Using a 2nd router purely for VPN traffic?

[mummel]

Is this possible? For example, connect the second router dedicated for VPN to my main router, then config the VPN router to connect directly to a service like PIA, going through my main router? Could this work?

For example:

Device >> ethernet cable >> Router A (VPN setup using PIA) >> ethernet cable >> Router B (main router assigning all IPs) >> ethernet cable >> modem >> internet.

1) Would I be able to config router A as a VPN to use a service such as PIA so that the device can connect to the internet via PIA?
2) If so, would the device still be able to access to the local network shared folders on other devices/PCs?

 

[mummel]

Thinking about this more, my idea is:

1) Set Router A to access point mode
2) Config Router A using OpenVPN to connect to the internet via PIA
3) Connect Router A to Router B
4) Let router B handle IP allocation and be my main router etc.

So if I connect my PC to router A and type in "whatismyip", will my IP address be a PIA one, or will it still be the IP my ISP gives me on Router A? Thanks.

 

[CaptainSTX]

Yes this will work with no problems other than port forwarding if you want to run a service such as an FTP server on the double NATed router. The only service that I haven't been able to get working on the double NATed router is a VPN where I can securely connect from the Internet to resources on the double NATed router but I haven't really tried that hard.

Double NAT the router you want to run the VPN connection to PIA behind your primary router. Without any custom routing or iptables any device connecting to this router using either Ethernet or WiFi will use the PIA VPN. For a direct connection to your ISP you would connect to the primary router.

You can force devices to use either of the WiFi SSIDs by either not giving a user/device the paraphrase to use for a particular radio or by creating a list of devices' MAC addresses/IPs that are permitted to connect to each AP. The second method isn't fool proof as someone with basic skills can easily spoof an IP or MAC address.

I have used a second VPN router behind my primary router for five years and I have had no problems with stability, rebooting or noticeable reduction in connection speeds. Currently my ISP is FIOS and with TV from them maintaining the Actiontec router and its MOCA functionality has certain benefits. Some people will tell you never double NAT routers as it causes problems, but in my case it hasn't. Try it for yourself and make your own evaluation.

 

[YeOldeStonecat]

For larger business clients with larger networks and who have many "road warrior" remote users VPN in at the same time, we use dedicated VPN appliances to receive those connections, and I'll use one of their unused public IP addresses for that. The logic is...for many remote VPN users, typically the primary router with its basic built in VPN server can't process the regular network traffic, and many VPN connections...at a high standard of performance. So a unit (like a Juniper SA series) VPN appliance...which has its own CPU and memory just for VPN throughput, fits the bill nicely. (yes it's expensive..but worth it).

But...for like less than 5 or 10 concurrent remote VPN connections...most regular routers should suffice. So what is making you want to try this approach?

 

[Samir]

For larger business clients with larger networks and who have many "road warrior" remote users VPN in at the same time, we use dedicated VPN appliances to receive those connections, and I'll use one of their unused public IP addresses for that. The logic is...for many remote VPN users, typically the primary router with its basic built in VPN server can't process the regular network traffic, and many VPN connections...at a high standard of performance. So a unit (like a Juniper SA series) VPN appliance...which has its own CPU and memory just for VPN throughput, fits the bill nicely. (yes it's expensive..but worth it).

But...for like less than 5 or 10 concurrent remote VPN connections...most regular routers should suffice. So what is making you want to try this approach?

I was thinking to reply like you did until I noticed that what the OP is talking about is much different.