VPN in an Apple household (help)

[sleepydinosaur]

My current network is as follows: Airport Express (2nd Gen) to cable modem. LAN port on AEX to AppleTV and wireless for another ATV, 2 iPhones and 1 Android Phone.

I want: Since ISP's can now sell our browsing history off I want to protect against that. All my googling leads me to needing a new/2nd router to connect to a VPN. It was suggested to keep the AEX and insert a router between it and the modem and then config the 2nd router for VPN.

If this is correct, then what inexpensive router can I get? I'm not spending $200 on a router, that's ridiculous.

Is there another way to attack this?

 

[belvdr]

You need to utilize a private VPN service. I know of one called Private Internet Access (funny acronym of PIA) that I've used in the past. That said, each system would need to login to VPN separately. I don't think I've ever tried using a router to utilize a site-to-site VPN with something like PIA.

 

[sleepydinosaur]

If you're wanting to protect the browsing from your internal network out, then you don't need another router. That would provide VPN service into your internal network from the Internet.

You need to utilize a private VPN service. I know of one called Private Internet Access (funny acronym of PIA) that I've used in the past.

I have already singed up with them. Hardware though must access them or its not going to work. My question is regarding hardware.

 

[belvdr]

I have already singed up with them. Hardware though must access them or its not going to work. My question is regarding hardware.

Yes, sorry, I misread your question. I edited my post. However, if you want a router to do something like this, $200 is fairly inexpensive.

 

[sleepydinosaur]

Yes, sorry, I misread your question. I edited my post. However, if you want a router to do something like this, $200 is fairly inexpensive.

I doubt I'd spend that kind of money, especially since brands like NetGear are famous for never patching holes and such. maybe I will have to attack things a different way....

 

[belvdr]

I doubt I'd spend that kind of money, especially since brands like NetGear are famous for never patching holes and such. maybe I will have to attack things a different way....

From what I'm reading on this, you would be replacing the stock firmware with Tomato or DD-WRT, so the patches come from them, not the manufacturer. It is expensive for home use, but to get those features, you need more powerful hardware.

Do you have something like a Mac Mini (or other hardware you may have lying around) to use pfSense to accomplish this:

https://www.privateinternetaccess.com/pages/client-support/pfsense

 

[sleepydinosaur]

Unfortunately, no computers in my house these days. An AppleTV and some phones and thats it

 

[kiwipeso1]

I doubt I'd spend that kind of money, especially since brands like NetGear are famous for never patching holes and such. maybe I will have to attack things a different way....

Get an ASUS router, they have WRT pre-installed with VPN client built in and anti-virus.
Then all you do is configure the VPN client on the router to connect with your VPN, and bingo, everything on the LAN is using the VPN connection for the internet WAN.
Simple as that.

(Edit) : the Asus routers also have an iOS app for easy configuration of the router, along with a webpage configuration tool.
And yes, they are updated very frequently.

 

[belvdr]

Get an ASUS router, they have WRT pre-installed with VPN client built in and anti-virus.
Then all you do is configure the VPN client on the router to connect with your VPN, and bingo, everything on the LAN is using the VPN connection for the internet WAN.
Simple as that.

(Edit) : the Asus routers also have an iOS app for easy configuration of the router, along with a webpage configuration tool.
And yes, they are updated very frequently.

Correct, we already discussed that but the OP does not want to spend that much money on a router. I'm unable to find a more affordable alternative. If you go too cheap on the hardware, it might be underpowered and cause the Internet to be too slow. You pay a price for encryption.

Once you apply WRT, then the stock app no longer works, correct?

 

[Weaselboy]

Once you apply WRT, then the stock app no longer works, correct?

No... WRT is the default Asus firmware and it includes VPN support.

https://www.asus.com/ASUSWRT/

 

[kiwipeso1]

Correct, we already discussed that but the OP does not want to spend that much money on a router. I'm unable to find a more affordable alternative. If you go too cheap on the hardware, it might be underpowered and cause the Internet to be too slow. You pay a price for encryption.

Once you apply WRT, then the stock app no longer works, correct?

I did not specify exactly which Asus router, so it depends entirely on what the budget is.
However, given the exchange rate compared to US$, you should be able to find at least a couple of older Asus models with wifi AC in the price bracket of under US$200 given the low sales tax rates in some states of the USA.
(And no, before you ask, NZ or Aus is never cheaper than the USA for electronics.)

To clarify as @Weaselboy did already, all Asus routers use WRT as the software already. That software is updated every few weeks to several weeks, along with built-in plugins for trend micro anti-virus, 4g/3g dongles / phone tethering, VPN client and server (server only needs a fixed ip address), QOS, sharing and download manager for hard drives.

 

[chiefsilverback]

I just ordered a Sabai Technology router. They offer a range of routers that are pre-configured with their OS based on the DD-WRT firmware. Now I need to choose a VPN service and then I want to understand if it's possible to configure our iOS devices to automatically toggle between VPN and not VPN based on the network they're connected to?

If my home LAN is protected by a VPN then I don't need my phones to be establish a 'tunnel through the tunnel' when I'm at home, but once they disconnect from my home network I want the tunnel in place. Make sense?

 

[sleepydinosaur]

Get an ASUS router, they have WRT pre-installed with VPN client built in and anti-virus.
Then all you do is configure the VPN client on the router to connect with your VPN, and bingo, everything on the LAN is using the VPN connection for the internet WAN.
Simple as that.

(Edit) : the Asus routers also have an iOS app for easy configuration of the router, along with a webpage configuration tool.
And yes, they are updated very frequently.

Since the ATV's are the only devices using the router other than phones, I decided to lock the phones down individually with PIA's iOS app. The ATV runs free.

 

[Longer Lane]

Use a Raspberry Pi. Will cost you $60-80. Plenty of instructions on the internet.
Here is one. Here another. Even the BBC has detailed instructions.

 

[Longer Lane]

My current network is as follows: Airport Express (2nd Gen) to cable modem. LAN port on AEX to AppleTV and wireless for another ATV, 2 iPhones and 1 Android Phone.

I want: Since ISP's can now sell our browsing history off I want to protect against that. All my googling leads me to needing a new/2nd router to connect to a VPN. It was suggested to keep the AEX and insert a router between it and the modem and then config the 2nd router for VPN.

If this is correct, then what inexpensive router can I get? I'm not spending $200 on a router, that's ridiculous.

Is there another way to attack this?

You might want to check this solution out.

 

[kiwipeso1]

I just ordered a Sabai Technology router. They offer a range of routers that are pre-configured with their OS based on the DD-WRT firmware. Now I need to choose a VPN service and then I want to understand if it's possible to configure our iOS devices to automatically toggle between VPN and not VPN based on the network they're connected to?

If my home LAN is protected by a VPN then I don't need my phones to be establish a 'tunnel through the tunnel' when I'm at home, but once they disconnect from my home network I want the tunnel in place. Make sense?

Just connect from the home router to the VPN service for while you are at home. Don't directly put your devices to the VPN service unless you only have one device.
Then setup the router to have a VPN server to connect to from other networks like a café free wifi.
That will then allow you to just have VPN connections when you need them away from home, and a permanent VPN at home.

You may find Private Internet Access to be the best service that doesn't log traffic, is unlimited & allows for payment by bitcoin.
[doublepost=1491185175][/doublepost]

You might want to check this solution out.

TOR, otherwise known as "how to advertise yourself to the NSA & CIA for no extra security", is long known as insecure.
TOR just doesn't work reliably for anything other than painting a large target on your IP address.
The TOR network is not designed to be secure for critical usage, and is reliant on antiquated NSA approved "standard cryptography" which is demonstrably broken.

Do yourself a favour, never use TOR if you value your privacy.

 

[chiefsilverback]

Just connect from the home router to the VPN service for while you are at home. Don't directly put your devices to the VPN service unless you only have one device.
Then setup the router to have a VPN server to connect to from other networks like a café free wifi.
That will then allow you to just have VPN connections when you need them away from home, and a permanent VPN at home.

I think I understand what you're suggesting, but how does that differ from using my paid VPN service from my mobile devices when I'm away from the house? The issue is having my mobile devices auto-sense my home network (or any other trusted network) and deactivate their built in VPN clients. There's one MacOS/iOS specific VPN service I've found (www.getcloak.com) where the client can auto-detect trusted networks, but it's quite expensive and seems to be aimed at small businesses rather than home users.

It's a shame iOS can identify a trusted network and enable/disable VPN, if configured, accordingly.

 

[belvdr]

It doesn't add anything for your requirements of auto-detecting a network. Honestly, while I think your idea is great, I don't see this happening with mobile operating systems. They are too concerned with the average consumer getting email and Facebook than anything like this.

Can you manually connect / disconnect the VPN instead? That would get you the security you require.

Also, I just read about Ubiquiti's EdgeRouter X. It's $50 and is a dedicated firewall product that may be able to fulfill your needs. Sure, you could use a Pi, but then you're more under the hood with maintenance. I'm considering one of these so I can get my WiFi router out of the basement.

 

[chiefsilverback]

It doesn't add anything for your requirements of auto-detecting a network. Honestly, while I think your idea is great, I don't see this happening with mobile operating systems. They are too concerned with the average consumer getting email and Facebook than anything like this.

Can you manually connect / disconnect the VPN instead? That would get you the security you require.

Also, I just read about Ubiquiti's EdgeRouter X. It's $50 and is a dedicated firewall product that may be able to fulfill your needs. Sure, you could use a Pi, but then you're more under the hood with maintenance. I'm considering one of these so I can get my WiFi router out of the basement.

I just ordered one of these, a little pricey, but ready to go and with good technical support: https://www.sabaitechnology.com/netgear-wnr3500l-powered-by-sabai-os/

iOS already has native VPN capabilities (that the vast majority probably know nothing about), all it would need is the simple ability to designate trusted networks.

 

[belvdr]

Let us know how that works for you. Without honest user reviews, we have nothing to go on.

 

[flyingspur]

On AWS launch a EC2 micro instance and install OpenVPN server. Then get the OpenVPN client on your computer, iphones... etc. Easy set up, cheap and should only take you 15 minutes to do.

If not have a look at these 2 VPN's. Mullvad and IVPN .

 

[belvdr]

On AWS launch a EC2 micro instance and install OpenVPN server. Then get the OpenVPN client on your computer, iphones... etc. Easy set up, cheap and should only take you 15 minutes to do.

If not have a look at these 2 VPN's. Mullvad and IVPN .

Those do not meet the OP's requirements

 

[flyingspur]

Those do not meet the OP's requirements

Better alternatives imo, especially to PIA, so relevant

 

[chiefsilverback]

On AWS launch a EC2 micro instance and install OpenVPN server. Then get the OpenVPN client on your computer, iphones... etc. Easy set up, cheap and should only take you 15 minutes to do.

If not have a look at these 2 VPN's. Mullvad and IVPN .

A nice alternative approach, but I don't think it would address my desire to have my mobile devices recognize my home network and activate their 'local' VPN accordingly...

 

[sleepydinosaur]

I decided to just use PIA's apps to secure the phones since it locks them down on either Wifi or Cellular. The ATV's in the house run free but that doesn't concern me.

So far its working well.