Securing Router

B

bbwolfe

IPCT+ Member
Feb 10, 2025
118
39
us
My only external access to my home router is so the BlueIris phone app can connect to my BlueIris Security PC.
I have it working but do not believe that I have my Router configured securely.
  • Open Port for BlueIris
  • DNS lookup (to keep external IP address updated) set in Router to my DDNS service

Can I use this post to ask for help configuring the Router to be more secure?
(DD-WRT)
 
You do not want to open a port.

What router do you have? It may have OpenVPN already on it.

If the router has VPN native to it, you simply check the box to use it/turn it on. Then it will have you create DDNS, set a username and password and you export out the certificate to go onto your mobile device. It is literally that simple.

Or you buy a router that has OpenVPN native to it.

Or you keep your existing router and simply setup up Tailscale or Wireguard or ZeroTier on the BI computer. It is literally go to say tailscale website and create an account and follow the simple directions (add device, create DDNS, etc.)
 
wittaj said:
You do not want to open a port.

What router do you have? It may have OpenVPN already on it.

If the router has VPN native to it, you simply check the box to use it/turn it on. Then it will have you create DDNS, set a username and password and you export out the certificate to go onto your mobile device. It is literally that simple.

Or you buy a router that has OpenVPN native to it.

Or you keep your existing router and simply setup up Tailscale or Wireguard or ZeroTier on the BI computer. It is literally go to say tailscale website and create an account and follow the simple directions (add device, create DDNS, etc.)
Click to expand...
Thanks again for helping me wittaj!
I was sure that I am currently exposed! It sounds like I may be able to make some minor modifications to my existing Router.

I do have DDNS enabled using my username. The password is actually the DynDNS "Updater Client Key". This is supposed to allow for updating my IP address so that I can access externally access BlueIris.

Here are my current Router settings. It sounds like I just turn off the Port settings?
-------------------------
ROUTER - DD-WRT on a Linksys Router

Use case:
  • Open Ports for BlueIris phone app through DynDNS service
  • IP Address changes
  • note: cameras on separate subnet

Setup tab
DDNS
DDNS Service (DynDNS.org)
Type (Dynamic)
External IP check (NO)
Force Update Interval (1day)

Services tab
Basic Setup
Dnsmasq (enabled)
No DNS Rebind (enabled)
Query DNS in Strict Order (enabled)
Telnet (enabled)
WAN Traffic Counter - ttraff Daeman (enabled)

VPN tab
PPTP Server (enabled)
Broadcast support (enabled)
MPPE Encryption (enabled)
Chap-Secrets - Local User Management (Router acct & password)

Security tab
SPI Firewal (enabled)
ARP Spoofing Protection (enabled)
Block Anonymous WAN Requests ping (enabled)
Filter Multicast (enabled)
Filter IDENT Port 113 (enabled)
VPN Passthrough
IPSec Passthrough (enabled)
PPTP Passthrough (enabled)
L2TP Passthrough (enabled)

NAT/QoS tab
Blueiris, TCP & UDP (enabled)

Administration tab
Protocol HTTP (enabled)
Enable Info Site (enabled)
Info Site MAC Masking (enabled)
Allow Any Remote IP (enabled)
Boot Wait (enabled)
Cron (enabled)
802.1x (enabled)
Routing (enabled)
IP Filter Settings (adjust these for P2P) - configured
 
Ok it appears your router doesn't have OpenVPN, so the using something like Tailscale or Wireguard or ZeroTier on the BI computer is probably the best bet.
 
wittaj said:
Ok it appears your router doesn't have OpenVPN, so the using something like Tailscale or Wireguard or ZeroTier on the BI computer is probably the best bet.
Click to expand...
I accidentally misled you. I do have a setting currently disabled for
OpenVPN Server/Daemon
OpenVPN

I sent you a list of everything I currently have ENABLED to see where I have exposed my Router incorrectly (such as those Open Ports).
 
