Confused - Sort Of - VPN/Port Forwarding

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,063
Reaction score
314
As catcamstar alluded to, most, if not all routers brands have been or can be exploited. Where he and I seem to differ is on how a company learns about and deals with found code bugs and exploits. I have no interest in and don't sell them, but Netgear has been exemplary in setting up a bug bounty program and in squashing bugs and exploits in record time once discovered.

Router Brands to stay away from in my opinion:
DLink, Asus & TPlink (nothing wrong with these companies' switches, etc)

Decent router brands to date:
Netgear, Ubiquiti, Cisco
I see where you are coming from and it was a big misstep for asus, I still bought my router due to easy openvpn setup in July. I enabled this:
Malicious Website Blocking
Vulnerability Protection
Infected Device Prevention and Blocking

Then I saw all traffic is sent to trendmicro... So that seems like a big privacy concern and not sure how that is allowed. I disabled it. What do you suggest in terms of disabling or enabling that service?

They seem to update their signature/firmware a lot.

As there been any issues lately with asus?

I think dlink is the worse.
 

Holbs

Pulling my weight
Joined
May 1, 2019
Messages
164
Reaction score
134
Location
Reno, NV
Also... mentioned was Dlink, Asus, and TPlink. What about Netgear? Especially the Netgear Nighthawks (though I think these routers were more "online gaming" designed).
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
24
Reaction score
3
Location
United Kingdom
So as per original post - All working - Android Phone/Linux Laptop/Windows Laptop (remote not on local lan) - So a huge and I mean huge thank you to all concerned - it is appreciated.

And now to this storm I seem to have created - been thinking about it over the past couple of days.

The average "home user" just doesn't care about security all they are interested in is surfing the web, its irrelevant to them, then there are a few folks who are more tech savvie/home business/small business and want to do more than just surf the web and thats where the problem starts you rely on the honesty and integrity of the vendor and or pricing point. I looked at a ton of reviews for xdsl routers before I bought my ASUS not one review mentioned dodgy security and even today they still number consistently in the top 10.
Without being stupid name an xdsl router that the somewhat tech savvie person can use that meets all current security standards
 

Hammerhead786

Getting the hang of it
Joined
Apr 23, 2018
Messages
89
Reaction score
37
So as per original post - All working - Android Phone/Linux Laptop/Windows Laptop (remote not on local lan) - So a huge and I mean huge thank you to all concerned - it is appreciated.

And now to this storm I seem to have created - been thinking about it over the past couple of days.

The average "home user" just doesn't care about security all they are interested in is surfing the web, its irrelevant to them, then there are a few folks who are more tech savvie/home business/small business and want to do more than just surf the web and thats where the problem starts you rely on the honesty and integrity of the vendor and or pricing point. I looked at a ton of reviews for xdsl routers before I bought my ASUS not one review mentioned dodgy security and even today they still number consistently in the top 10.
Without being stupid name an xdsl router that the somewhat tech savvie person can use that meets all current security standards
Glad you got it all sorted. I see no storm that you created, however, I do see a thread that was hijacked.
 
Joined
Feb 7, 2019
Messages
11
Reaction score
9
Location
South Carolina
Glad to see another person successfully using VPN to access their home network. That alone makes them more secure than about 90% of the people out there.

As far as router security, I think one of the biggest issues is that the average person installs their router and NEVER looks at it again. They never install firmware updates or think about security once the initial installation is done.

As far as router recommendations, I would agree that using a well known and respected third party firmware is almost a "must have" at this point. Something like DD-WRT or Merlin at the very least. But honestly the best solution is to look at something like Ubiquity or pfSense or some other actively supported router solution. Building your own pfSense router is inexpensive and a robust solution. In fact it is arguably cheaper than buying a high end router (although you will still need to address the need for a wireless access point, so the cost comparison isn't exactly apples to apples). I'm running my pfsense router on an HP thin client (T620 plus) that I picked up used for about $120. Adding another network card was about $30, so I have $150 total in my build.

Of course this whole topic is like pandora's box or an onion that you start pealing. It can get deep very quickly! But these are great questions to ask and conversations we should be having.
 
Last edited:

Hammerhead786

Getting the hang of it
Joined
Apr 23, 2018
Messages
89
Reaction score
37
Glad to see another person successfully using VPN to access their home network. That alone makes them more secure than about 90% of the people out there.

As far as router security, I think one of the biggest issues is that the average person installs their router and NEVER looks at it again. They never install firmware updates or think about security once the initial installation is done.

As far as router recommendations, I would agree that using a well known and respected third party firmware is almost a "must have" at this point. Something like DD-WRT or Merlin at the very least. <snip>

Of course this whole topic is like pandora's box or an onion that you start pealing. It can get deep very quickly! But these are great questions to ask and conversations we should be having.
Completely agree, but these conversations should take place in an appropriate thread.
 

toastie

Getting comfortable
Joined
Sep 30, 2018
Messages
85
Reaction score
12
Location
UK
The OP mentioned port forwarding with a VPN. Instructions on GitHub about running openvpn on a raspberry pi have this, "You will need to have your router forward UDP port 1194 (or whatever custom port you may have chose in the installer)".

Incidentally, I have an Asus router on DDWRT but it runs openvpn client. My main router doesn't have openvpn so if I need to, I'll set up an RPi as an openvpn server again, this time for access to my BI PC when I'm away from home. Perhaps I'll use Stunnel though I'll have to do some homework first.
 
Top