Q: How to Configure VPN for IoT Devices?

Q: How to Configure VPN for IoT Devices?

A: VPN was initially designed to be used by computers. As such, there are software and network drivers to install and configure. The problem with IoT devices (Internet of Things, such as wireless thermostats, webcams, remote doorbells, wireless garage door openers, etc.) is that with almost no exceptions, developers have not included an option to add 3rd-party software and drivers. So by themselves, IoT devices cannot be secured.

BUT…

What if we were to do the following:

  • Create an encrypted wi-fi for the IoT device to communicate on between your router and the IoT device.
  • Enable VPN on the router, so that IoT data is encrypted between your router and your VPN provider.

Doing so makes it exceptionally difficult for your IoT data stream to be intercepted and harvested. No more threat of bad actors snooping on your home or business webcam, or remotely unlocking your digital door locks.

What Can We Do?

Encrypted Wi-Fi

The first step is to ensure your Wi-Fi router is configured properly for secure, encrypted networking.

The current encryption protocol of choice is called WPA3. Unfortunately, it has only been a standard for a year. There are few routers available to support it, and fewer IoT devices supporting it. However, I strongly recommend upgrading to a modem capable of WPA3 so that it is available as you upgrade your networkable devices.

My preference is for the ASUS brand of what are called Wi-Fi 6 or 6e routers. These are much faster than the previous generation, and support WPA3 and WPA2. I will use screenshots from the ASUS GT-AXE11000.

  1. Open the router control panel.
  2. From the sidebar select Wireless.
  3. Scroll down to the Wi-Fi channel you want to use for your IoT devices.
  4. Tap the Authentication Method. You will see a pop-up menu of all the available encryption options.
  5. Select WPA3-Personal, then configure the password.
  6. Save your changes.
  7. Test your IoT devices, computers, tablets, and mobile phones to determine if they can connect to WPA3.
  8. If all connect, we have rainbows and unicorns. If some devices cannot connect, you may need to change your Authentication Method to WPA2/WPA3.
  9. NOTE: Under no circumstances should you need to use WPA. This is a recipe for disaster. WPA has been broken, and any kid with 10 minutes of internet search will find the way to do it. Although WPA2 has also been broken, it is a more complex process.

Configure Your Router for VPN

The next step is to configure your router to connect to the internet via VPN. In this strategy, all traffic leaving the router is encrypted.

NOTE: Many mid-grade routers lack the ability to add VPN. This is a great time to invest in a modern, high-quality router that can add VPN, uses WPA3, and supports Wi-Fi 6.

  1. Subscribe to a quality VPN provider. I personally use NordVPN. 
  2. From your VPN provider website, download their opvn file. This is the driver to be added to your router.
  3. Open your routers control panel page.
  4. From the sidebar, select VPN.
  5. From the tabs, select Fusion VPN.
  6. Under the Server List section, tap Add Server.
  7. In the Add Server window, select OpenVPN tab.
  8. Enter your VPN subscription username and password.

  9. Tap the Choose File button, then locate and select the opvn file downloaded in step 2.
  10. Tap the Upload button to upload the opvn file to your router.
  11. Tap the OK button.
  12. Returning to the main VPN page, in the Exceptions List area, tap the Add Exceptions.
  13. In the Create New Policy page, from the Client Name field, tap the drop down arrow to see all devices connected to your router.
  14. Select one that you wish to be protected by VPN.
  15. In the Connection Name field, select the name of the VPN policy you created in step 8.
  16. Tap the OK button.
  17. Repeat steps 12-16 for every other device to be protected by VPN.

Yes, there are a lot of steps, but they are all easy, and the entire process may take under 10 minutes – AND you get to secure all your devices with VPN.

Q: Is It Still Safe to Use Tor?

Q: Is It Still Safe to Use Tor?

A: Get 100 consultants in a room, end up with 100 opinions.

A bit of background information for those not familiar with Tor. Tor was created by the US Navy as a method to create secure, anonymous internet communications. It was soon after released from restricted government use for use by anyone.

The way Tor works is it is a network – called the “Onion Network” – that consists of three gateways that anyone using Tor must pass through. This includes an entry node, middle node, and exit node. All traffic over Tor is encrypted, and because the exit node knows nothing about user data from the entry node, the data is well anonymized. The user needs to use a browser that understands how to use the Onion Network. The officially recognized browser for use is called the Tor Browser.

From my perspective, I can’t recommend the use of Tor at this point. My reasons are:

  • Due to the need to pass through 3 separate nodes, with encryption/decryption occurring at each, there is a huge latency (delay) introduced. This may slow down your internet work by as much as 4-10x.
  • The US government (and probably many other governments) have their own nodes in play. If you control a node, you have access to the decrypted data.
  • For the past few years a rogue player has installed around 900 nodes – out of a total of 9,000-10,000 total nodes. This one bad actor controls up to 10% of all nodes. Given that when using Tor you have to pass through 3 nodes, chances are around 30-35% your data will pass through one of theirs.
  • The entire Tor node system is volunteer, and from all reports, poorly managed and supervised. I can very well see that at least 50% of all nodes are controlled by bad actors.

What to Do

Instead of relying on Tor, I very strongly recommend the 24/7 use of a quality Virtual Private Network service (VPN). With VPN, all of your internet traffic is encrypted as it exits your device, where it travels to the VPN provider, is decrypted, and sent on its way. This prevents harvesting of your data by someone snooping on your Ethernet, Wi-Fi, or cellular connection, your Internet Service Provider (ISP), and anyone else up to the VPN provider. And since your data stream is intermingled with potentially thousands of other users as it leaves the VPN provider, it is impossible to isolate your data.

In addition, when using a quality VPN, your internet traffic is only slightly impacted by the encryption/decryption process – in fact, many users report their internet speed increases when using VPN, as a quality VPN can block some unwanted traffic from hitting you.

There are thousands of VPN providers available. Perhaps the majority are not quality providers and should not be trusted. My go-to vendor of choice is NordVPN at https://nordvpn.com