Greetings,

I am not so networking advanced. I am connected to the internet through a cable router(tv cable
/ coaxial). Router: Netgear C6250EMR

2 questions please:

1. I would like to set the vpn directly on the main primary cable router, if this is really not possible the bridge mode would be the last option.

Do you consider it could be possible if I will contact my ISP, they could help me with one of the next 2 options?

a) Modify at least for me(or for all their routers) the firmware of the actual router so it will appear in it's menu the option to set the vpn directly on it by openvpn protocol or IKEv2/IPsec ?

b) If first option is not possible, it would be possible after I will buy a cable router which support OpenWrt, they will tell me what lines to be added/changed/removed in the OpenWrt firmware in order to work directly connected to their network?

2. If non of the above from point 1 is not possible, could I download the actual firmware from my router and look into it and try to config the firmware of another cable router which has the vpn feature, in order to use the new router directly connected to the internet?

Regards.

xdpin, do you want VPN-server or VPN-client on your router?

I think the correct answer is vpn client, I only want all the devices connected to the router to go online through the vpn...

OK, it is trivial task. You can follow my guide about AirVPN, making necessary modifications.

Thank you very much ulmwind.

I've searched online, but with no success...

Tell me please, does it exist on the market(Europe), a decent even a second hand CABLE wifi router + minimum 2 Ethernet slots, for around 50 $ which supports OpenWrt?

Or I can proceed with your guide even on my Netgear C6250EMR

Tell me please can I fallow your guide also on Ubuntu ?

Also instead of AirVpn is it possible to use your guide for NordVpn?

Thank you.

(Last edited by xdpin on 28 May 2017, 23:07)

Excuse me please, I can't find any cable routers which support OpenWrt even around 100$? Have I "been doing  something wrong" ?

(Last edited by xdpin on 28 May 2017, 23:28)

Coud this be a good option for my needs please?
Actiontec MI424WR - supports OpenWrt.

Could openvpn be set on it, and also the wireless devices will go online though the set openvpn?

Any other alternatives please?

Should I also ask the ISP if this router will work with OpenWrt firmware, directed connected at their network ?

Thank you.

Hi.  Perhaps you should consider a slightly different method.  It would probably be better to get another cheap old router & flash OpenWrt on it, & plug that into your main cable router.  That way, you can do whatever you want on your own cheap router, & don't even have to worry about making difficult, or impossible, changes on your main cable router.  I don't know how it is in other parts of the world, but here in the US, ISPs are the physical embodiment of pure evil & greed.  Asking them such questions is not even an option.

You can go into the firewall options on your main cable router & put your own cheap router into the DMZ zone, so that way your cheap router is not being blocked by the main cable router's firewall.  Your cheap router will be fully exposed to the internet, but that's OK because OpenWrt has its own firewall rules to protect your router, which are probably better than the settings in any ISP cable router anyway.

So yeah, get your own cheap router, flash OpenWrt onto it, plug it in to your main cable router, & put it in the DMZ zone so that it is not blocked by the cable router's firewall.  With that, you can have all of your devices connected to your cheap router, & you can set up your cheap router to connect to whatever VPN you want.

Oh, a couple of good routers you could get would be D-Link Dir 825 ver. B1, or Netgear WNDR3700, or Netgear WNDR3800.  I think these are some of the best cheap old routers you can get because they have the fastest CPU of all the cheap old routers (680 MHz).  Yup.  Blazing fast.  XD  Well, it's much better than others which run at 200 - 400 MHz anyway.  These routers can be found on sites like ebay for about $30 USD.  Personally, I have D-Link DIR825 ver. B1, & I've been using it with OpenWrt for years now.  It works great.

There is now a new generation of routers that have dual core CPUs running at 1GHz or more, but they are very expensive.  Most likely, they are still not supported by OpenWrt anyway.

Unfortunately, as you probably already noticed, setting things up can be very difficult.  Working with OpenWrt requires a LOT of knowledge.  You will need to spend a LOT of time learning things, & especially, there are not many easy to follow guides concerning OpenWrt & VPN.  I think that using your own router instead of trying to mess with the ISP's cable router is the best way to go, especially if there are other people in your home who depend on it.  By using your own router, you can take things 1 step at a time, & mess things up without having too much to worry about.

Well, I hope this helps, even just a little bit.  Good luck my friend!!!

Thank you very much 3ndymion for your time, and all the excellent detailed answer.

I believe your method maybe has more than 90% advantages then disadvantages.

