatterbox

Ah Great thanks for the explanation of the connections, Speedy I really appreciate it.

Think that might be the way to go, avoiding connecting devices to the VPN router that don't need to.

 

Thanks again for bearing with me,

 

Regards Neil

Highlighted
Insightful One

@speedygonzalezsorry to butt in.  Just to mention in addition to excellent advice @Enjay1999  would be wise  to turn-off/disable the WifI on the TalkTalk Router.

Highlighted
Chatterbox

Thanks for that Birchcroft but when I have thought about it I would still need a connection for UK based services so rather than turning VPN on and off think it would be better with 2 connections 1 with US VPN and the other with UK. 

Connecting devices dependant on their use.

Highlighted
Whizz Kid

@Enjay1999 

 

In our discussion, the current solution requires you to run 2 routers .  This works, but is messy as you end up with duplicated services, just to allow a few devices to use a VPN connection instead of the WAN.

 

I have been thinking a bit more on your question and its made me look at my own network setup, at present I connect to VPN using a VPN client on each device.  What  I would want, is one WIFI router to do it all.  

 

After a research features on my Wifi Router, I found, what to me looks like a simpler and a more elegant solution.  This may be of help to others...I just want to do this for FIreTV, Wired (UK) and Wireless (US).  

 

 What is to needed is 'Policy Based Routing' functionality on the Router.  The Router manages which interface the traffic is routed too, WAN or VPN , based rules (policies) you specify.

 

Source IP *(device) ------> Destination Interface (WAN or VPN)

* static /reserved  IP address should be used.

 

With this setup you can do everything on the new router :

  • DHCP, DNS, Firewall
  • Set static address for devices to use VPN
  • VPN Client  with Policy Based Routing
  • LAN / WiFi

All you need to do on the TalkTalk router :   

  • Set the new routers IP in the DMZ
  • Disable DHCP and WIFI.
  • Disable or set firewall to low

I tested this out on a Synology MR2200ac router,  took less than 10 minutes to get this working. 

 

1. Downloaded a Nordvpn .opvn profile for  US server.

2. On the Synology:

  • Local Network: Added 2 clients as Reserved IP (static)
  • Internet Connection: Setup the VPN, NordVPN account credentials and uploaded the .opvn file. Set advanced settings to allow other devices to use the connection
  • Smart WAN: setup the VPN as the 2nd connection
  • Policy Route:  map IP Address to interface  

Setup Policy route.jpg

Policy Route.jpg

 

Allows adding whole network, 192.168.1.0/24 to cover WAN devices.

Add specific devices IP  for VPN.

 

It took less than 10 minutes to setup. Works fine,  clients connected to the Synology over WIFI, one on WAN (UK)  and other to VPN (US).   

 

This should work with any router with Policy Based Routing.  Asus Routers with AsusWRT or MerlinWRT support this, sure there are others.

 

Had I not looked at your question would never of worked this out!

 

 

Highlighted
Chatterbox

Thanks for the insight on that Speedy.

Going to get an Asus router and try connecting to the TT router leaving that as is at first to see how it goes. 

If I encounter any problems will try your updated method.

 

Regards