Jtdylktuy

I want to route all traffic in my home network through a vpn. I currently have a sagemcom FAST 5364 router provided by my ISP. I also have two previous routers, which I don't use, from my ISP (Huawei hg633 router and an old D-Link router).

My initial thought was to flash firmware onto my router so that I can set up a VPN connection on my router, which none of them support.
I've checked the dd-wrt and open-wrt websites if they support any of the three
routers and they don't support.

My current internet speeds is 40Mbit/s down and 10Mbit/s up. I'm on a really tight budget, so I was thinking that I could get a supported cheap router that I can connect my LAN to. This router wouldn't need anything greater than 100mbps ethernet, wouldn't require wireless capabilities, and would only require minimal amount of ethernet ports.

All devices on my LAN will be connected to the Sagemcom router, since it's pretty decent with support for dual band wifi, wireless AC, and has 4 gigabit ethernet ports. This would mean fast data transfer between devices on the LAN. However if I wanted to access the internet, the sagemcom router would forward any requests to the cheap router. Are there any issues in this? Would anyone recommend any cheap routers that has support for dd-wrt or open-wrt.

I'm open for any alternatives. Also, I don't mind purchasing used hardware. Btw, I have a high end PC connected one meter to the router, so is it possible to route all traffic through there so it can handle the encryption and decryption process. Also have a spare raspberry pi 3B+ not being used in any project.

Edit: I haven't chosen a VPN provider yet.

It is definately possible for a router running dd-wrt to support 40 megabits of traffic however due to CPU requirements for encryption its unlikely a low end router will gave the performance. You really need at least a mid-range router (I use ASUS RT-AC 68U touters which are arround the US$135 mark). I imagine a gigabit router with AC wifi support is likely to have the kind of power you need. While you can kerp this behind your Sageman router, any router running dd-wrt and capable of handling 40 megabits of traffic negates the need (and gas disadvantages like double NAT or complex routing) for a second router unless its needed to, for example, convert dsl to ethernet.

Alternatively if you can scrounge an old x86 computer (preferably with a CPU that supports AES) and use 2 network cards and quite a lot of (Linux) setup this.might work - I had a first gen I3 that did not raise a sweat. You dint need to much in the way of RAM or disk - but be aware that over time it may be more expensive then a mid range because it draws more power.

Alternatively you can indeed set up one pc to do dusl duty as a vpn router - I think this is messy and complex, and requires that pc to be on all the tome - which likely eats electricity.

Another option might be to set up individual VPNs from each PC.

I'll explain the big picture of how this is done. Once you figure out a plan, you can refer to the numerous guides on the Internet that tell you how to configure the device that you choose to serve as your VPN router. This is for a bare minimum configuration where you don't have VLAN support and you don't have additional network switches and/or wireless access points to use. You'll be creating two LANs on the same wire using separate IP address ranges.

Find a computer that runs GNU/Linux, or a device with similar capabilities. You could even use Windows server or Windows with 3rd party software. If you want to install GNU/Linux on something, most anything should be fine for 50mbps total traffic. Whether you're trying to get the most out of old hardware, or you're tying to run a full speed 1000mbps connection through a VPN, it's hard to beat the efficiency of GNU/Linux. I did a test and a 1MB/sec (8Mb) download of random data consumed only about 20% of a Pentium III 1GHz CPU, using openvpn with compresssion and a static key. A second generation Pentium III (socket 370) uses only 25 to 30 Watts idle with the hard drive spun down. Second generation Pentium 4 Northwood (socket 478) computers are cheap and use about 35 to 45 Watts idle, and can give you at least 10MB/sec through openvpn. Avoid the 3rd generation Prescott Pentium 4 (anything with SSE3 or socket 775). They consume 90 Watts idle! Most everything newer has good idle power consumption. You can even use a laptop for this. You only need one Ethernet port. A Raspberry PI can be used for this, but all networking goes through a single USB2 port which can't quite handle a full duplex 100Mb NIC (200Mb total). Your setup will be close the limits for a Raspberry PI as it would be for the 1GHz Pentium III as well.

Configure you current router and your VPN server for static IP. You can use an address range like 192.168.5.0/24. Disable the DHCP server in your router. Connect your VPN server directly to the router. It is the only thing that will access the Internet through your current router from this point on.

Once Internet access through VPN is working on your new GNU/Linux router box, you can configure it as a home router, with packet forwarding and a DHCP server. Unless you have an unusual VPN that gives you multiple IP addresses to use, you'll want to enable NAT on your router. The DHCP server can be set to serve 192.168.1.0/24 or such with your new router set as the gateway. Your existing devices will continue to connect to your wireless router in the same way, and your wired connections can still plug in to the Ethernet switch ports in the back, but your new DHCP server will have taken over the network and replaced your existing home router with itself as the new default gateway for the LAN. Now everything goes though your new router box, and none of the other devices are even aware of the static IP connection between your old router and your new router. Technically they could be configured for static IP and bypass your new router box, connecting to the Internet in the same way that your new router does, but that wouldn't happen by accident.