use WPA2 with a long and unique wireless network name and a long unique password.
Set up your router and dhcp to accept only a list of known MAC addresses.
Use a "strange" network address with very small pool of addresses.
The above three steps will make your network pretty much beyond reach even with the best of hackers with more than ordinary computing powers.
Going VPN route is doable and certainly increases security but i think its something to do just to see if you can do it and learn a thing or two about VPN and networking and its something that belongs in the "advanced user" section.
Does your router support VPN functionality? what router do you have,what capabilities does it have?
Well I already am using WPA2, I have a very long randomly generated password, my SSID is not very long though (since it is being broadcast I didn't think it mattered).
I also have it set up to only work with my cellphone's MAC address (although I know those can be spoofed).
I'm not sure what you mean by "Strange network address".
Are you referring to the router's local IP address or the Network Address Server Settings (DHCP).
With my firmware the router's local IP address is different from the "starting IP address" in the Network Address Server Settings (DHCP) section.
And yes my router does support VPN, several versions including OpenVPN which I am told is the best of the bunch.
The firmware that I am using on this router is DD-WRT Mega Build by Brainslayer.
My other router is running Shibbly's version of Tomato 1.28, it too supports OpenVPN.
These firmwares can be used with many different routers.
If you are interested in trying it, Google them and check out their list of supported devices.