I have neglected router security entirely. I want to change that. I am interested in buying an open source router that can run dd-wrt or pfsense with openVPN. One thing is important, it has to be daisy-chained to my ISP's router for now. So I guess I don't need the fanciest and fastest router there is but just something that's reliable and overall a sensible choice. I am thinking of routing all my traffic through a VPN. Flashing a router shouldn't be a problem but I'd like to avoid soldering. I don't want to exclude routers that can be flashed to run free firmware. Any input is welcome. Would this be a reasonable approach? Thanks!
Hi Balthazar, Here are some links that might help you decide or point you in the right direction for you: https://www.dd-wrt.com/site/ https://www.flashrouters.com/routers http://www.linksys.com/us/wireless-routers/c/wrt-wireless-routers/ https://www.reddit.com/r/homelab/comments/3u0959/router_ddwrt_vs_pfsense/ https://arstechnica.com/civis/viewtopic.php?t=1280055 (DD-WRT and Pfsense) -- Tom
I use a Linksys E3200 daisy chained to the router that connects to the ISP. I use shibby Tomato which has good OpenVPN support with two VPN tunnels. I can use both at once on different wifi SSIDs but that is a bit advanced and takes some custom scripting. The same can be done to tighten the firewall. The router cost me less than $20 and was chosen because it had enough flash memory and ram to support a more advanced firmware. I'm sure it supports DD-WRT as well. Flashing is easy and painless.
Thanks a lot for your answers. I did a lot of reading the past two days and went ahead already. I ordered this board: https://pcengines.ch/apu2c4.htm I am planning on running OPNsense or Pfsense. @MisterB That sounds like a great low-budget solution. I might buy a used one as well and try it out.
Just a quick update: Meanwhile I received the board with a mSATA and some cables (serial + adapter to USB). At first I thought I could use the serial port of an old thinkpad docking station but I couldn't manage to get it working, so I decided to spend the 10 bucks for an adapter cable to USB to speed things up. I used Putty and an old USB stick for the pfsense image (I read that there have been problems with at least some of the latest usb sticks). Everything worked as it should and now I am configuring pfsense. I chose this board because of its low power consumption and because it is running coreboot. Since I am a beginner I cannot (yet) comment on whether that was a good choice or not but I have a good feeling.
I've configured it and it is up and running. It took me a lot of reading to getting my head around these configurations and getting closer to knowing what they do. I had to start over because I had trouble with the antilockout rule. I must have made a few mistakes but I couldn't get to the bottom of it. Eventually I got it to work properly and the VPN seems to be leakproof. I will observe how stable the setup is and read about the possibilities pfsense has to offer. For now I am pleased but I have to run some tests in order to be sure about the whole setup.