I wanted to protect my privacy in light of some draconian laws being passed in the UK ([[wp>Investigatory_Powers_Act_2016|IPBill]] and [[wp>Digital_Economy_Bill_2016–17|Digital Economy Bill]]). The simplest thing to do was to set up a [[wp>Virtual_private_network|Virtual Private Network (VPN)]] to mask from my ISP(s) the sites I was visiting. Rather than do this for every device in the house I opted to do it at the router level so that anything connected to my network would be using the VPN.
====== Hardware ======
If you intend to do this you might be in luck and find that the router you have supports VPN already. My current router at the time (a [[|Zyxel P-2812HNU-F1]]) did, but only a crude IPSec and the VPN service I had at the time only supported Cisco's IPSec (it is reported to be [[https://wiki.openwrt.org/toh/zyxel/p2812hnu-f1|supported by OpenWRT]] but I didn't want to risk screwing up the only router I had whilst configuring OpenWRT/VPN/etc.). Cue looking for a new router. Ideally I wanted one which incorporated a VDSL modem as that is the service I receive from my ISP thanks to Fibre To The Cabinet, but I was finding it tricky to find such a router so I compromised and purchased a [[http://www.linksys.com/gb/p/P-WRT1900ACS/|Linksys WRT1900ACS]] because I knew that Linksys had a [[http://arstechnica.com/information-technology/2016/05/linksys-wrt-routers-wont-block-open-source-firmware-despite-fcc-rules/|commitment to making the WRT series open]].
====== OpenWRT ======
[[https://openwrt.org/|OpenWRT]] is an open-source GNU/Linux based project for embedded wireless routers. Its available for a large range of [[https://wiki.openwrt.org/toh/start|devices]] including the [[https://wiki.openwrt.org/toh/raspberry_pi_foundation/raspberry_pi|Raspberry Pi]] if you want a cheap, low powered solution to some of these problems. Its available for the [[https://wiki.openwrt.org/toh/linksys/wrt1x00ac_series|Linksys WRT1900ACS]] and having used it years ago on older [[|WRT54g]] I opted for this. An alternative might be to try [[https://www.dd-wrt.com/|DD-WRT]] which is another similar distribution.
It is absolutely critical that you get the correct build of OpenWRT to flash your router with. To do this you need to know the model and version of your router. For Linksys WRT1900ACS this is printed on the bottom of the router. Do NOT let the FCC-ID confuse you its the model, if there is no version listed then you [[http://www.linksys.com/fi/support-article?articleNum=135539#Routers%20and%20Access%20Points|have a v1]].
{{https://i.imgur.com/USucYpY.jpg?scale=1000&nocache}}
===== Flashing OpenWRT - OBSOLETE =====
**WARNING** - The old version of OpenWRT described here is vulnerable to the [[https://www.krackattacks.com/|KRACK attacks]], do NOT install anything other than LEDE >=17.01.4 as described [[https://kimura.no-ip.info/doku.php?id=linux:lede|here]].
Now follow the [[https://wiki.openwrt.org/toh/linksys/wrt1x00ac_series#oem_openwrt|very clear instructions on the OpenWRT Linksys WRT1x00AC Series page for installation]], they boil down to...
- Connect your router to your computer using a cable.
- Login to the stock firmware WebUI (**IP** : ''192.168.1.1''; **Username** : ''N/A '' (you're not prompted for a username; Password : ''admin'').
- Backup your OEM configuration (//Troubleshooting// > //Diagnostics// > //Router Configuration// > //Backup//).
- Navigate to //Connectivity// > //Basic// > //Manual Update// > //Choose File// and upload the image you have downloaded.
- Once the flash is complete the router will reboot and you can [[https://wiki.openwrt.org/doc/howto/firstlogin#login_to_webui|Login to the WebUI]] or [[https://wiki.openwrt.org/doc/howto/dropbear.public-key.auth|Connect via SSH]] and then [[https://wiki.openwrt.org/doc/howto/luci.essentials#installing_luci_on_uhttpd|install LuCi]].
...if you are unsure read the documentation on the OpenWRT Wiki and ask questions in the [[https://forum.openwrt.org/|OpenWRT Forum]] (there is a thread [[https://forum.openwrt.org/viewtopic.php?id=50173|dedicated to WRT1900AC]]).
