Can I Use WPA3 On R7000 or R6700v3 If I Flash ddwrt firmware

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
chillyflake
DD-WRT Novice


Joined: 09 Jul 2020
Posts: 3

PostPosted: Thu Jul 09, 2020 14:40    Post subject: Can I Use WPA3 On R7000 or R6700v3 If I Flash ddwrt firmware Reply with quote
Hello.
I am new to the whole digital security since I started learning it as a side hobby during COVID19 lockdown. Any sort of help is appreciated.

Recently I did a little bit of researches and from what I understand, opensource firmware are usually more secure from the OEM firmware. Opensource firmware also enables user with a lot more options and features like enhanced services, better privacy and security to users.

I am running a R7000 from netgear for a while now with OEM firmware.

I have 3 devices in my house [2 Mobiles and 1 Wireless Network Card] that support Wifi 6

I was wondering, does having Wifi 6 also come with WPA3 security protocol? I have this doubt since Both of my mobile phones which I got recently support WPA3 authentication.

If that is the case, I was was wondering, since my R7000 does not have WPA3 from the OEM, will flashing my router with firmware like ddwrt enable me to use WPA3 for my wireless network and establish successful connections with my phones that have WPA3?

Also while I was looking into the network security, I found out things like DoT and DoH [Encrypted DNS queries], will flashing my R7000 with ddwrt allow me to use such features with having to plug in external tools like USB? Does ddwrt have inbuilt features like DoH and DoT along with WPA3 and ability to transfer data at 6Ghz?

Thank you if you've answered the questions :)
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3822
Location: UK, London, just across the river..

PostPosted: Thu Jul 09, 2020 14:49    Post subject: Reply with quote
yep WPA3 is supported...
i haven't seen any WPA3 clients yet, commercially...
WiFi 6 is a marketing trick...
yep DoT DoH is achievable via Entware package manager installed on USB, links in my sig...
yep R7000 has the old version of DNScrypt via GUI

'ability to transfer data at 6Ghz' - no idea what is this animal...

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 44251 BS AP,NAT
TP-Link WR740Nv4 ------DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ----DD-WRT 444467 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----DD-WRT 44340 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 44467 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -------DD-WRT 44467 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
chillyflake
DD-WRT Novice


Joined: 09 Jul 2020
Posts: 3

PostPosted: Thu Jul 09, 2020 15:15    Post subject: Reply with quote
Alozaros wrote:

yep DoT DoH is achievable via Entware package manager installed on USB


Thanks for responding Smile
Is it available by default? Like toggling an option and selecting a DoH/DoT/Custom provider to start having encrypted DNS without having to go through setting up an external tool like USB and downloading a script from the ddwrt repository?

DNScrypt from what I understand is an outdated method to encrypt DNS. DoH and DoT are more uptodate, preferred and fast methods to have a secure DNS query.

DoH instead DoT nonetheless is more prefered since DoH uses 443 [https] instead of a separate 853 [DoT Default] hence ISP/Network scanners can easily monitor/identify/block the traffic.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 934
Location: Appalachian mountains, USA

PostPosted: Thu Jul 09, 2020 18:55    Post subject: Reply with quote
I use DNSCrypt on my routers, the "old" version that does not require USB, packages, etc. Works great. Always been happy with it. It does not support as many DNS providers though as the newer, package-based version. Neither of my two DNS providers uses the standard port 53 for DNS (the two of them use different ports from each other, actually), so ISPs that try to intercept DNS requests generally aren't going to interfere. I've never had issues of that sort.

There is still some debate about whether DoH is truly secure, but that's all way over my head. I have not seen those issues arise re DoT. The original developer of DNSCrypt advises to forget all these DNS-encryption systems and just use a VPN with DNS access through the VPN system. That's actually quite feasible with dd-wrt if you pick the right DNS provider. You can even use "split tunneling" (in dd-wrt land we call it Policy Based Routing or PBR) to route some but not all of your internet traffic through the VPN. What's interesting is that you can do that while still having all of your DNS queries routed through the VPN to your VPN provider's DNS servers.

_________________
Five Linksys WRT1900ACSv2's on 42926, 44048
VLANs, multiple VAPs, NAS, client-mode travel router, OpenVPN client/PBR (AirVPN), wireguard/PBR (AzireVPN), two DNSCrypt servers (incl Quad9) routed through OpenVPN.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum