VPN in an Apple household (help)

Discussion in 'Mac OS X Server, Xserve, and Networking' started by sleepydinosaur, Mar 24, 2017.

  1. sleepydinosaur macrumors regular

    sleepydinosaur

    Joined:
    Oct 31, 2009
    #1
    My current network is as follows: Airport Express (2nd Gen) to cable modem. LAN port on AEX to AppleTV and wireless for another ATV, 2 iPhones and 1 Android Phone.

    I want: Since ISP's can now sell our browsing history off I want to protect against that. All my googling leads me to needing a new/2nd router to connect to a VPN. It was suggested to keep the AEX and insert a router between it and the modem and then config the 2nd router for VPN.

    If this is correct, then what inexpensive router can I get? I'm not spending $200 on a router, that's ridiculous.

    Is there another way to attack this?
     
  2. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #2
    You need to utilize a private VPN service. I know of one called Private Internet Access (funny acronym of PIA) that I've used in the past. That said, each system would need to login to VPN separately. I don't think I've ever tried using a router to utilize a site-to-site VPN with something like PIA.
     
  3. sleepydinosaur thread starter macrumors regular

    sleepydinosaur

    Joined:
    Oct 31, 2009
    #3
    I have already singed up with them. Hardware though must access them or its not going to work. My question is regarding hardware.
     
  4. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #4
    Yes, sorry, I misread your question. I edited my post. However, if you want a router to do something like this, $200 is fairly inexpensive.
     
  5. sleepydinosaur thread starter macrumors regular

    sleepydinosaur

    Joined:
    Oct 31, 2009
    #5
    I doubt I'd spend that kind of money, especially since brands like NetGear are famous for never patching holes and such. maybe I will have to attack things a different way....
     
  6. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #6
    From what I'm reading on this, you would be replacing the stock firmware with Tomato or DD-WRT, so the patches come from them, not the manufacturer. It is expensive for home use, but to get those features, you need more powerful hardware.

    Do you have something like a Mac Mini (or other hardware you may have lying around) to use pfSense to accomplish this:

    https://www.privateinternetaccess.com/pages/client-support/pfsense
     
  7. sleepydinosaur thread starter macrumors regular

    sleepydinosaur

    Joined:
    Oct 31, 2009
    #7
    Unfortunately, no computers in my house these days. An AppleTV and some phones and thats it
     
  8. kiwipeso1 Suspended

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #8
    Get an ASUS router, they have WRT pre-installed with VPN client built in and anti-virus.
    Then all you do is configure the VPN client on the router to connect with your VPN, and bingo, everything on the LAN is using the VPN connection for the internet WAN.
    Simple as that.

    (Edit) : the Asus routers also have an iOS app for easy configuration of the router, along with a webpage configuration tool.
    And yes, they are updated very frequently.
     
  9. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #9
    Correct, we already discussed that but the OP does not want to spend that much money on a router. I'm unable to find a more affordable alternative. If you go too cheap on the hardware, it might be underpowered and cause the Internet to be too slow. You pay a price for encryption.

    Once you apply WRT, then the stock app no longer works, correct?
     
  10. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #10
    No... WRT is the default Asus firmware and it includes VPN support.

    https://www.asus.com/ASUSWRT/
     
  11. kiwipeso1 Suspended

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #11
    I did not specify exactly which Asus router, so it depends entirely on what the budget is.
    However, given the exchange rate compared to US$, you should be able to find at least a couple of older Asus models with wifi AC in the price bracket of under US$200 given the low sales tax rates in some states of the USA.
    (And no, before you ask, NZ or Aus is never cheaper than the USA for electronics.)

    To clarify as @Weaselboy did already, all Asus routers use WRT as the software already. That software is updated every few weeks to several weeks, along with built-in plugins for trend micro anti-virus, 4g/3g dongles / phone tethering, VPN client and server (server only needs a fixed ip address), QOS, sharing and download manager for hard drives.
     
  12. chiefsilverback macrumors 6502

    Joined:
    Jul 25, 2011
    #12
    I just ordered a Sabai Technology router. They offer a range of routers that are pre-configured with their OS based on the DD-WRT firmware. Now I need to choose a VPN service and then I want to understand if it's possible to configure our iOS devices to automatically toggle between VPN and not VPN based on the network they're connected to?

