Secure Your Traffic Using A VPN & OpenWRT

Believe it or not you don't need lots of heavy hardware in a black box mounted to the roof. Actually, you can secure your home traffic and logins yourself for approximately $200 with ongoing yearly costs under $100.

Please take note that this article is written for 1 or 2 people in a small household or flat. This best suits adults living alone, or retirees that generally use the internet for social media and communication; making them susceptible to being hacked. If you use the internet a lot, I suggest buying the Flint router instead of Mango.

Firstly, why would hackers want to hack you?

Most attacks are not targeted. It is like fishing where you don't target a specific fish, you just bait up your hook and throw the line into the water hoping a fish is hungry enough to take it.

Watch This To Understand Why You Might Be Caught In A Cyber Attack – https://www.youtube.com/watch?v=7VwRHPwoV4g

Kodi from Veronis speaking on Hak5 lists 5 reasons in the video above.

  1. Social Media (Identity Scams, Finance Scams)
  2. Digital Assets (Gaming Accounts, Netflix Accounts, Amazon Accounts)
  3. Home Networks (Criminal Traffic Routing)
  4. Old Routers (Botnet for Distributed Denial of Service Attacks)
  5. Digital Blackmail (Darkweb List Sales)

Bill of Materials

You will need some basic technical knowledge to set this up. If you're reading this and not great with computers, don't worry, you can ask one of your tech-savvy family members to do it for you, just give them this article link and they can do the rest.

Note: This article is not sponsored by any of these products or services. I just like them.

Before getting started you need to buy a few things. I have provided links for convenience, you don't need to use these places if you can find the same thing cheaper.

  1. Two Short Cat6 Cables (0.5m) is the shortest you can buy
    — $5 each from Bunnings
  2. One OpenWRT Router provided by Gl.inet called Mango
    — $50 from Amazon.com.au
  3. One Yubikey with NFC
    — $80 from Amazon.com.au
  4. A Nordpass account
    — Free with VPN subscription below
  5. A subscription to NordVPN
    — $60 a year (Basic VPN 1 Year)

Total Setup Cost: Approximately $200 and Total Ongoing Cost: $60 a year.

Stage One – Purchase Hardware

Before you can start you need to purchase the hardware.

It will take a few weeks for you to receive the Mango Router and Yubikey. Get your 0.5m CAT6 Ethernet Cables from Bunnings when you're ready. We chose the shortest ones because the Mango router will sit next to your existing router.

Note: If you require more oomph I suggest you purchase the Flint WiFi 6 Router.

Stage Two – Software

You can use a VPN and password manager without a Yubikey and Router.

Start using NordPass and NordVPN to become familiar with them, start making all your passwords unique from each other – if they aren't already – and become familiar with the perks of using a VPN by watching geoblocked videos.

NordPass is free with the subscription below and you should make a very strong password for it. Please use this tool to see how long your password would take to crack.

I would suggest making a password strong and never repeat them. It's annoying coming up with a unique one each time, Norton provide a descent password generator to make things easier.

Example Scenario: You use an “easy to crack” password – made from names and date of births – repeated across all your logins. A hacker has breached a common platform you used in the past with your common password and email, and the hacker sold the data to scammers.

NordVPN is one of the faster VPN providers on the market. The purpose of using a VPN is to encrypt your internet traffic and hide your public IP address provided to you by your ISP.

Example Scenario: You receive a “your delivery is waiting” spam SMS message, and because you're tired and actually waiting for a package you accidentally clicked on the link, it went to a blank white page and redirected you to YouTube… You think to yourself “nothing happened” but what actually happened is you just send your IP Address, Device ID/MAC Address and User Agent to something called a C2 Server (Command and Control). If you're using a VPN then they won't actually get your real IP address and your true location is unknown, protecting you from hackers.

Before you start take note of your public IP address given to you by your ISP by visiting whatsmyip. When you activate NordVPN using their application you can visit that website again to see your IP address change. This proves you're now protected under NordVPN.

Stage 3a – You Have A Yubikey

In simple terms, the Yubikey is a USB security key. It’s a little key-shaped fob, developed by a company called Yubico, that plugs into your computer and, along with your password, completes the second half of a MFA web login. Click here to know more about the Yubikey.

NordPass allows you to use your new Yibikey as your Multi Factor Authorisation, which is commonly known as Two Factor Authorisation (2FA). Click here for more information from NordPass.

Note: A common 2FA practice is to use a Mobile Phone Authenticator which rotates a 6 digit code ever 1 minute, however, if your phone is hacked then it is useless. A Yubikey is a physical device and can't be hacked, only stolen, where a phone can be both.

If Successful: If you have done everything correctly then you should have a NordPass account with a very secure password and 2FA enabled with your USB Yubikey. At this stage hacking you would cost too much to even bother.

Stage 3b – You Have A Mango Router

You have your GL.iNet Mango Travel Router and you're ready to setup OpenVPN. Well thankfully NordVPN already created a simple step by step tutorial for a GL.iNet Mini Router.

Once you've setup OpenVPN on the Router you will need to configure your existing router and turn off your WiFi Access Point. Your new WiFi Access Point will come from the Mango Router.

Connect devices to the new WiFi Access Point and now you're routing your traffic through NordVPN with your public IP address being hidden/protected.

Side Note for WireGuard: If you're opting in for the Flint Router you should note that NordVPN does not use WireGuard. There are other providers like SurfShark that provide this service and would only add $20 a year onto the price listed in Bill of Materials.

The next part is optional, you can select CloudFlare in the Gl-iNet web console.

Changing DNS settings adds another layer of security and could possibly speed up your DNS queries which makes your internet seem faster. There are a few public DNS servers that can be used such as CloudFlare, Google or Quad9 which provides Malware protection.

If Successful: If you have set everything up correctly then you should be able to see your public IP is hidden by visiting the whatsmyip website. If you have changed your DNS properly you can do a DNS Leak Test to see if you are exposing your ISP.

Conclusion

In this article I have covered setting up a password manager (NordPass) with unique passwords for each login you have, which can be generated using online tools and Multi Factor Authentication using hardware (Yubikey). I also covered setting up OpenVPN (NordVPN) on a Travel Router (GL.iNet Mango) and using it at home for basic internet usage with a DNS change for speed and added Malware protection.

You are now protected more than most people.

Although everything is able to be hacked, making things harder to hack severely decreases the return on investment for hackers, therefore making it not worth their while. This is the goal.

Please consider purchasing product through my store to help support content like this.

Facebook
Email

Did you find this article helpful and like shouting people a coffee? Please consider tipping by buying me a coffee.

Recommended Products...
Latest Posts...