I have things enabled (from the old days of needing to access a Corporate Business VPN Internationally, such as the old PPTP and Telnet).
The list shows so many things enabled that I think need and can be disabled. I just didn't want to cause myself trouble turning things off that are actually required for Security.....
 
Oh LOL.

I don't know that router, but is seems that you enabled about everything LOL.

Not knowing which you enabled, I would factory reset the router to get back to the original "secure" settings and then enable DDNS and OpenVPN.

Most of that stuff you have enabled doesn't need to be enabled.
 
wittaj said:
Oh LOL.

I don't know that router, but is seems that you enabled about everything LOL.

Not knowing which you enabled, I would factory reset the router to get back to the original "secure" settings and then enable DDNS and OpenVPN.

Most of that stuff you have enabled doesn't need to be enabled.
Click to expand...
You are so correct! They are dinosaur historic relics from the distant past..... (different use case).

Is it OpenVPN server AND OpenVPN Client both?
 
The client will be your phone. You will need to export out the certificate.

This guide is for Asus, but the steps are fairly similar.

randyshomeprojects.blogspot.com

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...
randyshomeprojects.blogspot.com randyshomeprojects.blogspot.com
 
wittaj said:
The client will be your phone. You will need to export out the certificate.

This guide is for Asus, but the steps are fairly similar.

randyshomeprojects.blogspot.com

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...
randyshomeprojects.blogspot.com randyshomeprojects.blogspot.com
Click to expand...
Perfect! Thank you. I will dive in and see what I can understand. Greatly appreciate this you know!
 
wittaj said:
The client will be your phone. You will need to export out the certificate.

This guide is for Asus, but the steps are fairly similar.
Click to expand...
I am just about to give up on my old router (Linksys e4200 circa 2011). I've been running DD-WRT and it has been rock solid but the DD-WRT build version is also old. (or so they tell me)
After spending a lot of frustrating time, I'm thinking I should first upgrade the Router to something more current.

Can you recommend what Router you would recommend? I looked at all the Asus versions and got overwhelmed. If I sort correctly, the "VPN server" versions included one "rt-axe7800".

www.asus.com

RT-AXE7800|WiFi Routers|ASUS USA

ASUS has a range of wireless routers suitable for every purpose. Whether it's for your home, for business trips, or for any other need or environment, there's an ASUS router for you.
www.asus.com www.asus.com

Is this a good choice?
 
That is a more than capable.

This one is probably more than enough for most homes:

www.asus.com

RT-AX86 Series(RT-AX86U/RT-AX86S)

ASUS gaming routers provide the very best gaming experience, with an arsenal of features and tools designed to improve online gaming performance and give you the competitive edge you need to win.
www.asus.com www.asus.com
 
wittaj said:
That is a more than capable.

This one is probably more than enough for most homes:

www.asus.com

RT-AX86 Series(RT-AX86U/RT-AX86S)

ASUS gaming routers provide the very best gaming experience, with an arsenal of features and tools designed to improve online gaming performance and give you the competitive edge you need to win.
www.asus.com www.asus.com
Click to expand...
Ok, before I hit the purchase, can you verify I have the correct model?
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.
wittaj said:
That is a more than capable.

This one is probably more than enough for most homes:

www.asus.com

RT-AX86 Series(RT-AX86U/RT-AX86S)

ASUS gaming routers provide the very best gaming experience, with an arsenal of features and tools designed to improve online gaming performance and give you the competitive edge you need to win.
www.asus.com www.asus.com
Click to expand...
I found this review of the S vs U vs Pro versions.
dongknows.com

Asus RT-AX86S vs. RT-AX86U vs. RT-AX86U pro: Odd Variants

This Asus RT-AX86S vs. RT-AX86U vs. RT-AX86U matchup is about these different Wi-Fi 6 routers, by various degrees, that share the same look.
dongknows.com dongknows.com
 
You must log in or register to reply here.
Top Bottom