Finished up my DIY wireless router project

[G+_Benjamin Webb]

Finished up my DIY wireless router project. Have two QCA9880 radios 1300 mbps link rate at 5 ghz or 450 mbps 2.4 ghz and a USB Ralink wireless N radio for my stupid wireless G printer (curse you Epson). Runs IP version 6 native through DHCPv6 and RA broadcast as well as IP 4. Runs at 10 watts with an AMD 64 bit processor. Running a custom version of LEDE (fork of OpenWRT).

 

Looking into VPN and maybe active virus scanning. Still debating if decrypting HTTPS at the router is a good idea. May not like the man in the middle even if I control him.

[G+_Vinay Kudithipudi]

Very nice. Do you have a write up of the install that I can borrow from?

[G+_Benjamin Webb]

Wrote up a little bit when I first got started if you have any questions ask plus.google.com - Finished setting up my the first radio for my home built wireless x86 router....

[G+_Vinay Kudithipudi]

Thank you.

[G+_David Wiggins]

Yeah, I've fought with mitm scanning of and on for a few years. I get frustrated and give up, then come right back. I can't seem to get the certs to be accepted, even after installing my root CA at OS, user or browser level.

 

I hope to figure it out someday.

 

As for VPN, I use both ipsec and OpenVPN. The Android client is really nice, the Windows OpenVPN utility works, but I'd rather have native support like on my Linux boxes.

 

Every so often the Windows TAP driver goes wonky (usually due to a win update).

 

PPTP and L2TP are natively supported in Windows, but have known vulnerabilities (somewhat mitigated with ipsec over L2TP, I believe.)

 

I love your project. Have fun.

[G+_Benjamin Webb]

Thanks for the advice on the VPN. I also wasn't even thinking about the root CA. I knew it would be a pain but thought I could work around it.

 

I was just wonder if it is ok to have a single point of failure on a router where all my critical info will be decrypted on the fly. This is just for my apartment but is probably still overkill for a house as well. Liked the idea of having a central point to protect my discontinued smart TV etc.

 

Also looking into this none of this will really stop anything from taking control of a smart device except for the firewall. Guess I am looking for a magic bullet to protect whole network but probably no such thing for free anyway.

 

[G+_David Wiggins]

Router, switch, and modern are all points of potential failure.

 

I use VPN when on data or public wifi if I need anything potentially sensitive (banking, shopping, medical, . . .) To connect from home to mitigate potential snoopers.

 

I also use it for remote access to files and services at home or work. I've never bothered with anon VPN.

 

As far as the TV and such, I use a separate network in my home with its own wifi for devices that need internet access. I also do some extra firewall stuff, but that's also my day job.

 

The main point is to try so separate the traffic as much as possible.

[G+_Benjamin Webb]

Ok, already have guest network set up so no big deal to isolate. Just seems kind of passive.

 

I analyze SCADA networks for a living. Kind of wish there was something to flag nasty traffic so I can then get my nerd on and trace the issue.

[G+_David Wiggins]

Intrusion Detection systems like SNORT can recognise attack signatures and alert or block. It can be difficult to set up and weed out false positives.

 

When first set up, it will alert on almost everything (it seems to hate Pandora radio, for instance).

 

If you really want to nerd out on this kind of thing, look at Security Onion. It's a Debian variant by Google with traffic analysis tools that can be aimed at the perimeter gateway or a specific host.