Hi all,
Since many folks these days are talking about VPNs and improving their online security, I thought I’d write a series on my approach to this. In this series, I want to cover the following:
- Why would you build a router to improve your privacy?
- What are the basic skills needed for building your own router?
- What hardware is needed?
- What software is needed?
- What does all this effort buy me?
I’ll address these questions and more as I walk through my approach to this ever-increasing issue of degrading privacy online.
So let’s get to it!
I see HTTPS on all the popular websites… that’s not private?
Well, sort of. Once your machine has established an HTTPS connection to say Facebook’s servers, the data between the two of you is encrypted. But, that Domain Name Server (DNS) request your computer made to find out Facebook’s IP address was not encrypted at all. The same goes for your bank, your pharmacy, your children’s school website, and more.
So, we want to improve our privacy by making our traffic less visible. How do we do that? A VPN of course!
Many people, especially those who work from home frequently, are already familiar with VPNs. You fire up your businesses VPN client, log in, and *BOOM*, it looks like you’re sitting in your office! There’s your shared network drives, the PLM tools work and so on. This technology can also be used to enhance your web privacy.
Let me explain.
You have a VPN provider, who has 500+ servers all around the world. When you connect to this VPN service, your traffic looks like it comes from one of those servers instead of your home ISP connection. Thousands of other users have traffic exiting from that node as well. Your traffic all mixed in with other traffic — it’d be really hard to track you based on that. Plus, you have the added benefit of being able to change exit nodes practically any time (that is, if your VPN provider allows.)
So great! I just need to run a VPN on my laptop when I want to more secure!
Well, sort of, again. We have one hole, and there may be more that I’m unaware of, which can leak your private IP address to the world when using a web browser. Check out the page here about WebRTC leaking your IP address. Even when you’re actively running a VPN client on your local machine, the protocol can ask, “Hey what’s your IP address?” and your machine will willingly hand it out. Mozilla Firefox will let you disable this feature altogether, but Chrome will not. There are tweaks you can make and plugins you can get, but we have a better solution!
Enter our hero: VPN at the router!!
Rather than running your VPN client at the machine, running it at the router makes your machine completely oblivious to the fact that a tunnel is running at all.
So I need to buy a router that supports VPN clients?
Well, you could! But they could be expensive and it’s more fun (and educational!) to build it ourselves!
By home-making a router, we can accomplish many things, the least of which is the actual routing of our home network. Not only can we have stricter control over what (and who) comes in and out of our network, but we can also offer other services like local DNS caching, more DHCP options (like NetBoot or PXE), and last but certainly not least, a VPN client.
So now we know why we would like to build our own router, but what skills will I need?
At the very least, the person building their own router needs to understand the basics of the following items:
Not on the list but absolutely essential to this endeavor is a strong background in Linux (at the helm of the CLI). All the networking and services will be configured in and hosted on a Linux distro of your choosing.
I think this is enough for one post! Check back soon for part two! I’ll come back and link it here, and it will be up on the blog page!
Thanks for reading!