If you’ve ever shopped at Best Buy, you’ve probably walked into the Geek Squad store at some point and asked for help with setting up your new devices. Chances are you’ll be asked to connect them to the Internet, and since your new devices are probably packed away, you have to make sure they’re set up properly before you leave the store.
If you’re lucky, you’ll have a Best Buy employee walk you through the process of installing a VPN on one of their supported products. While that might seem convenient, it can also mean you’re walking into a bit of a trap. Let’s take a look at how to install a VPN on Linksys WRT 1900 so that you can connect to the Internet securely and privately once you return home.
Find The Right Device
If you’re planning on setting up a VPN on your Linksys WRT 1900, the first step is to find the right device. The right device will depend on your needs and the type of software you’d like to use. If you decide to use OpenVPN, for example, you might want to look into the VPN router provided by AnchorFree. You’ll also need to find a VPN service that supports your chosen product. Most VPN services offer a free version that you can test out before you make a commitment.
Buy A VPN Tunnel Blocking Device (TBD)
One of the first things you’ll want to do once you’ve found the right device is to buy a VPN tunnel blocking device (TBD). If you have a specific VPN service in mind, you might want to consider buying their dedicated VPN product. These devices are designed to block all incoming and outgoing traffic apart from what your chosen VPN services allows.
Install The Software
Once you have a TBD, you can move on to the next step and install the VPN software on your device. You can either use the binary provided by your VPN service or download the OpenVPN GUI interface and follow the on-screen instructions. Some software packages, such as openvpn, are fairly straightforward to install and will only take a few minutes of your time. Other software, such as PureVPN’s VPN client, is more complex and requires a bit of setup before you can use it.
Create User Accounts
If you decide to use PureVPN’s VPN client, you’ll first need to create user accounts for each person who will connect to the VPN. You can do this by going to the Users tab and clicking the New User button. Give each account a simple name and a secure password. If you plan on using the VPN often, you might also want to consider creating an account for your laptop or desktop computer. Remember to enable two-factor authentication (2FA) for these accounts. Once you’ve created your accounts, you can move on to the next step.
Assign The VPN To Specific Network Interfaces
Assigning the VPN to specific network interfaces can be useful if you have more than one Internet connection. If you have a home Internet connection and a mobile Internet connection, you might want to consider assigning the VPN to the WIFI interface on your home router. Your mobile device can then connect to the VPN when you’re at home or at work. Once you’ve done that, you can use the VPN at work as well. While you’re there, you might as well use the other Internet connection for browsing or other productivity tasks. The downside to this approach is that each network interface must have a different IP address. If you want to connect to the VPN from your laptop or desktop computer, you’ll have to configure the TCP/IP settings on a per-network interface basis. This can be a time-consuming process.
Configure SSH Public Key Authentication (PKA)
If you decide to use SSH public key authentication (PKA), you’ll need to configure it on a per-network interface basis. Configuring PKA on a per-user basis is also an option, but that can get a bit tricky. If you decide to use SSH PKA, you’ll need to generate public/private key pairs for each user. You can use the keys that Git uses by default or download a PEM-formatted file from the OpenSSH website and use that. The downside to this approach is that you’ll have to remember to generate and distribute the keys to each user. It’s also one more thing for you to keep track of. The advantage is that it’s much simpler and there’s no risk of a user gaining access to your account if they lose their private key.
Securely Store Your Private Key
If you decide to use either of the two previous items, you’ll need to securely store your private key. In the case of the two-factor authentication item, you’ll need to protect the two codes that you’ll need to provide to verify your identity. The advantage of storing your private key on a device such as a TOTP watch is that it’ll be easier to secure the private key against cyberattacks, such as malware or rogue apps. The downside is that you’ll need to keep track of a phone number or other ID that can be used to confirm your identity. This makes it easier for an attacker to impersonate you. If you do lose your private key, you’ll have to take the extra step of generating a new one. This will require you to input a new code each time you log in.
Set A Static Ip Address
If you decide to use either of the two previous items, you’ll need to set a static IP address for your VPN interface. If you have multiple VPNs enabled, you might want to use a different subnet for each one. For example, if you have VPN1 set to use the 10.0.0.0/8 subnet and VPN2 set to use the 192.168.0.0/16 subnet, you’ll need to ensure that all traffic for both VPNs is directed to the correct address. You can either use the IP addresses that your VPN services provides or use the Dynamic DNS tool to assign your own address. The advantage of setting a static IP address for your VPN interface is that it makes it much easier to connect to the VPN from a different location or computer. Changing your IP address each time you reconnect can cause issues with your other devices that depend on the Internet for connections. If you do lose your static IP address, you can set a new one with no problems. Just be sure to update your devices with the new IP address before reconnecting.
Restrict Access To Specific IP Addresses
If you decide to use either of the two previous items, you’ll need to restrict access to your VPN interface to specific IP addresses. This can be useful if you have access to only a select group of IP addresses or if you have IPv6 addresses that you don’t want to allow outside connections to. The downside is that this will make it more difficult for legitimate users to connect to the VPN. If you do allow outside connections to a specific IP address, make sure that the address is in the correct subnet. Setting an address in the 0.0.0.0/0 subnet will prevent all connections from being routed to it. The advantage of restricting access to a specific IP address is that it makes it much harder for an attacker to misuse your VPN. If you lose access to a specific IP address, you’ll have to regenerate a new one in order to regain access to the VPN. Just remember to update your devices with the new IP address before reconnecting.
Use A Custom Port For The VPN
If you decide to use either of the two previous items, you’ll need to use a custom port for the VPN. If you decide to use OpenVPN, you’ll need to use a port greater than 1024 for the VPN. If you have a specific reason for using a custom port, be sure to use a unique one for each connection. If you have a specific port in mind, just use that instead of the default port (443) for OpenVPN. The advantage of using a custom port is that it makes it harder for an attacker to misuse your VPN. If you lose access to the VPN, you’ll have to search for and restore a different port. Just remember to update your devices with the new port before reconnecting.