    If my home LAN is protected by a VPN then I don't need my phones to be establish a 'tunnel through the tunnel' when I'm at home, but once they disconnect from my home network I want the tunnel in place. Make sense?
     
  13. sleepydinosaur thread starter macrumors regular

    sleepydinosaur

    Joined:
    Oct 31, 2009
    #13
    Since the ATV's are the only devices using the router other than phones, I decided to lock the phones down individually with PIA's iOS app. The ATV runs free.
     
  14. Longer Lane macrumors member

    Longer Lane

    Joined:
    Oct 30, 2015
    #14
  15. Longer Lane macrumors member

    Longer Lane

    Joined:
    Oct 30, 2015
    #15
    You might want to check this solution out.
     
  16. kiwipeso1 Suspended

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #16
    Just connect from the home router to the VPN service for while you are at home. Don't directly put your devices to the VPN service unless you only have one device.
    Then setup the router to have a VPN server to connect to from other networks like a café free wifi.
    That will then allow you to just have VPN connections when you need them away from home, and a permanent VPN at home.

    You may find Private Internet Access to be the best service that doesn't log traffic, is unlimited & allows for payment by bitcoin.
    --- Post Merged, Apr 2, 2017 ---
    TOR, otherwise known as "how to advertise yourself to the NSA & CIA for no extra security", is long known as insecure.
    TOR just doesn't work reliably for anything other than painting a large target on your IP address.
    The TOR network is not designed to be secure for critical usage, and is reliant on antiquated NSA approved "standard cryptography" which is demonstrably broken.

    Do yourself a favour, never use TOR if you value your privacy.
     
  17. chiefsilverback macrumors 6502

    Joined:
    Jul 25, 2011
    #17
    I think I understand what you're suggesting, but how does that differ from using my paid VPN service from my mobile devices when I'm away from the house? The issue is having my mobile devices auto-sense my home network (or any other trusted network) and deactivate their built in VPN clients. There's one MacOS/iOS specific VPN service I've found (www.getcloak.com) where the client can auto-detect trusted networks, but it's quite expensive and seems to be aimed at small businesses rather than home users.

    It's a shame iOS can identify a trusted network and enable/disable VPN, if configured, accordingly.
     
  18. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #18
    It doesn't add anything for your requirements of auto-detecting a network. Honestly, while I think your idea is great, I don't see this happening with mobile operating systems. They are too concerned with the average consumer getting email and Facebook than anything like this.

    Can you manually connect / disconnect the VPN instead? That would get you the security you require.

    Also, I just read about Ubiquiti's EdgeRouter X. It's $50 and is a dedicated firewall product that may be able to fulfill your needs. Sure, you could use a Pi, but then you're more under the hood with maintenance. I'm considering one of these so I can get my WiFi router out of the basement.
     
  19. chiefsilverback macrumors 6502

    Joined:
    Jul 25, 2011
    #19
    I just ordered one of these, a little pricey, but ready to go and with good technical support: https://www.sabaitechnology.com/netgear-wnr3500l-powered-by-sabai-os/

    iOS already has native VPN capabilities (that the vast majority probably know nothing about), all it would need is the simple ability to designate trusted networks.
     
  20. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #20
    Let us know how that works for you. Without honest user reviews, we have nothing to go on.
     
  21. flyingspur macrumors regular

    flyingspur

    Joined:
    Aug 5, 2013
    Location:
    Dallas TX
    #21
    On AWS launch a EC2 micro instance and install OpenVPN server. Then get the OpenVPN client on your computer, iphones... etc. Easy set up, cheap and should only take you 15 minutes to do.

    If not have a look at these 2 VPN's. Mullvad and IVPN .
     
  22. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #22
    Those do not meet the OP's requirements
     
  23. flyingspur macrumors regular

    flyingspur

    Joined:
    Aug 5, 2013
    Location:
    Dallas TX
    #23
    Better alternatives imo, especially to PIA, so relevant
     
  24. chiefsilverback macrumors 6502

    Joined:
    Jul 25, 2011
    #24
    A nice alternative approach, but I don't think it would address my desire to have my mobile devices recognize my home network and activate their 'local' VPN accordingly...
     
  25. sleepydinosaur thread starter macrumors regular

    sleepydinosaur

    Joined:
    Oct 31, 2009
    #25
    I decided to just use PIA's apps to secure the phones since it locks them down on either Wifi or Cellular. The ATV's in the house run free but that doesn't concern me.

    So far its working well.
     

Share This Page