Securing LEDE Router and running VPN Server

Hi All,

I have just got finished setting up LEDE on my BT HH5 - so far I have managed to configure my TalkTalk fibre connection and it seems to be working fine in terms of basic router/access point.

The next steps I'd like to take is to ensure I have everything configured securely to protect my LAN, and also I'd like to run a VPN server on the router so I can connect in remotely.

So for the first part - Can anyone advise on the settings I should be enabling to ensure it's as secure as possible?
I currently have the 'out of the box' configuration, and have simply enabled WLAN (WPA2-PSK) and configured my VDSL.

For the second part - Are there any guides for running a VPN server on LEDE ?
I have installed the 'OpenVPN' package via LUCI and taken a look at the various configurations, but I'm not sure which I'd need, and which options I should be choosing..
I'd like to have the ability to use my laptop / phone to connect to my home LAN so that I can access resources remotely (but obviously, want to do this as securely as possible!)

Any advice greatly appreciated! :slight_smile:

As far you set a secure root password using passwd your router will be more "secure", but you can also ensure that you use "CCMP" or "AES" in your WPA2-PSK configuration, I think it is safer than "TKIP", later on you could copy your ssh key into your box and disable password root login, you will log in later using the ssh key.

About the OpenVPN thing... if you generate your own ca, and your own pairs of private-public keys for server and clients and use a DiffieHelmann of 2048 pem file you should be fine as far you protect correctly the private keys, don't put it online or insecure places. Just remember to generate the dh2048.pem on a computer not in the box, because will take a lot of hours to process it in the box.

I am having problems setting up my BTHH5 with talktalk fiber.
Can you post your etc/config/network settings.