Thread: Using OpenBSD directly without a router
View Single Post
  #15   (View Single Post)  
Old 10th October 2017
shep shep is offline
Real Name: Scott
Arp Constable
  
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,507
Default
Quote:
My router is an old Dlink DIR 600L. There is no firmware released by the company and its simply pathetic in terms of WAN security.
There is not a strong need for 11n routers in OpenBSD as support is just getting started. If your DIR 600L version is A1,B1,B2 there is opensource, upto date firmware at either DD-wrt or LEDE-project.

I use LEDE firmware which just released version 17.01.3
Quote:
Highlights In LEDE 17.01.3

The LEDE Community is proud to announce the third service release of stable LEDE 17.01 series.

LEDE 17.01.3 “Reboot” incorporates a fair number of fixes back ported from the development branch during the last sixteen weeks.

Some selected highlights of the service release are:

Linux kernel updated to version 4.4.89 (from 4.4.71 in v17.01.2)
Numerous security fixes to curl, dnsmasq, mbedtls, tcpdump and the Linux kernel
Assorted platform fixes for ar7, ar71xx, bcm53xx, brcm63xx, imx6, ipq806x, lantiq, ramips, sunxi and x86
As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.
. If your version is C1 you can purchase a cheap, refurbished router for around $10. I'm bought a TrendNet TEW-732BR (11n) 300Mbps for $10.50USD 6 months ago - it is still available at that price. It initially used linux 2.6 based firmware but I now have LTS Kernel 4.4. LEDE firmware does not come with a gui interface out of the box while DD-wrt does. I think LEDE project is more active than DD-wrt but will take more time to build a custom firmware image. I added a Web based configuration interface (Luci), vnstat and a simple email program to LEDE. I configure with a Web interface and then use a secure shell to turn off the httpd. when done. Telnet is only available on 1st login when you set your passwords. My router now can only be accessed by a secure shell. You can also remove many services, block ports and use iptables with it. The community has an article database on securing your router and for the ultra-paranoid your can generate your own certificate for https/ssh access.
Last edited by shep; 18th October 2017 at 03:06 PM.
Reply With Quote