Hey, after having a bad experience related to router security this year I decided to try to make a security focused LEDE build and share it with everyone. So no one has to go through the same.
Removed:
- IPv6
- USB Support
- Stripped unnecessary exports from the kernel image and unnecessary functions from libraries
Added:
- Luci SSL
- Adblock
- Dnscrypt + Plugins Support. DNScrypt is enabled out of the box. Resolvers by default are ventricle.us and dnscrypt.org-fr because those support DNSSEC. Unfortunately Cisco doesn't and afaik doesn't plan to support it in the near future, or at all.
- Onbound (Recursive DNS) w/ Luci GUI. DNSSEC is enabled out of the box.
All these include LUCI GUI so the user doesn't need to use Putty or anything else to make it work.
- By default all ports are stealth and it passes the ShieldsUP! test ( https://www.grc.com/x/ne.dll?rh1dkyd2 ).
- I also included some iptables with basic and useful features like hiding the modem, forcing everyone to use the router's DNS and a mini firewall that logs certain actions. Also another one to restrict the access to the router administration to one computer/device.
They are easy to understand for anyone even if they don't have experience with LEDE/OpenWRT and can be edited through the GUI. Looks like this.
181 Router models supported so far,
These are the TP-Link supported models:
TP-Link Routers
tl-mr6400-v1
tl-mr6400-v1-sq
tl-wdr3500-v1
tl-wdr3500-v1-sq
tl-wdr3600-v1
tl-wdr3600-v1-sq
tl-wdr4300-v1-il
tl-wdr4300-v1-il-sq
tl-wdr4300-v1
tl-wdr4300-v1-sq
tl-wdr4310-v1
tl-wdr4310-v1-sq
tl-wdr4900-v2
tl-wdr4900-v2-sq
tl-wdr6500-v2
tl-wdr6500-v2-sq
tl-wdr7500-v3
tl-wdr7500-v3-sq
tl-wpa8630-v1
tl-wpa8630-v1-sq
tl-wr1043nd-v1
tl-wr1043nd-v1-sq
tl-wr1043nd-v2
tl-wr1043nd-v2-sq
tl-wr1043nd-v3
tl-wr1043nd-v3-sq
tl-wr1043nd-v4
tl-wr1043nd-v4-sq
tl-wr2543-v1
tl-wr2543-v1-sq
tl-wr710n-v1
tl-wr710n-v1-sq
tl-wr710n-v2.1
tl-wr710n-v2.1-sq
tl-wr810n-v1
tl-wr810n-v1-sq
tl-wr842n-v1
tl-wr842n-v1-sq
tl-wr842n-v2
tl-wr842n-v2-sq
tl-wr842n-v3
tl-wr842n-v3-sq
tl-wr902ac-v1
tl-wr902ac-v1-sq
tl-wr942n-v1
tl-wr942n-v1-sq
And these are the rest:
Routers
a60
a60-sq
alfa-ap120c-sq
alfa-ap96-sq
alfa-nx
alfa-nx-sq
all0258n-sq
all0305-kernel.bin
all030
all0305-sq
all0315n-sq
antminer-s1
antminer-s1-sq
antminer-s3
antminer-s3-sq
antrouter-r1
antrouter-r1-sq
ap121-16M-sq
ap121-8M-sq
ap121f-sq
ap132-sq
ap135-020-sq
ap136-010-sq
ap136-020-sq
ap143-16M-sq
ap143-8M-sq
ap147-010-sq
ap152-16M-sq
ap531b0-sq
ap90q-sq
ap96-sq
archer-c25-v1
archer-c25-v1-sq
archer-c5-v1
archer-c5-v1-sq
archer-c58-v1
archer-c58-v1-sq
archer-c59-v1
archer-c59-v1-sq
archer-c60-v1
archer-c60-v1-sq
archer-c7-v1
archer-c7-v1-sq
archer-c7-v2-il
archer-c7-v2-il-sq
archer-c7-v2-sq
archer-c7-v2-sq
archer-c7-v2
archer-c7-v2-sq
arduino-yun-sq
bhr-4grv2
bhr-4grv2-sq
bsb-sq
bxu2000n-2-a1-sq
c-55-sq
cap324-nocloud-sq
cap324-sq
cap4200ag-sq
carambola2-sq
cf-e316n-v2-sq
cf-e320n-v2-sq
cf-e380ac-v1-sq
cf-e380ac-v2-sq
cf-e520n-sq
cf-e530n-sq
cpe210-220-v1
cpe210-220-v1-sq
cpe505n-sq
cpe510-520-v1
cpe510-520-v1-sq
cpe830-sq
cpe870-sq
cr3000-nocloud-sq
cr3000-sq
cr5000-nocloud-sq
cr5000-sq
dap-2695-a1-sq
db120-sq
dgl-5500-a1
dgl-5500-a1-sq
dhp-1565-a1
dhp-1565-a1-sq
dir-505-a1
dir-505-a1-sq
dir-825-b1-fat-sq
dir-825-b1-squas
dir-825-b1-sq
dir-825-c1
dir-825-c1-sq
dir-835-a1
dir-835-a1-sq