===== Securing Installation =====
A couple of standard precautions should be taken to ensure your router is more secure, these boil down to adding a 'normal' user to SSH into the device and ensuring they have permission to ''su'' to ''root'' whilst at the same time blocking ''root'' SSH login. At the moment I rarely want to do any configuration to the router from outside of my own network so I prevent access via SSH and uhttpd (the WebUI) from the wider internet. General advice on the OpenWRT Wiki on how to [[https://wiki.openwrt.org/doc/howto/secure.access|secure your routers access]].
==== Adding a user ====
I'm happy adding users at the command line and using ''su'' rather than ''sudo'' which is recommended on the Wiki under [[https://wiki.openwrt.org/doc/howto/secure.access|Secure Access]].
opkg update
opkg install shadow-useradd shadow-userdel sudo shadow-su shadow-common shadow-groupadd shadow-groupdel shadow-groupmod shadow-groups shadow-utils
mkdir /home
useradd -m -G wheel -s /bin/ash [newuser]
passwd [newuser]
==== Securing SSH ====
SSH is part of ''dropbear'' under OpenWRT and configuration is stored in ''/etc/config/dropbear'', full options are listed [[https://wiki.openwrt.org/doc/uci/dropbear|here]] but the following will prevent ''root'' from SSH login and change the port.
config dropbear
option PasswrdAuth 'on'
option Port '2081'
option RootPasswordAuth 'off'
...however, the nice thing about this is that you can specify configurations based on the interface.
**TODO** Interface based settings.
=== Simplifying Connection ===
On your main computer you can take advantage of ''~/.ssh/config'' to save the port and user you SSH to OpenWRT with.
=== SSH Keys ===
If you already use pre-shared SSH keys to automate your login between servers you can copy your key over to OpenWRT and benefit from this functionality there too. The Luci interface has a section for uploading your key under ''System > Administration > SSH Access'' but since I opted to add a user and disable ''root'' SSH password access I had to copy the key to my users ''/home/[user]/.ssh/authorized_keys''.
SSH to OpenWRT as user and create the directory and file...
mkdir ~/.ssh
Exit back to your host and then copy your public key over...
scp ~/.ssh/id_rsa.pub openwrt:~/.ssh/authorized_keys
===== WiFi Configuration =====
By default WiFi is disabled on OpenWRT, you have to login and and enable the network. The default username is ''root'' and the password should already have been changed as advised above. Navigate to ''Network > Wifi'' and you will be presented with the available WiFi interfaces. They are currently both disabled, but you can ''Edit'' them before enabling. You might to change the following...
* **ESSID** : the name for your network.
* **Channel** : the frequency your devices operates on.
* **Width** : the width of the signal around the frequency.
* **Wireless Security** : It is **strongly** recommended that you set at ''WPA-PSK2'' password to restrict access to authorised devices. Do not use any ''WEP'' or ''WPA-PSK'' as they are less secure and everything should support ''WPA-PSK2''.
* **MAC Filter** : another layer of security you can choose to allow only your devices to connect to the wireless network (its not infallible though).
If you give your 2.4Ghz and 5Ghz the same names and passwords then devices will utilise their choice (fastest/strongest?) network automatically (**TODO** - Check : laptops, Android).
==== Secondary WiFi ====
A second WiFi network is useful if you wish guests to connect to a separate network or if you've some wireless devices you'd rather not have pass through the VPN you're going to set up. Navigate to ''Network > Wifi'' and you will be presented with the WiFi interfaces just configured above. You want to add a new network of either of the available devices. Simply ''Add'' a new one and configure it giving it a different ''ESSID'' so your devices can distinguish between them.
===== Add-Ons =====
OpenWRT has its own package management system ''[[https://wiki.openwrt.org/doc/techref/opkg|opkg]]'' and there is a page on Luci for installing packages. If you are connected to the internet then you can use the Luci to install packages or at the command line you can use ''[[https://wiki.openwrt.org/doc/techref/opkg|opkg]]'' to install packages by...
opkg install openvpn-openssl openvpn-easy-rsa luci-app-openvpn
...it will resolve all package dependencies and install them for you. If for some reason you are like me doing some configuration before connecting your router to the internet you can still install packages manually by downloading them from the appropriate repository (look in ''/etc/opkg/distfeeds.conf'' for the URL of the package repositories for the install you have).
