New pre-built OpenWRT VPN with PIA router company launched
I decided to put Private Internet Access' VPN inside the router itself to ensure the VPN was always running, so I started researching how. It was not easy to do, and I knew other people had the same issue, so I created a new business to create and sell them.
It integrates directly with PIA and uses a mobile app to configure the router. I'd be happy to answer any questions related to building your own router. I used OpenWRT as the operating system.
Comments
Hi.
Good luck with your new venture.
I have succesfully (almost) set-up my own router as a wireless Access Point, with OpenWRT and PIA which took a lot of research, learning and time!
However, I cannot stop the DNS Leaking.
I tried: Network -> Interfaces -> LAN -> DHCP Server -> Advanced Settings. In the “DHCP-Options” field entered the value: “6,209.222.18.222,209.222.18.218”.
I also tried entring the same values in the DHCP and DNS settings tab - but neither did the trick.
So, my question is how do you stop the DNS leak?
Here are my firewall settings (just the changes) which I would also like your comments on:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
# Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'lan'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'wwan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option forward 'REJECT'
option output 'ACCEPT'
option name 'PIA_VPN'
option input 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'PIA_VPN'
config forwarding
option dest 'PIA_VPN'
option src 'lan'
I believe this writes to the /etc/config/dhcp file under the config dhcp 'lan' heading and adds the line:
list dhcp_option '6,209.222.18.222,209.222.18.218'
In the LUCI web interface this is achieved by going to:
Netwok>Interface>LAN>DHCP Server>Advance Settings and entering "6,209.222.18.222,209.222.18.218" in the DHCP Options box (then clicking "Save and Apply").
I have already tried this and it did not hide my ISP when I tried a DNS Leak test. The only thing that works for me is manually setting the PIA DNS in the ISP's router.
Regards,
Vippa
This time, changing the DNS settings of the LAN DHCP in the router (ie. as discussed in post 2 and 3) DOES work.
I also tried several other methods, including changing the DNS settings of the LAN and not LAN DHCP, which also gave positive results.
It was also suggested in some posts to add the line "option peerdns '0'" to the other interfaces (eg. WAN, WWAN, WAN6), which I also tried with some success.
Finally, for my own peace of mind, I also added the PIA DNS servers in my WiFi interface on my laptop and also chnaged my ISP router's DNS servers from "auto" > "manual" (PIA).
Thanks for your help!
Regards,
Vipper
So sorry for delayed response, I forgot to check here! I'll respond in case anyone is interested in the future.
Since launching, we have sold over 200 routers so far, which is pretty good (we think!) especially given how minimal our advertising has been. Most people who have bought our routers have stumbled on blog posts, came from this forum, heard about it from a friend, I spoke with at a conference, etc. We have had no issues with our hardware not working as expected, we had a few returns but as far as we could tell it wasn't any issue with the hardware.
A few bloggers reached out and a youtube guy, but they wanted to be paid and/or get free hardware, which I refuse to do as that implies pay to play and the VPN affiliate system is so broken already. You can't even tell what is real and fake anymore because people write based on affiliate income rather than truth. Maybe I'm being a bad businessman, but it's been going pretty well so far so I'd rather be honest than start shipping free routers to bloggers. I may revisit this issue in the future but for now I'm not interested in paid reviews.
The warranty is 30 days money back guarantee. If you don't like it just send it back. We provide assistance over email / phone even after the 30 days are up. The biggest issue has been confusion of people running both the PIA app and simultaneously using the VPN router, which makes the data routed through the PIA network twice (once in the app, again in the router) so I remind people to uninstall all PIA software on devices. That's the whole point of the VPN router - no need for VPN software!
Anywho, the website has an FAQ section where I've put questions people have emailed and the answers, might be worth checking out: https://easyvpnrouter.com/easyvpn_faq/
James
For anyone trying to roll their own VPN router, I highly recommend LEDE, the devs creating it are quite serious. I know some people in industry (Taiwan) who are developing enterprise hardware and are working directly with LEDE devs, top notch guys.