Hello, today I should be receiving my R7800. I've read through a lot of the documentation, FAQ, and instructions. However, one quick question I have is: at what point should I plug my router into the modem?
I have a router/modem combo (T862G provided by ISP, will hopefully replace it with a better modem later) that I'll be disabling the router function on, to replace with the R7800 with LEDE.
When the R7800 arrives, should I connect it to my PC and flash it first, then connect the router to my modem? Or do I plug it into my modem right away, then flash the router while its connected to the modem? I would think that I flash it first, then plug it into the modem but I'd rather be safe than sorry.
Hopefully this isn't a really dumb question, I tried finding it in the documentation but since there are lots of different ways to use an LEDE device in a configuration it seems it wasn't covered (or more likely, I just missed it).
I always do so, as many routers have UPnP and WPS enabled by default, of which are glaring security risks if any downstream devices are connected to the router.
Right, but that can be done without connecting the router to the modem... wasn't the question regarding when should the router be connected to the modem, before or after flashing OpenWrt?
OS firewall will do little unless one is managing their OS firewall as a power user (as you'd have to be filtering ports for all network traffic, something most consumers don't do), as UPnP comes enabled on most OEM firmware, and UPnP is a massive security risk.
WPS is also often enabled by default, which is crackable within minutes
UPnP is a big security risk when deployed for some length of time. It's possible to be compromised in a 5 minute testing session, but it's a lot lower risk than if you leave UPnP open for 6 months.
If you really really are concerned you could put two laptops, one on new router's wan and one on lan and see if you can get them to talk to each other etc. You don't actually need connection to the broad internet to confirm the hardware's working.
That's a good point, and true of security in general. I will say though it seems unlikely that you make security worse by putting your new router behind the existing CPE router with the CPE router functions still enabled for the purposes of hardware testing for a few minutes. Whatever security risks there are in the CPE router presumably have been in place for weeks, months, or years.
I don't mind plugging the router into the modem to test the hardware. Is there anything specific I should do to test it? I'll look online in ~10 minutes.