If you’re looking to encrypt all the traffic running through your internet connection, you may want to look into installing a VPN directly onto your router. While computers, phones, and tablets will often have the ability to install VPN apps or programs, other devices like set-top boxes and gaming consoles will not. In these cases, having your router configured to use a VPN may be the only way to encrypt that traffic.
Check this quick start guide to learn how to install a VPN on Linksys routers.
Why You Should Get A VPN
A virtual private network, or VPN, provides an extra layer of privacy and security when you use the internet. The VPN software on your end makes a private connection to the VPN company’s servers. All of your internet activity passes unseen through that connection before emerging onto the public network at the other end. As far as anyone on the outside can tell, your internet connection starts wherever the server happens to be – whether it’s in the next state or in another country altogether.
Privacy and Security
One way to understand it is to think of the internet as the postal service. Instead of dropping your self-addressed stamped envelope into a mailbox, you put it into another envelope addressed to the VPN service in another city. The VPN company will then deliver the mail to its intended recipient while hiding your identity as the original sender.
Anybody snooping in your mailbox will see you exchanging mail with the VPN service, and nobody else.
How People Use VPNs
It’s this level of privacy and security that makes VPNs attractive. People who travel can connect to public hotspots without worrying about their systems getting compromised. Americans living in other countries or on overseas military duty can use VPNs to access Netflix and other geo-fenced services.
A VPN-enabled router adds extra security by encrypting the internet data streams from all of the devices on your home network. That used to be just computers, tablets, and smartphones. Today, more and more of the devices in our homes need internet connections to deliver their enhanced services. Many of them, however, can’t run VPN software on their own. Loading a VPN onto your router extends its protection to every game smart thermostat, smart light bulb, and smart hub in your connected house.
You also get an extra level of privacy while on the web. The secure tunnels mask the internet activity of every device on your network from prying eyes. That doesn’t just mean hackers – internet service providers snoop into your internet traffic. They have been known to collect data about you and use your browsing activity to throttle streaming services like Netflix.
Getting Ready to Install a VPN on Linksys Routers
Before you can get things set up, there are some basic housekeeping items you need to take care of.
Naturally, you’ll need an account with IPVanish if you don’t have one already. Their convenient plans (month-to-month, quarterly, or annual) are reasonable and include a seven-day money-back guarantee. Besides supporting your router’s VPN connection, the IPVanish apps for computers and mobile devices will keep you safe and secure when you’re away from home.
You need to have the latest version of DD-WRT installed on your router. DD-WRT is a replacement for the firmware that shipped on your router from the factory. Networking enthusiasts created it to give home routers more of the features found in corporate-class networking hardware. Even though it’s an open source project, it has widespread industry support. In fact, the DD-WRT group and Linksys announced that they had worked together to make sure the DD-WRT firmware works on Linksys’ latest products.
If you don’t know the exact model number of your router, then check this page on the Linksys support site. Once you have the model number, search for your it in the DD-WRT router database. Follow their instructions to download and install the latest version.
A Few Words of Caution: Even with the cooperation between Linksys and DD-WRT, what you are about to do involves some risk. You are, in effect, replacing your router’s brains. If anything goes wrong, you could turn it into a useless chunk of plastic and circuits. If you aren’t comfortable with that, then stop now. Otherwise, proceed at your own risk.
Choose A Protocol
Tunneling protocols are the systems the VPN uses to make its secure connection to a server. Using the earlier postal service example, the protocols are the extra envelopes that carry your real mail to the VPN company and back, masking your communications. The two protocols IPVanish supports are OpenVPN, which is a little more difficult to set up, and the less secure PPTP.
Setting Up OpenVPN
Although the setup process is more involved, we recommend using OpenVPN. Its more robust security and ongoing open source development make it a better choice for most people.
Change Your Router’s Network Settings
Use your browser to log into the router’s DD-WRT administration system. This will be http://192.168.1.1 unless you changed the router address during the DD-WRT installation.
If you are using that default address, then it’s a good idea to change it to something different. Select the Setup/Basic Setup tab, enter your router login information, and make the following changes:
- Change your router’s address from 192.168.1.1 to 192.168.8.1
- Change the DNS settings to 198.18.0.1 and 22.214.171.124.
The DNS is the “phone book” your browser uses to look up internet addresses. Odds are the one that is in your browser was auto-populated from your internet service provider. Setting a new DNS, in combination with the VPN, helps block your ISP’s snooping.
The changes should look something like this:
Enable System Logging
Select the Services tab and enter your user name and password. Then scroll to the bottom and turn on System Logging by clicking on the “System Log – Enabled” option. This will record each change that you make during the process. If something does go wrong, and you have to contact IPVanish for support, the logs will give them a better idea of what happened – and a better chance of fixing things.
Nothing on this long screenshot changes except for the area marked with the red arrow:
Now click on the VPN tab up on the navigation bar. Select the “Start OpenVPN Client – Enabled” option to begin the configuration process. You need to be careful in the next few steps. Everything you enter must be correct or else your VPN may not (probably will not) work.
