Recommended packages for a typical home secure router?

I'm trying to find a minimal list of packages to install on OpenWRT snapshot to configure typical home secure router.

Thanks zWolf

What is your goal? Harden OpenWRT? Monitor devices on your network? Need more info.

2 Likes

@darksky the target is secure home network and obtain more privacy online.

zWolf

What's the relation between OpenWRTs packages and privacy ?

1 Like

The minimal list is just what comes out of the box. The router is secure and works with that.

Anything more is to satisfy extra needs or wants and these vary widely from person to person. That's why OpenWrt has so many packages!

In part, this depends on how powerful your hardware is and whether you want to pay for additional services like a vpn. Choosing a vpn provider opens another can of worms - some are less ethical than others.

For myself, I installed stubby, which pulls dnsmasq as a dependency, to encrypt my dns lookup requests. Cloudflare, Google (how far do you trust Google?) and OpenNIC, provide free DNS over TLS:

[Tutorial] [No CLI] Configuring DNS over TLS with LuCI using Stubby and Dnsmasq

Hi, I have installed this set of packages:

  • luci;
  • luci-app-sqm;
  • openvpn-openssl luci-app-openvpn;
  • nano luci-app-commands luci-app-ttyd
  • https-dns-proxy luci-app-https-dns-proxy;
  • simple-adblock luci-app-simple-adblock.

zWollf

1 Like

Replace luci with luci-ssl. Encryption on luci is not optional for a secure device.
I've also chosen banip for blocking inbound crud on the wan and use adblock on the lan interface to reject outbound requests for ads, trackers and malware dns resolution. More important than the specific packages is the secure configuration of what you have - eg disable luci and ttyd on the WAN interface :slight_smile:

test WireGuard and you'll preffer it ... :wink:

test addguardhome, and you'll get better results...

might as well set up a pihole.

Another option is to turn off the http daemon (aka service) after configuration. The only remaining access portal is ssh which is encrypted. This also lowers cpu utilization and memory use.

https://openwrt.org/docs/guide-user/base-system/managing_services

AdGuardHome can run directly on OpenWRT

I'm fully aware of it.

AdGuard Home is very difficult to configure, and luci-app-adguardhome is unavailable.

zWolf

Hi, i have installed https-dns-proxy & luci-app-https-dns-proxy for DoH.

zWolf

Well, that's not going to give you more privacy online, but whatever floats your boat.