# cat /etc/opkg/distfeeds.conf
src/gz chaos_calmer_base http://downloads.openwrt.org/chaos_calmer/15.05.1/mvebu/generic/packages/base
src/gz chaos_calmer_luci http://downloads.openwrt.org/chaos_calmer/15.05.1/mvebu/generic/packages/luci
src/gz chaos_calmer_packages http://downloads.openwrt.org/chaos_calmer/15.05.1/mvebu/generic/packages/packages
src/gz chaos_calmer_routing http://downloads.openwrt.org/chaos_calmer/15.05.1/mvebu/generic/packages/routing
src/gz chaos_calmer_telephony http://downloads.openwrt.org/chaos_calmer/15.05.1/mvebu/generic/packages/telephony
src/gz chaos_calmer_management http://downloads.openwrt.org/chaos_calmer/15.05.1/mvebu/generic/packages/management
Download packages from the URLs then copy them to your OpenWRT installation using ''scp''. You will have to resolve dependencies yourself, so if you are told something is not available simply download it too.
==== Adblocker ====
An [[https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md|Adblock package]] (along with LuCi addon) is available ([[https://github.com/openwrt/packages/tree/master/net/adblock/files|Github project]], [[https://forum.openwrt.org/viewtopic.php?id=59803&p=14|forum thread]] and some more information on configuration in [[https://forum.openwrt.org/viewtopic.php?pid=346943#p346943|this thread]]).
==== OpenVPN Client ====
**IMPORTANT** - Configuration will be //highly// dependent on the service provided by your VPN provider. Some examples are given and they should be useful to help guide you in your own configuration but you will have to consult your provider for details of their configuration and settings.
* [[https://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tun|OpenVPN client with TUN (Layer 3) device]] how to configure OpenVPN under OpenWRT so that all devices on your home network pass through the VPN.
* [[https://wiki.openwrt.org/doc/howto/vpn.openvpn|OpenVPN Setup Guide for Beginners]] Main documentation for OpenVPN under OpenWRT.
=== SlickVPN ===
Download the SlickVPN openvpn configuration file from [[https://www.slickvpn.com/tutorials/using-openvpn-with-ubuntu-mint-network-manager/|here]] whilst additional information on configuration (based on using [[|DD-WRT]]) can be found [[https://www.slickvpn.com/tutorials/dd-wrt-v-25000/|here]]. The simplest method to get started is to save the OpenVPN configuration to ''/etc/openvpn/'' as the instructions on the [[https://wiki.openwrt.org/doc/howto/vpn.openvpn#configure_openvpn|OpenWRT Wiki - OpenVPN Setup Guide for Beginners]] indicates that OpenVPN will attempt to load all ''.conf'' files located in ''/etc/openvpn''
cd /etc/openvpn
wget "https://files-slickvpn.netdna-ssl.com/config_files/SlickVPN.ovpn" && mv SlickVPN.ovpn SlickVPN.conf
Now when you go to Luci and navigate to ''Services > OpenVPN'' you will find SlickVPN listed as an option and you can add additional configuration. At the very least you will need to specify one or more servers to connect to along with your username and password.
== Additional Configuration ==
The following changes should be made (based on [[https://www.slickvpn.com/tutorials/dd-wrt-v-25000/|SlickVPN instructions for DD-WRT]]) under ''Services > OpenVPN > SlickVPN'', some are under ''Basic Configuration'' others are under one of the sections of ''Advanced Configuration''
^ Setting ^ Location ^ Value ^
| ''dev'' | ''Advanced > Networking > dev'' | ''tun'' |
| ''proto'' | ''Basic > Additional Field > proto'' | ''udp'' |
| ''cipher'' | ''Advanced > Networking > Additional Field > cipher'' | ''AES-256-CBC'' |
| ''hash'' | ''-'' | ''-'' |
| ''compression'' | ''Basic'' | ''None'' |
| ''port'' | ''Advanced > Networking > Additional Field > port'' | ''443'' / ''8080'' / ''8888'' |
| ''TLS cipher'' | ''-'' | ''-'' |
| ''NAT'' | ''-'' | ''enable'' |
| ''MTU'' | ''-'' | ''1500'' |
| ''keepalive'' | ''-'' | ''10 120'' |
| ''remote-cert-tls'' | ''-'' | ''server'' |
| ''redirect-gateway'' | ''-'' | ''-'' |
To add your username (i.e. your SlickVPN email address) you need to save it to a file, the location of which is specified under ''Advanced Configuration > VPN'' where you then have to ''Add Field'' of ''auth_user_pass'', the default is ''/etc/openvpn/userpass.txt'' which is fine but make sure you put the correct information in this file in the format...
