Hello i installed Openwrt and am pretty happy, im back to it since some years ago.
I´m wondering what would be nice stuff to use on it? There are a big bunch of software packages to download and install and i´m wondering what is everybody using:? What do you guys download at the software section?
Also other question, if i do upgrade it later, do i need to config everything again? or Is it ok to save my settings?
My device is the Arch C7 AC1750 and i´m using the latest version stable.
DNSSEC (secure DNS) with recursive DNS is a major advance in security, so you should look into it. It will protect you agains DNS attacks and false DNS entries ("lying DNS").
If you are using WIFI and need to overcome WPA2/WPA3 design flaws, you might consider using a VPN over your WIFI installing a VPN Server on your router. I leave open the choice of VPN, it could be IMHO OpenVPN or IPsec. But others are available.
Those are design flaws in WPA 2/3 design, which means these are not bugs. OpenWRT includes fixes but those are only partial.
Consider WEP/WPA/WPA2/WPA3 dead.
The only workable solution until WPA 3.1 is out (supposing it is well-designed in collaboration with the research security community, which I doubt) is to use a VPN over your wireless link. Not a commercial VPN, i.e. your OWN VPN. This kind of configuration is called "roadwarrior" as it will protect your connection over an insecure link, using your own VPN server as a gateway.
I am still in the process of whether to implement it ...
I will switch Internet provider (France) in a few days, for the sole reason that my new Internet provider offers a built-in IPSec server and I probably don't want to bother with configuration. This will be my "lazy" choice, as everything including certificate creation, signing and downloading is implemented in a nice web interface. If you don't have such choice, mind about your own VPN.
Thats a very nice list, thank you so much!
I'm actually already using SQM and Cake, now i will start the other stuff, adblock sounds also a good one, i will install it right now -
I'm using wireguard around here, i made one with lightsail and ubuntu, works very well!
Thank you for the suggestion, may we get lucky with vpn over wireless!
I was thinking about set up wireguard to work at all my connections from my router but i wonder how much from performance should i lose with it, so by now only wireless, still a lot faster than OpenVPN i must say.
That's quite a bold statement. Got anything more recent than the two articles you posted that demonstrates either vulnerability is still viable in any mainstream systems/devices?
The world-recognized reaseacher Mathy Vanhoef states in both articles that WPA2/WPA3 have design flaws that are non-fixable. Attacks can be slowed down, not stopped. Please read more carefully.
Feel free to open a separate thread if you would like to discuss that.