Noob here. This is probably the most repeated question, but I don’t know the technical terms to make the appropiate digging online, and thought of asking humans before slopping my way around.
I don’t trust my ISP or the government above it.
The ISP remotely manages the local network! So I installed a router of my own and my devices only to that one.
I would like to encrypt (?) anything that goes out of my own router, so my ISP doesn’t evesdrop what I’m doing even if they want to (I know I know… if they really wanted, they could just send friends to my house).
Using Linux, Android GOS, and Pihole. They live under a “picked-up-from-a-shelf” router; and that router under theirs.
(I cannot get a different ISP)
Thanks
A VPN? That routes the traffic to the other server, so the ISP can only see you’re connecting to a VPN. Most people recommend Mullvad, I personally use Proton and Windscribe, both free, open source, and trusted.
Can it be installed at a network level, rather than at a device level (like pihole)?
You can run your VPN on your firewall (mine is opnsense, behind a cable modem in bridge mode). E.g. wireguard with Mullvad is a good option. Or you can set up a VPN client on your end devices – Mullvad gives you 5 endpoints for one account.
Yes, but support changes depending on your router. Not many in the consumer market support it, but you can run OpenWRT on either a supported router or a Linux box with at least two interfaces - a usb adapter works if you’re on a budget, and ethernet+WiFi also counts. I would suggest looking into VPN providers that support Wireguard, as that’s in my experience both faster and more reliable than OpenVPN.
For commercial alternatives you can just buy and import a wireguard conf file into, I know MikroTik routers support it and I believe GL.iNet does too. I’m pretty sure there are more, hopefully people can contribute their experiences.
I wouldn’t recommend TOR for this usecase btw, you’d be adding a lot of latency when you don’t need the additional anonymity layer.
Yes, GL.iNet routers have a VPN pane where you can simply enter the details of a WireGuard or OpenVPN server. I signed up for a free account at Proton, downloaded the configuration for a free WireGuard server, and installed it on the GL.iNet box. When I switch on the VPN in the router interface, all traffic flows through the VPN. I use it while travelling with my family. I can connect the travel router to the hotel or AirBnB wifi, then turn on the VPN (or not), then connect all the family devices to the travel router.
OP could do the same thing, assuming their router supports it, and set up a WireGuard VPN (much faster than OpenVPN) connection on the router and route all network traffic through it. A free VPN will always be slow and congested. A paid one is likely worthwhile in this case, especially if OP streams media.
yes it can technically, but I’ve more heard about tor box than vpn box, a pi or whatever should work for both ! But only if you can install a client for your vpn, because if you don’t have one I believe you have to download a .conf file for each IP of each server you want for your vpn but they change all the time.