DD-WRT on Netgear R6300v2: Encrypt local traffic only

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
View previous topic :: View next topic  
Author Message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Wed Sep 20, 2023 16:52    Post subject: DD-WRT on Netgear R6300v2: Encrypt local traffic only Reply with quote
Thanks in advance
I have this router: Netgear R6300V2
I installed DD-WRT version on it which is: DD-WRT v24-sp2 (02/04/15) std - build 26138
I have it setup to repeat routers so I can use the repeated router as a gateway for internet traffic.
How do I encrypt the data between my above router and my devices, but keep the traffic unencrypted between my router and the main internet gateway? This is kind of like a VPN but would be hosted on my router rather than an internet router VPN service that costs money.

here's my basic setup:
Wireless Physical Interface wl0 [2.4 GHz] (this is the connection to the external router)
These are local LAN/WAN interfaces that I want to encrypt and allow all clients connecrted to these to be encrypted so the router above cannot know what sites I am visiting or snoop.

Virtual Interfaces wl0.1 SSID [connerie1] HWAddr [C2:FF:D4:99:4A:F3]

Physical Interface wl1 - SSID [connerie1] HWAddr [C0:FF:D4:99:4A:EF]

Attached image to show more detail
Back to top View user's profile Send private message
Sponsor
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Wed Sep 20, 2023 16:57    Post subject: Re: DD-WRT on Netgear R6300v2: Encrypt local traffic only Reply with quote
Come to think of it:

I don't think what I propose will work right?

I would need a VPN to encrypt traffic between my router and the external right?

Otherwise if I encrypted traffic between my router and the external WAN, it would come out as gibberish right?

djddwrt19801 wrote:
Thanks in advance
I have this router: Netgear R6300V2
I installed DD-WRT version on it which is: DD-WRT v24-sp2 (02/04/15) std - build 26138
I have it setup to repeat routers so I can use the repeated router as a gateway for internet traffic.
How do I encrypt the data between my above router and my devices, but keep the traffic unencrypted between my router and the main internet gateway? This is kind of like a VPN but would be hosted on my router rather than an internet router VPN service that costs money.

here's my basic setup:
Wireless Physical Interface wl0 [2.4 GHz] (this is the connection to the external router)
These are local LAN/WAN interfaces that I want to encrypt and allow all clients connecrted to these to be encrypted so the router above cannot know what sites I am visiting or snoop.

Virtual Interfaces wl0.1 SSID [connerie1] HWAddr [C2:FF:D4:99:4A:F3]

Physical Interface wl1 - SSID [connerie1] HWAddr [C0:FF:D4:99:4A:EF]

Attached image to show more detail
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Wed Sep 20, 2023 16:59    Post subject: Re: DD-WRT on Netgear R6300v2: Encrypt local traffic only Reply with quote
Maybe a comrpromise like free external DNS that I could use on my router so that the ISP couldn't easily look up what sites I am visiting?

djddwrt19801 wrote:
Come to think of it:

I don't think what I propose will work right?

I would need a VPN to encrypt traffic between my router and the external right?

Otherwise if I encrypted traffic between my router and the external WAN, it would come out as gibberish right?

djddwrt19801 wrote:
Thanks in advance
I have this router: Netgear R6300V2
I installed DD-WRT version on it which is: DD-WRT v24-sp2 (02/04/15) std - build 26138
I have it setup to repeat routers so I can use the repeated router as a gateway for internet traffic.
How do I encrypt the data between my above router and my devices, but keep the traffic unencrypted between my router and the main internet gateway? This is kind of like a VPN but would be hosted on my router rather than an internet router VPN service that costs money.

here's my basic setup:
Wireless Physical Interface wl0 [2.4 GHz] (this is the connection to the external router)
These are local LAN/WAN interfaces that I want to encrypt and allow all clients connecrted to these to be encrypted so the router above cannot know what sites I am visiting or snoop.

Virtual Interfaces wl0.1 SSID [connerie1] HWAddr [C2:FF:D4:99:4A:F3]

Physical Interface wl1 - SSID [connerie1] HWAddr [C0:FF:D4:99:4A:EF]

Attached image to show more detail
Back to top View user's profile Send private message
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 690
Location: Earth
PostPosted: Wed Sep 20, 2023 17:09    Post subject: Reply with quote
Is there a reason you're running such an old build?
I recommend you upgrade to the current build https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2023/09-08-2023-r53469/netgear-r6300v2/
just double check its the correct version for your device before flashing.
Lots of security fixes and much development since your outdated build.
Did you used the router database? This is not maintained this link here may help if the above is not the correct version for your device.
https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/

I would just use a vpn to stop the upstream router sniffing to much, although this is not 100% if they can use wireshark.
_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!

Last edited by foz111 on Wed Sep 20, 2023 17:18; edited 1 time in total
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Wed Sep 20, 2023 17:12    Post subject: Reply with quote
Thanks for reply

I simply got the build that seemed to be the latest for my router.

This is the only one I could find.

Can you tell me which I should download for my router hardware?

I made backups but I don't want to mess anything up and brick the router.

foz111 wrote:
Is there a reason you're running such an old build?
I recommend you upgrade to the current build https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2023/09-08-2023-r53469/netgear-r6300v2/
just double check its the correct version for your device before flashing.
Lots of security fixes and much development since your outdated build.
Did you used the router database? This is not maintained this link here may help if the above is not the correct version for your device.
https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12499
Location: Netherlands
PostPosted: Wed Sep 20, 2023 17:19    Post subject: Reply with quote
Upgrade to the latest build e.g 53469.

