Posted: Thu Jul 09, 2020 14:40 Post subject: Can I Use WPA3 On R7000 or R6700v3 If I Flash ddwrt firmware
I am new to the whole digital security since I started learning it as a side hobby during COVID19 lockdown. Any sort of help is appreciated.
Recently I did a little bit of researches and from what I understand, opensource firmware are usually more secure from the OEM firmware. Opensource firmware also enables user with a lot more options and features like enhanced services, better privacy and security to users.
I am running a R7000 from netgear for a while now with OEM firmware.
I have 3 devices in my house [2 Mobiles and 1 Wireless Network Card] that support Wifi 6
I was wondering, does having Wifi 6 also come with WPA3 security protocol? I have this doubt since Both of my mobile phones which I got recently support WPA3 authentication.
If that is the case, I was was wondering, since my R7000 does not have WPA3 from the OEM, will flashing my router with firmware like ddwrt enable me to use WPA3 for my wireless network and establish successful connections with my phones that have WPA3?
Also while I was looking into the network security, I found out things like DoT and DoH [Encrypted DNS queries], will flashing my R7000 with ddwrt allow me to use such features with having to plug in external tools like USB? Does ddwrt have inbuilt features like DoH and DoT along with WPA3 and ability to transfer data at 6Ghz?
Joined: 16 Nov 2015 Posts: 3822 Location: UK, London, just across the river..
Posted: Thu Jul 09, 2020 14:49 Post subject:
yep WPA3 is supported...
i haven't seen any WPA3 clients yet, commercially...
WiFi 6 is a marketing trick...
yep DoT DoH is achievable via Entware package manager installed on USB, links in my sig...
yep R7000 has the old version of DNScrypt via GUI
'ability to transfer data at 6Ghz' - no idea what is this animal... _________________ Atheros
TP-Link WR740Nv1 ------DD-WRT 44251 BS AP,NAT
TP-Link WR740Nv4 ------DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ----DD-WRT 444467 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----DD-WRT 44340 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Netgear R7800 -------DD-WRT 44467 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Netgear R7000 -------DD-WRT 44467 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
Stubby for DNS over TLS I DNSCrypt v2 by mac913
yep DoT DoH is achievable via Entware package manager installed on USB
Thanks for responding
Is it available by default? Like toggling an option and selecting a DoH/DoT/Custom provider to start having encrypted DNS without having to go through setting up an external tool like USB and downloading a script from the ddwrt repository?
DNScrypt from what I understand is an outdated method to encrypt DNS. DoH and DoT are more uptodate, preferred and fast methods to have a secure DNS query.
DoH instead DoT nonetheless is more prefered since DoH uses 443 [https] instead of a separate 853 [DoT Default] hence ISP/Network scanners can easily monitor/identify/block the traffic.
Joined: 04 Aug 2018 Posts: 934 Location: Appalachian mountains, USA
Posted: Thu Jul 09, 2020 18:55 Post subject:
I use DNSCrypt on my routers, the "old" version that does not require USB, packages, etc. Works great. Always been happy with it. It does not support as many DNS providers though as the newer, package-based version. Neither of my two DNS providers uses the standard port 53 for DNS (the two of them use different ports from each other, actually), so ISPs that try to intercept DNS requests generally aren't going to interfere. I've never had issues of that sort.
There is still some debate about whether DoH is truly secure, but that's all way over my head. I have not seen those issues arise re DoT. The original developer of DNSCrypt advises to forget all these DNS-encryption systems and just use a VPN with DNS access through the VPN system. That's actually quite feasible with dd-wrt if you pick the right DNS provider. You can even use "split tunneling" (in dd-wrt land we call it Policy Based Routing or PBR) to route some but not all of your internet traffic through the VPN. What's interesting is that you can do that while still having all of your DNS queries routed through the VPN to your VPN provider's DNS servers. _________________ Five Linksys WRT1900ACSv2's on 42926, 44048
VLANs, multiple VAPs, NAS, client-mode travel router, OpenVPN client/PBR (AirVPN), wireguard/PBR (AzireVPN), two DNSCrypt servers (incl Quad9) routed through OpenVPN.