Using two routers at home, one with permanently connected Cisco IPSec VPN

[ohnostopgo]

Hello all, first post!

I'm living in a foreign country, and I like to watch sports, use Netflix, Spotify etc from both my home and my native country. Which as you can guess, causes a lot of hassle with geoblocking.

I would like to get around it by buying a second router that supports a permanent VPN connection, connecting it to my existing broadband box with an ethernet cable, and using wifi on both boxes with different network names. So I would have two separate wifi networks, one connected to a VPN from my native country and the other not. To have access to each country's content, I could just connect to the other wifi.

Any suggestions on choosing a router and setting this up? Ideally I would like a router that can connect to a Cisco IPSec VPN (which I already have access to), and can be configured to ignore the server policy against saving the password. If that's impossible I can try using a different VPN, but I'm still going to need a quick way to reconnect or to switch servers, without keeping a screen and keyboard permanently connected to the router.

My budget is roughly $150 but I would rather go higher than get something that isn't reliable.

 

[bill001g]

Running 2 different wifi networks is going to be the hard part since most consumer routers treat the wifi as a single network.

Now sure why you are asking about cisco ipsec...unless you have a cisco router.

Cisco ipsec is standard ipsec so it is compatible with almost any other.

The vpn is pretty easy you just need to be sure you get at least one of your router that can run in client mode. It is fairly common to get server mode vpn on a router but client mode is not as common.

IPSEC tends to be more complex to setup....especially cisco IPSEC that has lots and lots of options. But you just make the same setting on both routers and it should connect. You will get error messages indicating what does or does not connect. Most people use open vpn because it is simpler to setup but IPSEC is still much less cpu intensive and performs a bit better so it can be worth the effort to configure if you want.

Although more expensive it may be simpler to buy a total of 3 routers. 1 at your remote locations as the vpn server. 1 at your local location as the internet router and a third at the local location as the vpn router. You can then put the vpn router behind the internet router. This would allow you to set 2 different wifi networks as you propose with the least effort.

You can do it with a single router but you would have to configure which traffic goes into the vpn tunnel...ie netflix etc...and which bypasses the vpn and uses the local internet directly.

 

[ohnostopgo]

Thanks for answering!

Now sure why you are asking about cisco ipsec...unless you have a cisco router.

I mentioned Cisco IPSec because that's what the university VPN I already have access to uses. I don't currently own any Cisco hardware. You are right that I need a router which can work in VPN client mode.

The remote location (my university) is not under my control and I can't install hardware there. They provide a VPN service that I can connect to, that's all.

I'm still enrolled at this university and will be for several years yet, and I've been using the VPN on a single laptop for watching TV without getting into trouble, but I can only connect to it using that protocol.

Running 2 different wifi networks is going to be the hard part since most consumer routers treat the wifi as a single network.

What I wanted to do with the second router was plug it into the first one's ethernet port in the same way as an ordinary computer, but then set up its wifi as a separate connection. So it wouldn't be extending the first router's wifi signal, but using some of its bandwidth to run a separate wifi network. Over which I could then run a VPN.

 

[failboat]

look into the edge router and unifi ap. it can do the vpn. just make sure it can do it on a single vlan.

you can create vlans and use trunking so that one AP can broadcast both vlans. with the correct routing rules the vlans can pass packets to each other if desired.

 

[bill001g]

It will takes some trial and error to get the ipsec setting working....especially without being able to see the sever vpn side.

IPSEC will negotiate a couple of different options for key exchange and encryption etc. The cisco tends to reject options it is not explicitly configured to accept. There are not that many to try and if you have a client that works you should be able to copy the option from there.

It sounds like all you need is a VPN router that can run as ISPEC client. Many can do that. I tend to like the asus with the merlin software but the factory firmware run vpn client as well.

It should be that simple though you run the second router with a different WIFI connection and anything you connect via that router will be vpn. Anything you connect to the main router wifi will go direct.