OpenWrt Router for Home Networking

0 Comments | This entry was posted on May 21 2023

It’s been a task 10 years in the making but I finally bought myself a new router and installed OpenWrt into the firmware, overwriting the manufacturer’s firmware the router came installed with.

Hardware manufactures are well-known for not making firmware updates easily to administer and I would guess 99% of home users would never update, leaving home networks vulnerable to attackers from outside.

The reason for using OpenWrt was for privacy and security, but also because I’m a nerd and wanted more control over my home network. But it’s also a great way to learn more about how home routers connect your internal network to the internet and what each item of configuration does.

Every aspect of the the router can be configured through the web portal but you also have SSH access if you wanted to go deeper, including watching log files to diagnose issues. There are various add-ons that can be applied such as installing a VPN service which I intend to do next so I can connect to my home network via a VPN connection.

Beyond that, if I have time, is to do various vulnerability scans on the original router to see what vulnerabilities it may have.

Running a Privacy DNS Server at Home

0 Comments | This entry was posted on May 09 2023

I have been a privacy nut for as long as I can remember but have been reluctant to install a Pi-hole at home because I was already using ad-blockers & tracking blockers in my browser and don’t have my TV connected to the network.

However I thought it would be worthwhile to install Pi-hole on a spare Raspberry Pi I had lying around to see what value it might add, and despite using Brave Browser and Privacy Badger in Firefox I was surprised to see that Pi-hole was still blocking around 25% of requests. In the first month it has still blocked over 6,000 DNS requests. Most of these are maybe requests coming from apps on my phone which I hadn’t considered.

I have also followed the recommendation to configure Unbound which will bypass your local, ISP and any upstream DNS providers to get the IP address directly from the authoritative DNS server, adding another layer of privacy.

Pi-hole comes with a nice dashboard and is easy to navigate and upgrade as you can see in the attached screenshot

My next project is to buy a new WiFi router and install OpenWRT onto it to protect my home network further.