Posted: Sun Oct 03, 2021 16:46 Post subject: Securing router
I have a Linksys WRT 3200 ACM router. It is flashed. See screenshot. What I am trying to do is install IPVanish on my router. That won't take either, but 1st I need to secure it.
How do I secure my router? I go to the Administration page and put in the name and password I want to secure my router. I click Save>Apply Settings>Reboot. However, when the router reboots, it still does not ask for a password for anything to connect. It still shows open. You can also see I have created the separate band names, preparing for the VPN. They also show as no Internet, but they all work. Both by Ethernet and WiFi.
Okay, yes, I was in a panic. I skipped steps. I have reviewed the links and am I reading more of them now. I am desperate to secure my router. Any help is appreciated.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Sun Oct 03, 2021 20:36 Post subject:
Hounddog24 wrote:
Okay, yes, I was in a panic. I skipped steps. I have reviewed the links and am I reading more of them now. I am desperate to secure my router. Any help is appreciated.
Reading is good. Do lots of it.
But to quell the panic, go to the Wireless tab then Wireless Security. Choose WPA2 Personal and CCMP-128 (AES) and set a password under WPA Shared Key and do this for each interface (two, one for each band). Defaults should work fine for anything else on the page. Then Save, and either Apply (it will restart the wifi system so needs a minute or so) or reboot.
Be patient with yourself and with the dd-wrt learning process. It's a bit of a long road once you start wanting to do interesting things. Get the basics down first, and learn your way around the key parts of the GUI. For setting up a VPN, look at the guide in the Sticky Post near the top of the Advanced Networking forum. Remember that dd-wrt instructions from VPN providers are pretty much 100% old and obsolete, so if they conflict with the forum guide, go with the guide's advice. Some of the settings have changed. Overall the whole business is far simpler than it used to be, so don't get tricked into entering long lists of commands in Additional Config.
For a VPN to be practical, you're likely going to want Policy Based Routing so you can have some wifi clients connected through the VPN while others bypass the VPN. See the same guide. Before that, however, you'll need to figure out how to split your system into (at least) two subnets, to either unbridge one of your wifi interfaces or set up a VAP (virtual access point). See https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1217070, third post. I suggest getting a VAP set up and working smoothly first before you even attempt the VPN setup. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Thanks SurprisedItWorks. I was able to find the paths you posted. However I was not successful. I clicked save and apply and she rebooted. WiFi never came back on. I unplugged the unit and plugged it back in. Still can't get the WiFi to broadcast. Ideas?
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Sun Oct 03, 2021 22:26 Post subject:
Hounddog24 wrote:
Thanks SurprisedItWorks. I was able to find the paths you posted. However I was not successful. I clicked save and apply and she rebooted. WiFi never came back on. I unplugged the unit and plugged it back in. Still can't get the WiFi to broadcast. Ideas?
Go back to the beginning then, and work through the guidance in the "Cliff Notes" Sticky post at the top of this forum. It's mostly still correct but a little out of date on a couple of points. In particular, just leave the NTP server field empty and let dd-wrt use its internal defaults for that field, to make success re time a sure thing.
Also, on a more minor note, a reset to the dd-wrt default config in telnet is "nvram erase && reboot" and NOT anything involving "erase nvram," which is dangerous. Not important because a 10s push of the recessed reset button on the back near the power switch (at least on my WRT1900ACSv2 routers) does the "nvram erase && reboot" for you without the need to involve telnet.
I didn't notice which build you are running. Don't use the ancient, buggy 40559 build or whatever the obsolete router database is saying. The current build 47495 seems to be making people happy, per its new-build thread https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=330347.
Above all, don't rush. Be patient and careful, and you'll get there. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
I did have some success. I got the 2.4 to broadcast and work. It is also secure now along with the 5 band. I have made great progress just today in this adventure. I am going to check out that last link you gave me. Maybe the 1st thing I need to do is to upgrade my build to a newer one. I am sure what I have is old. It came from the database, which I understand now is old stuff. I am using 44715. Off to read some more.
Thanks for sticking with the new guy on the block.
I have awesome news. My router is secure. Both WiFi bands are working. So off to move forward to the end goal of installing IPVanish on my router.
I am trying to decide on what build to upgrade to. I am currently running r44715. I see the general answer is to get the latest build. I have found that is r47510. When I click that version and get to the next page, I have a couple clickable links.
The 1 takes me back to the "Router Database" page. Everything I see is to never upgrade from there.
I am confused about a couple different things. Do I really want the latest build? I have already shown I am not familiar with the software. Maybe an older build, more stable build, would be a better choice for me? What build might you recommend and where to get it?
Thanks for the tips, folks. I could not have secured my router without this community. I am confident the folks here can help me get the job done.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Mon Oct 04, 2021 14:10 Post subject:
Welcome to the confusion I was trying to fix for the community before all the "fuck kp69" emails by the angry mob with pitchforks flew again. It is always desired from the developer's perspective to use the latest build; flash and report. There are known issues on Marvell, and this is something that has to be understood and worked around. The information could be in one place, but the community seems to frown on anyone trying to accomplish this for some reason. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Mon Oct 04, 2021 14:11 Post subject:
I have no idea what tool you are using when you talk about clicks and going to the router database. Get the links to the download firmware files from the first post in the new-build thread.
The old builds are not more stable. dd-wrt has been under continuous development for many years, and every build is a beta-test build. New ones have many security holes filled and are generally safer, BUT when a build includes major changes, new bugs can appear and occasionally one is serious, so ALWAYS read the new-build thread before flashing, to make sure owners of your model router are not all hitting some nasty bug. This is important. It's rare, but there have been builds that brick routers. Those builds will not remain posted for download for long, of course, but if you jump to the very newest build, one that has only been out for hours that few have had time yet to try and post on, you're taking a risk. I prefer a build that has been out a week or two minimum, with several solid user reports and no alarming ones. When you see problems mentioned, look for confirmation from other users, because problems posted by newer users are often the result of configuration errors. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
EDIT...I think I found exactly what you are speaking of. I have selected r47474 since it is a few days old. I will research a bit and give some time for feedback before I download the file.
Hello everyone. I just wanted to come back to the site and give credit. I have successfully installed IPVanish on my router. I am up and running and all appears well. Thank you to all who helped by posting and all the numerous post that helped me figure out what to do.
