No idea what I'm doing here Router setup / VPN

Long story short I'm American but live out of the country. I have a Modem / router combo. I also have a subscription to Private Internet Access VPN. While I do have it running on my desktop I would rather have it setup for my router so my devices like Roku netflix work as though I was still back home. I have no idea, what I'm doing here since PPPoE and DNS stuff after a couple hours I'm still confused. Hoping you guys can help me out.

This question was asked by someone with the same modem/ router combo as I have.

"This is a common question that comes up, getting US Netflix seems to be a popular request these days. Within our RG (5168N) you can manually adjust your DNS settings, you would simply have to login to the device from a hardwired computer and it's under the Settings tab, then select the Broadband option at the top, then Link Configuration below that."

I'm assuming in order to do this I would need to do something with the DNS?

When I login to my modem this is what I see:

Status Link Configuration DNS Resolution
Warning Modifying the settings on this page can impact the ability of devices on your private network to access your broadband connection. Modifications may also affect broadband-enabled applications and services running on your private network.

Broadband Interface: I can choose automatic enternet/dsl or DSL, Ethernet

Choose Interface type:
Connection Type: I can choose either default Direct IP DHCP or Static or PPPoE

Do I use this area PPP authentication and settings? I'm guessing I use my username and password from Private Internet Access?
Connection Type:
PPP Authentication and Settings

Username and password are required if you select PPPoE or PPPoA connection type

Username:
Password:
Confirm Password:
PPP on Demand: (Currently set to 0) Minutes (0="always-on" connection)
Broadband IP Network (Primary Connection)

The next part looks like I can choose from IP addressing or DNS I would imagine I use the DNS one but do I use manually specify DNS information. Any idea where to get the Primary server, secondary server, and domain name?

IP Addressing: Obtain IP address automatically (dynamic IP or DHCP)
Manually specify IP address settings:
IP Address:
Subnet Mask:
Default Gateway:


DNS: Obtain DNS information automatically
Manually specify DNS information:
Primary Server:
Secondary Server:
Domain Name:

The next section I have no idea.

Use Broadband IPs on LAN: Enable (allow devices on the LAN to be configured with a broadband IP and bridge traffic)
Current IP/subnet mask: 207.161.218.190 / 255.255.248.0
Specify usable subnet mask: _____________
Auto Firewall Open:

System MAC Address: Use the built-in system MAC address: 60:fe:20:9f:f0:f4
Override the built-in MAC address
Specify MAC address:
Upstream MTU:

Supplementary Network

Add Additional Network Enable
Router Address: _______________
Subnet Mask ________________
Auto Firewall Open:


There is also a DNS resolution setting on the next page of the Router settings the shows the following not sure if I need to do anything here:

Domain Name Server Resolution

Manually define a Domain Name and IP Address to resolve:

Add a New DNS Name
DNS Name:
IP Address:

If I'm reading the device information correctly, you are trying to set this up on the actual Internet Gateway that is provided by the ISP? What you need to do is install an actual router behind it, and use that to configure your VPN.

When configuring a router as a VPN, you need to be conscious of certain decisions you need to make, which could affect your ability to set up the device, and what type of device do you need? The biggest one is, do you wish to send all traffic through the VPN, or just traffic for something like netflix and the such?

If you have a small computer not in use, you may be better setting up a linux box to act as your router, typically they will have a much steeper learning curve, but would probably provide you the best possible service.

My modem acts as a wired/wireless router I cannot just change the dns over to something. "do you wish to send all traffic through the VPN, or just traffic for something like netflix and the such" whatever is easier.

Most ISP's, hijack DNS requests so you'll need to use DNSCrypt-proxy, google "DNSCrypt-proxy siterivateinternetaccess.com", and follow there guide. Use an OpenDNS server in the US that supports DNSCrypt-proxy, they are listed in the documentation.

I'd follow Syran's suggestion, and re-purpose an old pc to act as your VPN Gateway, the learning curve is steeper, but the end results are worth it. For this task I'd recommend pfSense, and just run DNSCrypt on your Netflix box instead of pfSense.

This is a lot more complicated than I thought seeing as private internet access software is so easy. Boom and computer is good to go. Figured it might be simple for the router/ roku setup

It is more straightforward on an actual router/computer, as you control that, not someone else. Your internet provider typically doesn't have stuff built into their boxes for VPNs, and if they do, they will probably want to charge you more for it, as they will (at least in the states) consider you a Business account. I would contact who you are using for a VPN provider, and see if they recommend any good Point-2-Point routers/software for their solution, they probably have a setup for something floating around to do what you want to do. Then, figure out if you want to push all traffic through it, or just some, which will come into playing with routing tables primarily.

Also, DNS really has absolutely nothing to do with a VPN. All DNS does is say that some name points to some IP Address, secure DNS is so that someone doesn't attack the DNS information, and point you in the wrong direction.

The reason you are using a VPN is to tunnel something to make it look like it is coming from somewhere else, You can also do this via a proxy, which is probably a bit easier, depending on what you are doing it from.

Here is the biggest different involved:
A proxy, you send all your traffic there, and then it redirects it to where you want to go, making it seem like you are coming from the proxy. This is typically done all out in the open with normal protocols for whatever you are doing (which means that the proxy also has to support that protocol, if it's something out of the ordinary, not port 80 or 442 typically).

A VPN creates a secure tunnel from you to another point, at which traffic then progresses further. The benefit here is that it basically sends all data to another point securely, regardless of protocol/ports/etc, then makes it seem like you are escaping into the world from there.

Oh, and on a side note, I'm always much happier controlling the ingress/egress point of my network than my ISP, just don't like trusting someone else with that.

I brought up DNSCrypt due to the common issue of DNS request leakage when using VPN's, I for one like to be sure I am going to who I intend to go to.