== uci ==
You can set configuration manually using ''uci''. SSH into your device and issue the following commands...
uci set openvpn.slickvpn=openvpn
uci set openvpn.slickvpn.enabled='0'
uci commit
=== Private VPN hosted on VPS ===
==== uPnP ====
**TODO** Something separate?
==== Other ====
There are lots of other useful packages to install, but be mindful that these devices have limited space (albeit vastly increased from the WRT54g I used to use!). Some that I recommend (but haven't installed everything myself as I already use them on other systems) installed are...
=== Essential ===
* [[https://www.nano-editor.org/|nano]] : A basic, but feature rich text editor.
* [[https://www.gnu.org/software/zile/|zile]] : An Emacs (text-editor) clone.
* [[http://rsync.samba.org/|rsync]] : File transfer program to keep remote files in sync.
opkg install nano zile rsync
=== Optional ===
* [[https://transmissionbt.com/|transmission]] : As the WRT1900ACS has USB ports you can hook up drives and run this excellent BitTorrent client on your router.
* [[https://wiki.openwrt.org/doc/howto/usb.audio|USB Audio]] : Not an individual package but a method of streaming music from an attached USB device.
opkg install transmission
==== OpenVPN Client Configuration ====
This is where things get technical and can vary //massively// depending on who provides your VPN. For this write-up I have gone through two procedures, the first configuring it to use [[https://www.slackvpn.com|SlackVPN]] as that was a service I was initially using when I purchased the router. I wanted more control over certain aspects of my VPN connection though so opted to switch to paying for a VPS (Virtual Private Server) that I could install OpenVPN and set-up a server on.
You should have installed the OpenVPN client software in the above sections, you now need to configure them. The information presented below is taken from two articles on the OpenWRT Wiki [[https://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tun|OpenVPN client with TUN (Layer 3) device]] and [[https://wiki.openwrt.org/doc/howto/vpn.openvpn|OpenVPN Setup Guide for Beginners]].
=== SlackVPN ===
Download the [[https://www.slickvpn.com/tutorials/using-openvpn-configuration-files/|SlackVPN OpenVPN.ovpn]] to the router, e.g. after SSHing to the router you can...
cd /etc/openvpn
wget https://files-slickvpn.netdna-ssl.com/config_files/SlickVPN.ovpn
Open the file and modify it, adding additional ''remote'' entries, setting them to be chosen randomly (''remote-random''), pointing ''auth-user-pass'' to a file you will place your username and password in, passing DNS queries
# host/port of vpn server
remote gw1.mia4.slickvpn.com 443
remote gw1.man2.slickvpn.com 443
remote gw1.iom1.slickvpn.com 443
remote gw1.dub1.slickvpn.com 443
remote gw1.ost1.slickvpn.com 443
remote gw1.lil1.slickvpn.com 443
remote gw1.ams3.slickvpn.com 443
remote gw1.lux1.slickvpn.com 443
remote-random
# file containing username and password
#auth-user-pass openvpn.userpass
# ... or prompt for authentication
auth-user-pass /etc/openvpn/slickvpn
auth-nocache
# equivalent to pull, tls-client
client
# redirect all outgoing traffic to the vpn gateway
redirect-gateway
# Pull DNS names from server once connected
allow-pull-fqdn
