Noobey with a few questions

good afternoon every one. hope all is well.
i have installed the latest version onto my linksys wrt1900ac v.1 about a week ago.
i am completly new to all this so rather bash me for it please send advise (we was all starters once)
i would like to confirm that as far as the firewall goes i am all safe and sound? or does any one have any advise on setting it up? i did look into somthing calles snort? but by the sounds of it the router isnt man enough. so far i have installed an adblock on it along with openvpn ready for when i get around to setting it up full time.
my main goal is to end up with a secure connection with a guest wifi that will be routed through the vpn (google and this forum will be my friend)

many thanks.

1 Like

Welcome to the forum :slight_smile:

Right out of the box with default settings OpenWRT is safe to use and has its firewall in place.

For VPN research WireGuard, faster and easier to setup than OpenVPN

Edit: what helped me a lot was studying the wiki: https://openwrt.org/docs/guide-user/base-system/start

4 Likes

Thankyou. I have spent hours on youtube, this forum and google. I dont like asking questions so i do try to work things out.
Do you know if the wireguard is a smaller package than openvpn? Ive suddenly become aware how small the memory is on the router. (Currently have 18% left.)

You can see the size of packages without installing them.

  • Browse to System > Software
  • Hit "Update lists"
  • Browse available packages
  • :bulb: The size will also be displayed
1 Like

You could use Extroot. Add a USB drive to your router and use it for additional packages.

3 Likes

I will look into this option at a later date, as stated only just started to use it so doing everything through luci.

Would this be suitable? Massive overkill i know
Netac Portable SSD 250GB USB 3.2 Gen 2 (10 Gbps, Type-C) External Solid State Drive PSSD 250GB Mobile SSD 250GB, Business Travel Essential, Deep Black https://amzn.eu/d/5N0aLoS
As stated totally new to all this as ive always used the isp router.
Im amazed how easy it has been so far.
Im also shocked how welcoming thisforum has been as my stupidity usually brings out trolls.

A 16GB usb drive would still be overkill! :grin:

Point 12

3 Likes

Its nice to see a group stick to the rule.

SanDisk 32GB Ultra Fit USB 3.1 Flash Drive Up to 130 MB/s Read https://amzn.eu/d/aynFUKk
This one it is then.
I would be able to add a fair few lists off the ad block.

if you also want to store valuable data on the SD card:
Sandisk has a Max Endurance line
Samsung has a Pro Endurance line
They cost a bit more, but their write speed is a bit higher, write has a more consistent speed and they can handle more total bytes written (basically the manufactured semiconductors are binned and the better ones are sold for a higher price)

just ensure to use OpenWRT v23.05rc3, as v22.xx had a security-relevant switch bug on Linksys WRT series (My impression was, 1900 seems affected as well, as several v22 release were also withdrawn for the 1900), this had potential LAN to WAN leaks.

5 Likes

Thanks for all the information.
I will have a look and see what version i installed.
I know that i clicked the most recently uploaded stable release.

1 Like

Just make sure that you have a 23.05 snapshot (23.05.0-rc3 at this point) installed, rather than 22.03.x (which contained a quite serious security bug for this hardware). Using OpenWrt, the 6+34 MB you have to play with on the wrt1900ac is quite comfortable, don't install all the bells and whistles to your router, keep its attack surface as small as possible, it's your border gateway, not a general purpose server.

5 Likes

Running 22.03.2 r19803 so looks like i will do a update.
Again, thanks or all the information guys.

2 Likes

I would also add that from a security standpoint it is probably best to not install packages that are not [yet] in use. At the least, as part of the install understand how to configure them securely (hopefully they are all configured that way). Note: I have no knowledge of openvpn or if it installs safely with no configuration after install, so I'm not pointing any fingers, just a word of caution to keep your attack surface as small as possible.

Also, I like the advice of being on the latest version of the OpenWRT software for security reasons, but of course with the caveats listed in the prerelease notes.

But thanks for posting. You and others now have good advice on the memory limitations and workarounds of routers and been pointed to WireGuard as an alternative to consider for vpn.

I would also echo how helpful and supportive this forum is. I've been using OpenWRT since version 19, but mostly in a near default configuration. I've recently switched to 23.05 latest to start making use of more advanced features, but as a novice in these new areas really appreciate this forum!

Thanks for the very important attack surface comment. I echoed that in my comment before reading to the end of the thread.