encryption, linux, networking, security, ubuntu, vpn

Adding a VPN Router to the network

The topology for the handling of downloads of stuff via a vpn previously involved a vpn client directly on rosemary. The problem with this was that sometimes the vpn would fail – it would get disconnected from the remote end. If I didn’t realize this, and started a download, it would be in the clear.

I thought a better solution was to have a separate router (herein the “vpn” router) between rosemary and the external router, and to have that router establish a constant vpn through it’s wan interface, through the external router. Everything that connected to a lan port on the vpn router would be protected. Rosemary would then use the vpn router as its path to the internet. Everything that rosemary sends or receives from the internet would come exclusively through the vpn router.

I have my old netgear router (“pointrock”) as the “external” router, i.e. with the comcast connection on its wan side, and on its lan side various IOT things, the VoIP TA, and the “internal” router. The external router’s radio was putting out an SSID (“pointrock”) which was used for guests and the IOT stuff.

The internal router (“obelisk”) was a chinese openwrt router (the brand name is ZBT I think). It had a radio also, but previously I did not use it’s radio. I had always had an internal access point on the internal network, and I exclusively used its radio (“percival”), so the one on the internal router was wasted.

I bought a new Ubiquiti EdgeRouter, without a radio, and interchanged that with the ZBT router, so that it became the new internal router (“promontory”). Then I was free to use the ZBT router, with its radio, as my new vpn router. In that way its wireless would also be vpn protected. So inside the house I would have the “external” SSID (“pointrock”) for guests and IOT stuff, the “internal” SSID (“percival”) for things that need access to the internal computers, and the “vpn” SSID (“obelisk”) coming off the ZBT router, which would provide a vpn protected access to the net.

Then I set the ZBT Router up with openvpn. I have a separate article about that. Once that was working, I disconnected Rosemary from the external router, plugged it in to the VPN router, and shut off its vpn client.

The network now: