Complete anonymity: we protect the home router
Fireworks to all, dear friends!How to enter the network via DNS, how to configure a permanently encrypted connection to the Internet, how to protect your home router - and a few more useful tips you will find in our article.
Today weâll talk about how to make a router out of a regular router that will provide all your connected devices with an anonymous Internet connection.
Let's go!
To prevent your identity from being tracked by the router configuration, you must disable the web services of your device to the maximum and change the standard SSID. How to do this, we will show on the example of Zyxel. With other routers, the principle of operation is similar.
Open the browser configuration page for your router. For this purpose, users of Zyxel routers need to enter âmy.keenetic.netâ in the address bar.
Now you should enable the display of additional functions. To do this, click on the three dots in the upper right corner of the web interface and click on the switch for the Advanced View option.
Go to the Wireless | Radio Network âand in theâ Radio Network âsection, enter a new name for your network. Along with the name for the 2.4 GHz frequency, do not forget to change the name for the frequency of 5 GHz. Specify any character sequence as the SSID.
Then go to the menu âInternet | Permit Access. " Uncheck the box next to âInternet access via HTTPS enabledâ and âInternet access to your storage media via FTP / FTPS enabledâ. Confirm your changes.
Building DNS Protection
First change the SSID of your router
(one). Then, in the DNS settings, specify the Quad9 server
(2). Now all connected clients are safe
Your router should also use an alternative DNS server, such as Quad9. Advantage: if this service is configured directly on the router, all clients connected to it will automatically access the Internet through this server. We will explain the configuration again using Zyxel as an example.
As described in the previous section, in the section âChanging the name of the router and SSIDâ, go to the Zyxel configuration page and go to the âWi-Fi networkâ section on the âAccess pointâ tab. Here check the box âHide SSIDâ.
Go to the âDNS Serversâ tab and enable the option âDNS Server Addressâ. In the parameter line, enter the IP address "9.9.9.9".
Configure permanent redirection via VPN
You will achieve even more anonymity by using a permanent VPN connection. In this case, you donât have to worry about organizing such a connection on each separate device - each client connected to the router will automatically enter the network through a secure VPN connection. However, for this purpose, you will need an alternative DD-WRT firmware, which must be installed on the router instead of firmware from the manufacturer. This software is compatible with most routers.
For example, the Netgear Nighthawk X10 Premium Router has DD-WRT support. However, you can use a low-cost router, for example TP-Link TL-WR940N, as a Wi-Fi access point. After choosing a router, you should decide which VPN service you prefer. In our case, we settled on the free version of ProtonVPN.
Installing alternative firmware
After installing DD-WRT, change the deviceâs DNS server before setting up a VPN connection.
We will explain the installation using the example of a Netgear router, but for other models the process is similar. Download the DD-WRT firmware and install it using the update function. After rebooting, you will be in the DD-WRT interface. You can translate the program into Russian by selecting âAdministration | Management | Language "option" Russian ".
Go to âSetup | Basic setup "and for the parameter" Static DNS 1 "write the value" 9.9.9.9 ".
Also check the boxes next to âUse DNSMasq for DHCPâ, âUse DNSMasq for DNSâ and âDHCP-Authoritativeâ. Save the changes by clicking on the âSaveâ button.
In the section âSetup | IPV6 "disable" IPV6 Support ". By doing this, you will prevent deanonymization through IPV6 leaks.
Compatible devices can be found in any price category, for example TP-Link TL-WR940N (about 1300 rub.)
or Netgear R9000 (about 28,000 rubles.)
Virtual Private Network (VPN) Configuration
Run OpenVPN Client (1) in DD-WRT. After entering the access data in the âStatusâ menu, you can check whether a tunnel has been built to protect data (2)
Actually, to configure the VPN, you need to change the ProtonVPN settings. The configuration is non-trivial, so strictly follow the directions. After you register on the ProtonVPN website, in the account settings, download the Ovpn file with the nodes that you want to use. This file contains all the necessary information for access. In the case of other service providers, you will find this information elsewhere, but most often in your account.
Open the Ovpn file in a text editor. Then, on the router configuration page, click on âServices | VPN âand on this tab switch activate the optionâ OpenVPN Client â. For the available options, enter the information from the Ovpn file. For a free server in the Netherlands, for example, use the value ânlfree-02.protonvpn.comâ in the line âServer IP / Nameâ and specify â1194â as the port.
Set âTunnel Deviceâ to âTUNâ, and âEncryption Cipherâ to âAES-256 CBCâ.
For âHash Algorithmâ set âSHA512â, enable âUser Pass Authenticationâ and in the fields âUserâ and âPasswordâ specify your credentials for logging into Proton.
Now it's time to tackle the Advanced Options section. Turn TLS Cypher to None, LZO Compression to Yes. Activate âNATâ and âFirewall Protectionâ and specify â1500â as âTunnel MTU settingsâ. âTCP-MSSâ must be turned off.
In the âTLS Auth Keyâ field, copy the values ââfrom the Ovpn file that you will find under the line âBEGIN OpenVPN Static key V1â.
In the âAdditional Configurationâ field, enter the lines that you will find under âServer Nameâ.
At the end of âCA Certâ, insert the text that you see in the line âBEGIN Certificateâ. Save the settings by clicking on the âSaveâ button and start the installation by clicking on âApply Settingsâ. After rebooting, your router will be connected to the VPN. For reliability, check the connection via âStatus | OpenVPN. "
Tips for your routerIf you follow all the recommendations outlined in this article, even data protection experts will not be able to find fault with your configurations, since you will achieve maximum anonymity (as much as possible).
With a couple of simple tricks, you can turn your home router into a secure host. Before proceeding with the configuration, you must change the default configuration of the device.
Change SSID Do not leave the default router name. According to it, attackers can draw conclusions about your device and conduct a targeted attack on the corresponding vulnerabilities.
DNS Protection Set Quad9 DNS Server as the default on the configuration page. After that, all connected clients will enter the Network through secure DNS. It also eliminates the need to manually configure devices.
Using a VPN Through the alternative DD-WRT firmware, available for most router models, you can build a VPN connection for all clients associated with this device. There is no need to configure clients individually. All information enters the Network in encrypted form. Web services will no longer be able to calculate your real IP address and location.
Thank you for reading my article, more manuals, articles about cybersecurity, shadow Internet and much more you can find on our [Telegram channel] (https://t.me/dark3idercartel).
Thank you all for reading my article and reading it. I hope you enjoyed it and write in the comments what do you think about this?
All Articles