I currently use OpenWRT router. How can I make it more secure and private?
Removed most of bloat packages (IPv6, PPP), removed HTTP server (connecting through SSH). What else can I do?
inb4 install openbsd
no, it's not possible
>no, it's not possible
Why not? Your hardware is not supported?
>removed HTTP server (connecting through SSH)
How does that work? Never read about this...
Will other people use or just you? Because you could make it a Tor router.
Some ideas (won't work with Tor):
- Find a DNS server that do not store logs and has dns-crypt support (OpenNIC has some).
- Configure dns-crypt
- Use Unbound to cache dns requests
- Make Unbound rules to block bad domains. Most use blocklists are:
Abuse.ch: http://abuse.ch Spamhaus Zen: https://www.spamhaus.org/zen/ Wizcrafts: http://www.wizcrafts.net/ Dshield: https://secure.dshield.org/
- Squid server. This thing can do many strange stuff, even intercept and cache http requests (although I wouldn't recommend doing that). You can use to change the HTTP Header of all requests. This is useful for privacy (might fuckup your family's mobile connections, though).
- Check your Wifi configs. Use only WPA2 with PSK authentication and CCMP cipher. The passphrase should be 12-13 characters if you really care about security (don't use common words, as you might be vulnerable to dictionary attacks).
- Enable or disable hardware specific features, such as Wake on LAN and MTU values.
>>5667 >I currently use OpenWRT router. How can I make it more secure
Configure geoblocking(block all countries unless you host services on your network but why--just rent a fucking VPS), set up IDS with rule sets that auto updates, assign DNS servers(don't use the ISP's DNS servers), configure DNS over TLS, reject all clients from making DNS request directly--they must get their DNS queries solved by the OpenWRT router to prevent DNS hijacking, install/setup detection of brute force attacks from the LAN or internet side against the router and auto blocks them, disable ping request so internet recon and script kiddies have to wait until their probes timeout and then will be left wondering if the host exist/doesn't exist, optionally censor the interwebs for your users by enabling the web proxy so you can block ads, pron(if you have little children, questionable sites, restrict access to certain times only, etc..
<I don't use OpenWRT so I don't know how or if it can do these things.
>and private?
run tor on the router(you might fuck yourself when shopping and banking because your location is always changing)
List of DNS servers you can use: https://wiki.ipfire.org/dns/public-servers
>>5669 >Why not? Your hardware is not supported?
My hardware has really poor OpenBSD support.
>How does that work? Never read about this...
Basically, I use SSH to access my router and configure everything in config files.
>Will other people use or just you?
I just bought that router to cut off from my family. They all use computers with Intel ME, pirated, outdated Wangblows and download spyware.
Removed most of bloat packages (IPv6, PPP), removed HTTP server (connecting through SSH). What else can I do?
inb4 install openbsd
no, it's not possible