dir-869-a1
dir-869-a1-sq
dlan-hotspot-sq
dlan-pro-1200-ac-sq
dlan-pro-500-wp-sq
dlrtdev01-fat-sq
dlrtdev01-squas
dlrtdev01-sq
dr344-sq
dr531-sq
dragino2-sq
eap120-v1
eap120-v1-sq
eap300v2
eap300v2-sq
eap7660d-kernel.bin
eap7660
eap7660d-sq
el-m150
el-m150-sq
el-mini
el-mini-sq
ens202ext
ens202ext-sq
epg5000-sq
esr1750-sq
esr900-sq
ew-dorin-16M-sq
f9k1115v2
f9k1115v2-sq
fritz300e-sq
gl-ar150-sq
gl-ar300-sq
gl-ar300m-sq
gl-domino-sq
gl-inet-6408A-v1
gl-inet-6408A-v1-sq
gl-inet-6416A-v1
gl-inet-6416A-v1-sq
gl-mifi-sq
hiwifi-hc6361-sq
hornet-ub
hornet-ub-sq
hornet-ub-x2-sq
ja76pf-kernel.bin
ja76p
ja76pf-sq
ja76pf2-kernel.bin
ja76pf
ja76pf2-sq
jwap003-kernel.bin
jwap00
jwap003-sq
jwap230-sq
lima-sq
mc-mac1200r
mc-mac1200r-sq
minibox-v1
minibox-v1-sq
mr1
mr1
mr12-sq
mr1
mr1
mr16-sq
mr1750
mr1750-sq
mr600
mr600-sq
mr900
mr900-sq
mw4530r-v1
mw4530r-v1-sq
mynet-n600
mynet-n600-sq
mynet-n750
mynet-n750-sq
mynet-rext
mynet-rext-sq
mzk-w04nu
mzk-w04nu-sq
mzk-w300nh
mzk-w300nh-sq
NBG6616-sq
om2p
om2p-sq
om5p
om5p-sq
om5pac
om5pac-sq
omy-g1
omy-g1-sq
omy-x1
omy-x1-sq
onion-omega
onion-omega-sq
oolite
oolite-sq
pb42-kernel.bin
pb4
pb42-sq
pb44-kernel.bin
pb4
pb44-sq
pqi-air-pen-sq
qihoo-c301
qihoo-c301-sq
r602n-sq
re450-v1
re450-v1-sq
rw2458n
rw2458n-sq
sc1750-sq
sc300m-sq
sc450-sq
smart-300
smart-300-sq
som9331
som9331-sq
sr3200-sq
tellstick-znet-lite
tellstick-znet-lite-sq
tew-673gru-fat-sq
tew-673gru-squas
tew-673gru-sq
tew-732br
tew-732br-sq
tew-823dru
tew-823dru-sq
tube2h-16M-sq
tube2h-8M
tube2h-8M-sq
ubdev01
ubdev01-sq
ubnt-air-gateway-pro
ubnt-air-gateway-pro-sq
ubnt-air-gateway
ubnt-air-gateway-sq
ubnt-airrouter
ubnt-airrouter-sq
ubnt-bullet-m
ubnt-bullet-m-sq
ubnt-loco-m-xw
ubnt-loco-m-xw-sq
ubnt-ls-sr71
ubnt-ls-sr71-sq
ubnt-nano-m
ubnt-nano-m-sq
ubnt-nano-m-xw
ubnt-nano-m-xw-sq
ubnt-rocket-m
ubnt-rocket-m-sq
ubnt-rocket-m-ti
ubnt-rocket-m-ti-sq
ubnt-rocket-m-xw
ubnt-rocket-m-xw-sq
ubnt-rs
ubnt-rs-sq
ubnt-rspro
ubnt-rspro-sq
ubnt-uap-pro
ubnt-uap-pro-sq
ubnt-unifi-outdoor-plus
ubnt-unifi-outdoor-plus-sq
ubnt-unifi-outdoor
ubnt-unifi-outdoor-sq
ubnt-unifi
ubnt-unifi-sq
ubnt-unifiac-lite-sq
ubnt-unifiac-mesh-sq
ubnt-unifiac-pro-sq
uImage-lzma.bin
vmlinux.bin
wbs210-v1
wbs210-v1-sq
wbs510-v1
wbs510-v1-sq
weio-sq
wlr8100-sq
wndap360-sq
wndr3700-sq
wndr3700v2-sq
wndr3800-sq
wndr3800ch-sq
wndrmac-sq
wndrmacv2-sq
wnr200
wnr2200-sq
wp543-squash
wp543-squas
wpe72-squash
wpe72-squas
wpj342-sq
wpj344-sq
wpj531-sq
wpj558-sq
wpj563-sq
wrt160nl
wrt160nl-sq
wrt400n
wrt400n-sq
wrtnode2q-sq
wzr-450hp2
wzr-450hp2-sq
wzr-450
wzr-600dhp
wzr-600dhp-sq
wzr-600
wzr-hp-ag300h
wzr-hp-ag300h-sq
wzr-hp-ag3
wzr-hp-g300nh
wzr-hp-g300nh-sq
wzr-hp-g30
wzr-hp-g300nh2
wzr-hp-g300nh2-sq
wzr-hp-g300
wzr-hp-g450h
wzr-hp-g450h-sq
wzr-hp-g4
xd3200-sq
zbt-we1526-sq
zcn-1523h-2-8-sq
zcn-1523h-5-16-sq
Last Update: Sept. 8, 2017:
- Removed uHTTPd and OpenVPN completely for now.
- Changed 1st DNS resolver to ventricle.us, was having some issues with the previous one.
- DNSSEC is enabled by default now.
Click on List View or it's gonna be hard to find the one you are looking for.
Let me know how it works for you, what packages would you like to see in future releases, what models should I consider (please no 4 MB models, I can't do anything with those, already tried). Will try to check comments everyday.
Cheers.