Only some questions regarding the disadvantages please... (sorry I only read some things written by others)

1. This variant is called bridge mode?
2. Is it possible in this situation to appear double NAT?
3. The speed is only 10/10, could it appear some fluctuations, or even very slow speeds because using this method, instead of using only one router?
4. Tell me please could it appear any other disadvantages using this method?
5. Do you think it could be technical possible that the people from the ISP to ask the vendor of the routers
if they could tell what settings I should add/change/remove on a OpenWrt cable router to use it directly connected to the ISP?
6. Do you think it could be technical possible that the people from the ISP to ask the vendor of the routers to sell them some other models of routers, or this same model, but to add in their menu the Openvpn feature, so I could use it directly.

Thank you.

I'm not too sure about bridge mode, but I do not think this is it.  This is definitely a double NAT setup.  I have seen many complaints about double NAT, but it is working fine for me.  It does not slow down speeds at all.  I get download speeds of over 5MB/s (40Mb/s), & upload speeds almost the same.  I think the most important thing about this is to have your router in the DMZ zone, that way it is not behind the ISP router's firewall, & you do not have to worry about any port forwarding.

Perhaps the best way to explain it is to give my own setup as an example.  In my case, we have the ISP router (Actiontec MI424WR) as the main router.  Everyone's computers & devices are connected to it, by wire & wirelessly.  But for myself, I have my D-Link DIR-825 router connected to it, just like everyone else's devices.  All of my own devices connect to my D-Link router.  They are in their own little network, & they all connect to the internet just fine.

Actiontec Network: 192.168.1.XXX
D-Link Network (double NAT): 192.168.3.XXX

I have OpenWrt flashed onto my D-Link router, & I have an OpenVPN server running on the router.  I do not want my D-Link router behind the firewall of the main Actiontec router.  I think that might make things difficult because then I would have to start forwarding ports & stuff.  So, I log into the Actiontec router, go to the ip address settings, & give my D-Link router a static address.  Example: 192.168.1.20  That way, whenever I connect my router to the Actiontec, it will always get the same ip address of 192.168.1.20.

Now that my D-Link router gets a static ip address from the Actiontec, I go into the firewall settings of the Actiontec router & put the ip address 192.168.1.20 into the DMZ zone.  That way, my D-Link router will always be in the DMZ zone.  It is fully exposed to the internet, & is not being blocked by the Actiontec's firewall.  Anything that comes to our home's external ip address will hit my D-Link router 1st, which is what I want.

And speaking of that, I also need to set up a dynamic DNS for my home's external ip address.  When I'm away from home & want to reach my router from the outside world, I need to know the external ip address that my router can be reached at.  Since the ISP often changes the external ip address for whatever reason, it is best to have a dynamic DNS setup so that I can use that DNS to call home to my router.  The dynamic DNS will always know the external ip address for your home.  There are different free services that can be used for this, such as noip.com, or duckdns.org.

In my case, I use noip.com for a dynamic DNS.  The Actiontec router actually has a setting for noip.com built in.  I'll choose a name I can remember, for example, my-awesome-router.ddns.net.  So now that I set it up, I can connect to my-awesome-router.ddns.net whenever I'm away from home, & I will reach my router.  OpenWrt's firewall protects my router, but I leave port 1194 open because the OpenVPN server can protect that port just like the firewall can.

This is how I use my setup, & it works perfect.  I still have not tried using the router to connect to an actual paid-for VPN service like what you want to do, so I cannot really speak much on that.  But, with a setup like mine, I do not think it would be too much trouble.  I highly doubt that any ISP would be willing to help with something like this in any way whatsoever.  I think the only option is to do it yourself, which is why we are all here.

It took me years to learn all this stuff in my little spare time.  I am not a professional, so if anybody who is more knowledgeable than me sees this, please feel free to chime in. 

xdpin, there is also my guide for NordVPN. Setting in Ubuntu is trivial, you can find lots of manuals. If you encounter difficulties, please, let me know.
You can buy cheapest router for 15$ Nexx WT3020H or WT3020F, and test OpenWRT with VPN-client on it.

(Last edited by ulmwind on 29 May 2017, 18:12)

Thank you very much for your replays.

I would like the bridge mode, DMZ, double NAT to be the last solutions please...

Tell me please, it would be technically possible that the ISP will give me the settings to modify the OpenWrt firmware of the CABLE ROUTER which I will buy(support OpenWrt), in order to work directly connected to their network?

It would be technically possible that the ISP to ask the vendor of their routers to provide them some CABLE ROUTERS which also has OpenVPN feature?

Could the ISP ask the manufacturer of Netgear C6250EMR firmware to change the actual firmware of the router and add the OpenVPN feature?

Thank you.