# verify the server certificate for authenticity
remote-cert-tls server
cipher AES-256-CBC
proto udp
dev tun
keepalive 10 120
nobind
persist-key
persist-tun
# ssl certificate / key used for tls
#ca certs/ca.crt
#cert certs/client1.crt
#key certs/client1.key
-----BEGIN CERTIFICATE-----
MIIDQDCCAqmgAwIBAgIJAM8Brk2pUr0KMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4x
DDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkq
hkiG9w0BCQEWA1ZQTjAeFw0xMjAzMDMwMjExNDJaFw0yMjAzMDEwMjExNDJaMHQx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQK
EwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4x
EjAQBgkqhkiG9w0BCQEWA1ZQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
wY2K08N7or1Br/EsD9XBon7gs7dKflWYuymgMLJfeMFWuJloNdsn+3GARIhYBbN6
zhvFGFE214qKPqAydW1WmIIK7KoC0sgndr+Vk/au9gssFzVmmvr6+WN/nfo2L9Kv
vBMoYLrMAiyw/D4cRapZi2pXJLcMDfC+p1VWAX8TYWkCAwEAAaOB2TCB1jAdBgNV
HQ4EFgQUmyvO4rTnu5/ABnp0FngU+SdR8WAwgaYGA1UdIwSBnjCBm4AUmyvO4rTn
u5/ABnp0FngU+SdR8WCheKR2MHQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEM
MAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UE
AxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAM8Brk2p
Ur0KMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAoB0kOuGvrzPBTIRX
IDHCCxBMdny+3sKAOllmH4+51j2aWhAJ4Pyc/yBTYyQGNoriABjmNzp+R05oiaxA
D3vTgR80juKDPtQb8LoGLBF18gL7Vtc3+hJXcJasXZaDSSoyh5f+TtGvytIT+ece
JWIrKnFXzlHOvKlyLkcZn15gwKQ=
-----END CERTIFICATE-----
log-append /var/log/openvpn/openvpn.log
You now need to create a file with your SlickVPN username and password, for simplicity I place this in ''/etc/openvpn/slickvpn'' (as reflected in the above configuration ;-) ). The first row should contain your SlickVPN email address, the second your password. For obvious reasons I am not placing a copy of mine in this document.
Finally you need to set ''uci'' (the configuration system on OpenWRT) to load and use this file, the following makes it possible to enable/disable it from the LuCi WebUI (see [[https://forum.openwrt.org/viewtopic.php?pid=343360#p343360|post]])...
uci set openvpn.SlickVPN=openvpn
uci set openvpn.SlickVPN.enabled='1'
uci set openvpn.SlickVPN.config='/etc/openvpn/SlickVPN.ovpn'
uci commit
...this should leave the following at the end of your ''/etc/config/openvpn''
config openvpn 'SlickVPN'
option enabled '1'
option config '/etc/openvpn/SlickVPN.ovpn'
==== Network Configuration ====
You now need to configure your internal network (LAN) so that traffic originating from it is passed through to the ''tun0'' connection. This is described on the [[https://wiki.openwrt.org/doc/howto/vpn.openvpn#tab__client|wiki]], you create the VPN interface...
uci set network.vpn0=interface
uci set network.vpn0.ifname=tun0
uci set network.vpn0.proto=none
uci set network.vpn0.auto=1
...then configure the firewall to ''REJECT'' all incoming and forwarding requests, but ''ACCEPT'' all output...
uci set firewall.vpn=zone
uci set firewall.vpn.name=vpn
uci set firewall.vpn.network=vpn0
uci set firewall.vpn.input=REJECT
uci set firewall.vpn.forward=REJECT
uci set firewall.vpn.output=ACCEPT
uci set firewall.vpn.masq=1
uci set firewall.vpn_forwarding_lan_out=forwarding
uci set firewall.vpn_forwarding_lan_out.src=lan
uci set firewall.vpn_forwarding_lan_out.dest=vpn
uci commit network
uci commit firewall
Reload your configuration...
