Hi all, newbie OpenWRT user here. I got my home network to work thanks to the help of the community. Is there a list of generally recommended packages to install onto the main router? In particular, I am interested in those that enhance privacy and security.
I understand this is a very case-by-case question, but I reckon there are at least a few packages, among the thousands out there on the package page, which are beneficial for most cases.
Very much so.
Vpn packages could be relevant. But you need another endpoint (typically a commercial vpn service, often paid). So the packages you install depend on what vpn service you plan to use.
You could install things like Adblock to limit advertisements and tracking by those services.
It's rather important to note that commercial VPN services don't magically improve your privacy nor security. By using them, you merely shift the insight in what you're doing on the net from your local ISP (working within the regulatory framework and privacy laws your location) to an unknown entity providing the VPN services somewhere else. Many of these have been caught logging more than they admitted already - and silently handing over logs at their own courtesy. The only thing commercial VPNs may provide, is evading geo-ip based blocking and maybe, just maybe, hiding from light cases of copyright enforcement and litigation.
Recommend luci-app-unbound for recursive and encrypted DNS over TLS queries from a supported host.
I find all of these generally useful (or at least interesting) on my gateway router:
adblock luci-app-adblock tcpdump-mini curl ca-certificates
iperf3 irqbalance htop
I started out with a USB hard drive plugged into a router and installed below packages, until I realized after losing precious files (should that occur - it in fact did not), I would realize I really needed something with redundancy and simple backup so I would actually keep up with it. But for a simple network file storage, convenient file transfer between devices and media server solution I might install below and attach an ext4 formatted USB hard drive:
luci-app-ksmbd ksmbd-utils ksmbd-avahi-service
For shared home file storage, I instead now use a dedicated 2-bay RAID 1 NAS plus a backup drive that stays unplugged in a safe place when its not making backups. I just can't bring myself to pay for cloud backup and trust a third party with my files, though I probably should just give in on that and ditch the home NAS.
This is absolutely correct! As @slh mentioned, it can be useful for geo-ip and other similar scenarios, or to protect your information when you might be on a public wifi network (although tls/ssl encryption is supposed to handle most of this). The other reason a VPN might be useful is if you don't want your ISP to know what you're doing, but your VPN provider would then have that data-collection ability. So pick your poison.