Before you go any further, decide which IPVanish server you want your VPN connection to go through. Selecting one that’s nearby could give you better performance. Selecting one in another country will let you bypass geofencing systems. Use this list of IPVanish servers to make your choice.
Now enter the following for each of the configuration steps:
- Server IP/Name – The example below uses phx-a20.ipvanish.com but you need to enter the specific IPVanish server host that you want your router connecting with.
- Port – 443
- Tunnel Protocol – TCP
- Tunnel Device – TUN
- Encryption Cypher – AES-256-CBC
- Hash Algorithm – SHA256
- nsCertType Verification – leave this one alone
- Advanced Options – select the “Enabled” option
Enabling the Advanced Options will bring up another level of detail for you to work through.
- TLS Cipher – leave this alone
- Use LZO Compression – select the “Adaptive” option
- NAT – select the “Enabled” option
- Firewall Protection – select the “Enable” option
- IP Address – leave this one alone
- Subnet Mask – leave this one alone
- Tunnel MTU Setting – don’t change this, leave it at 1500
- Tunnel UDP Fragment – leave this one alone
- Tunnel MSS-Fix/Fragment – leave this one alone (Disable)
- TLS Auth Key – leave this one alone
The “Additional Config” option requires a little more detail. Just copy and paste the following into the text box:
persist-key persist-tun persist-remote-ip keysize 256 remote-cert-tls server
The only other thing you need to enter is the CA Cert field. Fortunately, you can get that in this IPVanish text file. Just copy and paste everything into the CA Cert field.
When you’re done, the VPN page should look like this:
Better Safe Than Sorry
Go back through everything you’ve done and make sure it matches the screenshot exactly. The only exception is the IPVanish server name that you picked at the beginning. Triple check that you entered that correctly, then scroll to the bottom of the page and click on “Save”.
Reboot and Surf Safely
Now go to the Administration tab and select “Reboot Router”. It may only take a minute or two for your router to restart, but wait another five minutes or so for the changes to get set.
Use your browser to visit the IPVanish address checker. It should show the address of the IPVanish host server you assigned during the setup process.
Another way to check your connection to IPVanish requires logging back into the router (using the new local address you created) and checking the Status/OpenVPN tab. If the State section doesn’t say “CONNECTED SUCCESS”, then reboot your router one more time, wait, and try the address checker again.
Should something have gone wrong in the setup process, contact IPVanish support right away. This is where enabling your router’s logging system will help as you work through the problem.
Setting Up PPTP
A Microsoft-led industry group developed PPTP back in 1999. It got integrated into Windows and other operating systems, but it hasn’t aged well. So many security issues came up that Apple stopped supporting PPTP with its 2016 operating system updates.
OS support doesn’t matter for your Linksys router, but the security issues make PPTP a distant second choice. That’s why we recommend using OpenVPN. You may have specific reasons for using PPTP, however, so follow these steps to get it running on your Linksys router.
Choose a PPTP Server
Before you start, decide which IPVanish server you want the VPN to connect to. IPVanish gives you many options across the United States and around the world. Use nearby servers for better performance and international servers to by-pass geo-fencing. If you read the OpenVPN section, be aware that that the PPTP server list is different.
Configure PPTP Settings
Use your browser to access the router’s DD-WRT administration system. You might want to do a quick check by selecting the Status tab and the WAN sub-tab. If everything goes right, then the “Gateway” field should change once the PPTP connection is working. Write down the current address so you can compare it at the end.
Now select the Setup/Basic Setup tab. You’ll be prompted to enter your router’s login and password. Do that so you can make the following changes to your router’s settings:
Change the WAN Connection Type to PPTP and then change DHCP to “Yes”.
Now enter your preferred IPVanish server into the Gateway (PPTP Server) box. Add your IPVanish user name and password.
Set the Connection Strategy to “Keep Alive” with a redial period of 20 seconds, enable PPTP Encryption, and disable Packet Recording.
You can leave the Additional PPTP Option blank.
If you want to change your router’s local address and DNS lookup, this is the time to do it. Regardless of which tunneling protocol you use, changing your router’s default addresses adds that little extra layer of security.
The following screenshot gives you an idea of what the page should look like. Take the time to double check your work, keeping in mind that the server address, user name, password, and any changes you made to the router local address will be different.
Scroll to the bottom and select “Save”. Now you can reboot the router by going to the Administration tab, scrolling down to the bottom, and selecting “Reboot Router”.
Confirm the Changes
Give the router a few minutes to finish rebooting and then five minutes more for the changes to propagate through IPVanish’s system. Now log into the router, go to the Status tab, and select the WAN sub-tab.
The Gateway address should now be different from what it was before (circled in red in this screenshot):
Why A Router VPN Matters
Congratulations! You now have the IPVanish VPN running on your router. It seems daunting (especially if you went with the extra security of OpenVPN), but the results are worth it. When you install a VPN on Linksys routers, you give all of the internet-connected devices in your home that extra layer of security and privacy.