I am only doing this for the sake of discussion, not because my family needs an explanation as to why the internet keeps dropping every evening.
So far I've tried:
Running AdGuard Home, which my family dislikes because it stops some ad-based rewards in apps.
A Wireguard VPN (IPv6, since I'm stuck behind CGNAT), which is still not working (and is the reason internet drops every evening, while I'm trying to set it up again).
Setting up DDNS (for use with aforementioned VPN), which now sits there without a purpose.
I've set up exroot to help me do all that (my one successful and non-controversial project)
To be clear, I've moved on from these projects and I'm only including them to give an idea of my experience level and for comedic effect. I'm thinking about setting up UNBOUND next, but other than that I'm at a loss.
I’m not sure what this thread will accomplish insofar as a solution. You describe issues with your setup, but instead of asking how you might resolve them, you’re asking a very general question about how other people use their systems.
By all means, the conversation about what each person does with OpenWrt is welcome here, but since everybody has different goals and requirements (and constraints), this may not be all that focused. And it won’t help resolve issues you are currently experiencing.
That said, my OpenWrt device at home is a road-warrior vpn. And I have a travel router so that I can be “home” from the internet perspective even when I am away.
Not sure about AdGuard Home, but I believe many adblockers allow explicit whitelists, which might allow a compromise of only allowing the necessary ads.
Personally, I use adblock/luci-app-adblock and am pretty happy about that, without any complaints. However I would give any family member (of my family) a stern talking to if they would "sell their soul" for a few morsels dropped by predatory ad companies (or tech companies).
Would that not be the same if you would try your luck with a proprietary router OS?
That said, maybe try OpenVPN first, not because it is any better than WireGuard but there might be more recipes floating around that might work... BTW, which ISP?
ATM that might be true, but a DDNS service might also allow other services like syncthing. Or logging into machines in your local network (I have SSH enabled for a few machines). Note there is a valid argument that a VPN is a generally better/more secure solution, but then how do you debug a VPN remotely?
Which, while great, is only a means to allow to install more software on the router?
What do you intend to achieve with that?
Personally I run knot/kresd (as it is part of my turris omnia's default configuration) as recursive resolver ignoring my ISP's DNS servers (for stuff outside their network) as my ISP participates in an extra-legal private DNS blocking alliance in Germany ( Clearingstelle Urheberrecht im Internet (CUII)) which I really have no interest to play ball with. (Mind you, i believe I am not actually affected by their blocking list, so would never notice, but I object on principle that an ISP should only ever fudge DNS if legally required).
Hi. I've edited my initial post to reflect what I meant better. I've sort of given up on the projects I was having issues with.
For example, testing the wifi around places I frequent has revealed they are not IPv6 ready, making the WireGuard VPN kinda useless, even if I got it working. Unless a travel router could give me IPv6 access on an IPv4 only network, which even with my limited experience sounds unlikely.
Hello again. I did actually try the notes after initially posting about my problems with the wireguard server. Currently the tunnel works when I'm connected to my home network (which I found out the hard way is not a given) but doesn't seem to be able to send any data when on other networks.
Besides, I just tested it again today at work and realised the workplace internet is IPv4 only. So I'm afraid I have to abandon the idea. I'm looking for other projects because I still want to learn more though.
I went down the path of a site wide Adblocking, mainly for the Apple TV, but it was too difficult. I get excellent results with device based Add Blocking products such as UBlock Origin, AdBlocker Ultimate, ....
It is not clear to me if you are trying to establish a Private VPN to connect various private sites or if you are trying to connect to the Internet via a VPN Provider, or a combination of the two.
Tailscale Mesh VPN built on Wireguard might be what you are looking for, it is free for 100 devices, supports IPv4 & IPv6, works behind Double NAT and CGNAT. Tailscale uses Wireguard as the underlying technology and adds a number of features such as MagicDNS which are not part of Vanilla Wireguard.
Have not used tailscale myself (yet), but believe this is a good company and there is even headscale, an opensource project if you want to run your own control server (you would need some VPS/VM in the cloud somewhere):
Replying to this again just because I think I figured out what isn't working. Turns out my mobile data connection, which I was using to test, is also IPv4 only for who knows what reason.
But yeah, the notes were great.
I guess it's my final possible option... I'll have to check how "trustworthy" they are though.
I was mostly joking. They're an adult and just use mobile data now when they want extra Duolingo gems. Still, I might whitelist it for them.
Turns out my mobile provider is the main issue, as they don't support IPv6 for their mobile internet at all (local forums confirmed that)
UNBOUND is the recursive DNS solution I know best, since I've used it before on a RPi 4, but the idea is to bypass my ISPs DNS and I am open to other methods.
Same here. My first use of OpenWrt w. OpenVPN was to replace the Microsoft RDP server running on a PC for free-wifi security reason while traveling. Then I configured the OpenWrt router from a (wired) AP to a wireless AP so that I could place the router near my audio equipment as a squeezelite player (with the squeezelite-full package). Recently I added the LMS (LyrionMusicServer, aka. LogitechMediaServer) to the router so that now I need just one device provides the three functions (used to be on three separate devices) and save some power consumption. My next project is to add WireGuard to the device. After that I will replace my current VPN client WNDR4300 with a new device.
Thanks for the heads up, I will definitely look at it. The big show stopper with using a site wide Ad blocker was the inability to disable the Ad blocker via the ATV remote when streaming services would detect the ad blocker and the stream would pause.