Confused - Sort Of - VPN/Port Forwarding

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
As catcamstar alluded to, most, if not all routers brands have been or can be exploited. Where he and I seem to differ is on how a company learns about and deals with found code bugs and exploits. I have no interest in and don't sell them, but Netgear has been exemplary in setting up a bug bounty program and in squashing bugs and exploits in record time once discovered.

Router Brands to stay away from in my opinion:
DLink, Asus & TPlink (nothing wrong with these companies' switches, etc)

Decent router brands to date:
Netgear, Ubiquiti, Cisco
I see where you are coming from and it was a big misstep for asus, I still bought my router due to easy openvpn setup in July. I enabled this:
Malicious Website Blocking
Vulnerability Protection
Infected Device Prevention and Blocking

Then I saw all traffic is sent to trendmicro... So that seems like a big privacy concern and not sure how that is allowed. I disabled it. What do you suggest in terms of disabling or enabling that service?

They seem to update their signature/firmware a lot.

As there been any issues lately with asus?

I think dlink is the worse.
 
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
Also... mentioned was Dlink, Asus, and TPlink. What about Netgear? Especially the Netgear Nighthawks (though I think these routers were more "online gaming" designed).
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
27
Reaction score
3
Location
United Kingdom
So as per original post - All working - Android Phone/Linux Laptop/Windows Laptop (remote not on local lan) - So a huge and I mean huge thank you to all concerned - it is appreciated.

And now to this storm I seem to have created - been thinking about it over the past couple of days.

The average "home user" just doesn't care about security all they are interested in is surfing the web, its irrelevant to them, then there are a few folks who are more tech savvie/home business/small business and want to do more than just surf the web and thats where the problem starts you rely on the honesty and integrity of the vendor and or pricing point. I looked at a ton of reviews for xdsl routers before I bought my ASUS not one review mentioned dodgy security and even today they still number consistently in the top 10.
Without being stupid name an xdsl router that the somewhat tech savvie person can use that meets all current security standards
 

Hammerhead786

Pulling my weight
Joined
Apr 23, 2018
Messages
248
Reaction score
165
So as per original post - All working - Android Phone/Linux Laptop/Windows Laptop (remote not on local lan) - So a huge and I mean huge thank you to all concerned - it is appreciated.

And now to this storm I seem to have created - been thinking about it over the past couple of days.

The average "home user" just doesn't care about security all they are interested in is surfing the web, its irrelevant to them, then there are a few folks who are more tech savvie/home business/small business and want to do more than just surf the web and thats where the problem starts you rely on the honesty and integrity of the vendor and or pricing point. I looked at a ton of reviews for xdsl routers before I bought my ASUS not one review mentioned dodgy security and even today they still number consistently in the top 10.
Without being stupid name an xdsl router that the somewhat tech savvie person can use that meets all current security standards
Glad you got it all sorted. I see no storm that you created, however, I do see a thread that was hijacked.
 

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,377
Reaction score
2,738
Location
USA
Glad to see another person successfully using VPN to access their home network. That alone makes them more secure than about 90% of the people out there.

As far as router security, I think one of the biggest issues is that the average person installs their router and NEVER looks at it again. They never install firmware updates or think about security once the initial installation is done.

As far as router recommendations, I would agree that using a well known and respected third party firmware is almost a "must have" at this point. Something like DD-WRT or Merlin at the very least. But honestly the best solution is to look at something like Ubiquity or pfSense or some other actively supported router solution. Building your own pfSense router is inexpensive and a robust solution. In fact it is arguably cheaper than buying a high end router (although you will still need to address the need for a wireless access point, so the cost comparison isn't exactly apples to apples). I'm running my pfsense router on an HP thin client (T620 plus) that I picked up used for about $120. Adding another network card was about $30, so I have $150 total in my build.

Of course this whole topic is like pandora's box or an onion that you start pealing. It can get deep very quickly! But these are great questions to ask and conversations we should be having.
 
Last edited:

Hammerhead786

Pulling my weight
Joined
Apr 23, 2018
Messages
248
Reaction score
165
Glad to see another person successfully using VPN to access their home network. That alone makes them more secure than about 90% of the people out there.

As far as router security, I think one of the biggest issues is that the average person installs their router and NEVER looks at it again. They never install firmware updates or think about security once the initial installation is done.

As far as router recommendations, I would agree that using a well known and respected third party firmware is almost a "must have" at this point. Something like DD-WRT or Merlin at the very least. <snip>

Of course this whole topic is like pandora's box or an onion that you start pealing. It can get deep very quickly! But these are great questions to ask and conversations we should be having.
Completely agree, but these conversations should take place in an appropriate thread.
 

toastie

Getting comfortable
Joined
Sep 30, 2018
Messages
254
Reaction score
82
Location
UK
The OP mentioned port forwarding with a VPN. Instructions on GitHub about running openvpn on a raspberry pi have this, "You will need to have your router forward UDP port 1194 (or whatever custom port you may have chose in the installer)".

Incidentally, I have an Asus router on DDWRT but it runs openvpn client. My main router doesn't have openvpn so if I need to, I'll set up an RPi as an openvpn server again, this time for access to my BI PC when I'm away from home. Perhaps I'll use Stunnel though I'll have to do some homework first.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
27
Reaction score
3
Location
United Kingdom
Well its taken a bit of time but I think I have got almost everything working in a safe and secure manner - but could probably be improved
So my setup is now
Cisco 877 series xdsl router only for isp connection
Cisco 892 connected to 877 this is running nat (my internal network is now all 10. addressing
The 892 is also running my VPN
BI pc has dual nics and I am using multiple vlans so all good there too

Looks a bit mad scientist but it works and I'm hoping is more secure than before.

Next step is a firewall and removal of one of the 800 series
 
Top