Openwrt

OpenWrt is an open source Linux project aimed at embedded devices to route network traffic (e.g. routers). I’ve consistently run OpenWrt on my home routers for over a decade now (I still remember the brief LEDE split), and it has since been my preferred home router OS. While I’ve also wanted to experiment with OPNsense (and pfSense before), I’ve never had a real reason to thus far, but I digress…​ It might be interesting to add some network security such as intrusion prevention to your residential gateway directly. You might of old be familiar with Fail2Ban, and I’ve happily used Fail2Ban for years. CrowdSec is a similar solution, albeit more community-driven. Klaus Agnoletti, then (still?) head of community at CrowdSec, summarised the similarities and differences between the two: ...

Some time ago I documented how I configured WireGuard on my OpenWrt router at home, to connect securely to my home network (and the Internet, really) from wherever I am. I feel safer connecting to public Wi-Fi this way, also abroad when it allows me to save extra roaming costs. However, during my travels I sometimes come across networks which seem to block VPN connections, sometimes including my own personal WireGuard tunnel. For such cases I managed to tunnel my WireGuard connection over HTTPS, which is typically (far) less often blocked. ...

This post briefly describes how to configure an OpenWrt router to function as a WireGuard VPN server. This enables me to have my phone always be securely connected to my home router, from wherever I am. This is what it roughly looks like: First, install the necessary WireGuard kernel module: root # opkg update root # opkg install kmod-wiregard Generate a new private and public key pair for the server, and your first peer (e.g. your phone), and a pre-shared key for added post-quantum secrecy: ...