/etc/init.d/network reload
/etc/init.d/firewall reload
=== Bypassing VPN ===
Some times its desirable to bypass the VPN, for example Netflix or BBC iPlayer are geo-restricted and if the exit node of the VPN is outside the UK they won't work. The 'trick' is to configure/route traffic from specific devices such as Chromecasts to bypass the VPN. There is a useful package [[https://github.com/openwrt/packages/tree/master/net/vpnbypass/files|vpnbypass]] (see also [[https://forum.openwrt.org/viewtopic.php?id=69489|this thread]]) that simplifies this process. If your running the development version you can follow the instructions to install. If however you're running the stable Chaos Calmer (15.05.1) then you have to install manually. Pre-built packages are [[https://github.com/stangri/Files|here]] and you have to switch from ''dnsmasq'' to ''dnsmasq-full'', ''ip'' to ''ip-full'' and install ''ipset'' and ''iptables''.
opkg remove dnsmasq ip; opkg install ip-full ipset iptables dnsmasq-full
cd /tmp
wget https://github.com/stangri/Files/raw/master/vpnbypass_1.0.0-5_all.ipk
wget https://github.com/stangri/Files/raw/master/luci-app-vpnbypass_git-17.027.48745-f546166-1_all.ipk
opkg install vpnbypass_1.0.0-5_all.ipk luci-app-vpnbypass_git-17.027.48745-f546166-1_all.ipk
rm vpnbypass_1.0.0-5_all.ipk luci-app-vpnbypass_git-17.027.48745-f546166-1_all.ipk
The default configuration routes PlexMedia past the VPN as well as the IP address' ''192.168.1.80-192.168.1.88'' so will likely need some tweaking, but this can be done through the LuCi interface as 'VPN Bypass' will now be listed under Services.
=== DNS ===
uci set network.tun0=network
uci set network.tun0.ifname=tun0
uci set network.tun0.dns='87.98.175.85 193.183.98.154 5.135.183.146'
uci commit
===== Self-hosted (VPS) VPN =====
There are tons of options for hosting a VPS, I can not really recommend any, my choice of [[https://www.ovh.co.uk/vps/vps-ssd.xml|OVH's VPS SSD1]] was based on a cheap price which included unlimited data (essential as a large portion of my browsing will be passing through the server). This section only details configuring OpenWRT to connect and use the services you will have to setup on the VPS yourself. That process is described [[linux:vps|elsewhere]] and involves setting up an account, purchasing the service you want and then install and configure [[|OpenVPN]] and [[|dnssec]].
A simple install script for a secure [[https://github.com/Angristan/OpenVPN-install|OpenVPN Installation]] can be used to ease the process.
==== Excluding Specific Services ====
Increasingly these days more and more content is streamed whether thats [[|iPlayer]], [[https://www.netflix.com/|Netflix]], [[|4OD]], [[|ITVHub]] or any other service. Many of these are geo-restricted which means if your VPN exit node is based in a country other than the one you are in you may find that some services do not work (conversely many have been using VPNs for years to circumvent this and access content from countries that would normally be blocked by using a VPN with an exit node in the country of interest).
Whilst [[https://community.openvpn.net/openvpn/wiki/HOWTO|OpenVPN can probably be configured to bypass specific traffic on the server-side]] I have for now opted to simply have a second wireless network to allow certain devices (Chromecasts, PS3, TV) to connect via the ISP and //not// use the VPN which some providers block access from. I'll look to work around this at some point but this is my solution for now.
====== Factory Reset ======
If you cock things up and flash the wrong image all is not lost as you can factory reset these devices by pressing and holding the
====== Links ======
* [[http://www.linksys.com/gb/p/P-WRT1900ACS/|Linksys WRT1900ACS (Product)]]
* [[http://www.linksys.com/us/support-product?pid=01t34000003qSgQAAU|Linksys WRT1900ACS (Support)]]
* [[http://www.linksys.com/us/support-article?articleNum=178015|Linksys WRT1900ACS : FAQ]]
* [[https://wiki.openwrt.org/toh/linksys/wrt1x00ac_series|OpenWRT : WRT1x00AC Series]]
===== OpenWRT Forums =====
* [[https://forum.openwrt.org/viewtopic.php?id=66759|WRT1900ACSv2 - Support of v2]]
* [[https://forum.openwrt.org/viewtopic.php?id=50173|Update on Linksys WRT1900AC support (long!)]]
====== SlickVPN ======
A table of [[https://www.slickvpn.com/locations/|SlickVPN servers]]...
^ Country ^ Location ^ Gateway ^
^ UK | Manchester | ''gw1.man2.slickvpn.com'' |
| ::: | Isle of Man | ''gw1.iom1.slickvpn.com'' |
| ::: | London | ''gw1.lhr4.slickvpn.com'' |
^ Iceland | Reykjavik | ''gw1.rkv1.slickvpn.com'' |
^ Eire | Dublin | ''gw1.dub1.slickvpn.com'' |
^ Belgium | Ostend | ''gw1.ost1.slickvpn.com'' |
^ France | Lille | ''gw1.lil1.slickvpn.com'' |
^ Netherlands | Amsterdam | ''gw1.ams3.slickvpn.com'' |
^ Luxembourg | Luxembourg | ''gw1.lux1.slickvpn.com'' |
^ Spain | Barcelona | ''gw1.bcn1.slickvpn.com'' |
| ::: | Madrid | ''gw1.mad1.slickvpn.com'' |
^ Italy | Milan | ''gw1.mxp1.slickvpn.com'' |
^ Bulgaria | Sofia | ''gw1.sof1.slickvpn.com'' |
^ Austria| Graz | ''gw1.grz1.slickvpn.com'' |
^ Czech Republic| Prague | ''gw1.prgr1.slickvpn.com'' |
^ Romania| Bucharest| ''gw1.buh1.slickvpn.com'' |
^ Poland | Warsaw | ''gw1.waw1.slickvpn.com'' |
| ::: | Gdansk | ''gw1.gdn2.slickvpn.com'' |
^ Denmark| Copenhagen| ''gw1.cph1.slickvpn.com''|
^ Sweden | Halmstad | ''gw1.had1.slickvpn.com'' |
| ::: | Stockholm| ''gw1.arn1.slickvpn.com'' |
^ Latvia | Riga | ''gw1.rix1.slickvpn.com'' |
^ Turkey | Istanbul | ''gw1.ist1.slickvpn.com'' |
^ USA | Boston | ''gw1.bos1.slickvpn.com'' |
| ::: | Newark | ''gw1.ewr1.slickvpn.com'' |
| ::: | ::: | ''gw2.ewr1.slickvpn.com'' |
| ::: | Scranton | ''gw2.avp1.slickvpn.com'' |
| ::: | Scranton | ''gw2.avp1.slickvpn.com'' |
| ::: | Washington | ''gw2.iad1.slickvpn.com'' |
| ::: | Fletcher | ''gw1.avl1.slickvpn.com'' |
| ::: | Atlanta | ''gw1.atl1.slickvpn.com'' |
| ::: | ::: | ''gw2.atl2.slickvpn.com'' |
| ::: | ::: | ''gw3.atl3.slickvpn.com'' |
| ::: | Tampa | ''gw1.tpa1.slickvpn.com'' |
| ::: | Miami | ''gw1.mia3.slickvpn.com'' |
| ::: | ::: | ''gw1.mia4.slickvpn.com'' |
| ::: | San Jose | ''gw1.sjc2.slickvpn.com'' |
| ::: | Seattle | ''gw1.sea1.slickvpn.com'' |
| ::: | Los Angeles | ''gw1.lax4.slickvpn.com'' |
| ::: | Los Vegas | ''gw1.las1.slickvpn.com'' |
^ Canada | Toronto | ''gw1.yyz1.slickvpn.com'' |
| ::: | Montreal | ''gw1.yul2.slickvpn.com'' |
| ::: | Vancouver | ''gw1.yvr1.slickvpn.com'' |
^ Australia | Melbourne| ''gw3.mel1.slickvpn.com'' |
| ::: | Sydney | ''gw2.syd1.slickvpn.com'' |
^ China | Hong Kong | ''gw1.hkg2.slickvpn.com'' |
^ Japan | Tokyo | ''gw1.nrt1.slickvpn.com'' |
| ::: | ::: | ''gw1.nrt2.slickvpn.com'' |
^ Panama | Panama City | ''gw1.pty1.slickvpn.com'' |
^ Brazil | Sao Paulo | ''gw1.gru3.slickvpn.com'' |
^ Chile | Vina del Mar | ''gw1.kna1.slickvpn.com'' |