After upgrade reset to defaults and put settings in manually, never restore from a backup (to a different build), if you do it is garbage out garbage in.

When you have upgraded we can take it from there.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Sun Nov 05, 2023 14:33    Post subject: Reply with quote
Greetings

What file would I need to download and is the upgrade pretty much seamless?

I don't want to mess up the router and don't know how to re-flash a potentially bricked device.

Can you assist? Thanks in advance
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Sun Nov 05, 2023 14:37    Post subject: Reply with quote
Would I download the latest from here?

https://ftp.dd-wrt.com/dd-wrtv2/downloads/betas/2023/11-01-2023-r53843/netgear-r6300v2/

Is there anything that could go wrong with the upgrade AND how would I recover from a potential failure?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12499
Location: Netherlands
PostPosted: Sun Nov 05, 2023 14:56    Post subject: Reply with quote
Normally yes but we are in a transition state so for now I would use 53562.

You are coming from a very old build so I cannot guarantee anything but normally you can just upgrade via the GUI.

Before you do make screenshots of your settings, you can usually print to pdf.

After upgrade reset to defaults and put settings in manually.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Sun Nov 05, 2023 15:09    Post subject: Reply with quote
Greetings

I am ULTRA afraid of ruining this router and spending hours trying to repair it after a potentially failed upgrade.

What would I need to do to repair it IF it fails an upgrade to latest build?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12499
Location: Netherlands
PostPosted: Sun Nov 05, 2023 15:14    Post subject: Reply with quote
The R6300v2 resembles R6400.

See the R6400 guide link in my signature at the bottom.

NMRPFlash usually does the trick although personally I never need to debrick.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Sun Nov 05, 2023 15:16    Post subject: Reply with quote
Yes I am hoping I do not need to "de brick" if a failed upgrade ,but I am afraid of this potential seeing now I am in a foreign country with very limited access to buy another..

If the upgrade fails I cannot get back into the admin panel right?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12499
Location: Netherlands
PostPosted: Sun Nov 05, 2023 15:33    Post subject: Reply with quote
If you brick you router it is not working anymore and you cannot get into the admin panel, until you debrick it.

I can understand your concern, the chances of bricking are small but not zero.

I never bricked one of these but that does not guarantee anything, only that the chances are small.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Sun Nov 05, 2023 15:42    Post subject: Reply with quote
Greetings

Thanks for the "hand holding" for sure and re-assurance.

I am only mainly thinking about upgrading so I can use Proton VPN

Right now it doesn't seem to work.

Do you have any idea how to setup Proton VPN on my build successfully with the below config file?

It's in the attachment
Back to top View user's profile Send private message
djddwrt19801
DD-WRT Novice


Joined: 20 Sep 2023
Posts: 15
PostPosted: Sun Nov 05, 2023 15:43    Post subject: Reply with quote
djddwrt19801 wrote:
Greetings

Thanks for the "hand holding" for sure and re-assurance.

I am only mainly thinking about upgrading so I can use Proton VPN

Right now it doesn't seem to work.

Do you have any idea how to setup Proton VPN on my build successfully with the below config file?

It's in the attachment


Attachment here

# ==============================================================================
# Copyright (c) 2023 Proton AG (Switzerland)
# Email: contact@protonvpn.com
#
# The MIT License (MIT)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# ==============================================================================

# If you are a paying user you can also enable the ProtonVPN ad blocker (NetShield) or Moderate NAT:
# Use: "WExaSp5UBYUpui0s+f1" as username to enable anti-malware filtering
# Use: "WExaSp5UBYUpui0s+f2" as username to additionally enable ad-blocking filtering
# Use: "WExaSp5UBYUpui0s+nr" as username to enable Moderate NAT
# Note that you can combine the "+nr" suffix with other suffixes.

client
dev tun
proto udp

remote 45.87.214.106 1194
remote 45.87.214.106 4569
remote 45.87.214.106 5060
remote 45.87.214.106 51820
remote 45.87.214.106 80

remote-random
resolv-retry infinite
nobind

cipher AES-256-GCM

setenv CLIENT_CERT 0
tun-mtu 1500
mssfix 0
persist-key
persist-tun

reneg-sec 0

remote-cert-tls server
auth-user-pass


<ca>
-----BEGIN CERTIFICATE-----
MIIFnTCCA4WgAwIBAgIUCI574SM3Lyh47GyNl0WAOYrqb5QwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCQ0gxHzAdBgNVBAoMFlByb3RvbiBUZWNobm9sb2dpZXMg
QUcxEjAQBgNVBAsMCVByb3RvblZQTjEaMBgGA1UEAwwRUHJvdG9uVlBOIFJvb3Qg
Q0EwHhcNMTkxMDE3MDgwNjQxWhcNMzkxMDEyMDgwNjQxWjBeMQswCQYDVQQGEwJD
SDEfMB0GA1UECgwWUHJvdG9uIFRlY2hub2xvZ2llcyBBRzESMBAGA1UECwwJUHJv
dG9uVlBOMRowGAYDVQQDDBFQcm90b25WUE4gUm9vdCBDQTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAMkUT7zMUS5C+NjQ7YoGpVFlfbN9HFgG4JiKfHB8
QxnPPRgyTi0zVOAj1ImsRilauY8Ddm5dQtd8qcApoz6oCx5cFiiSQG2uyhS/59Zl
5wqIkw1o+CgwZgeWkq04lcrxhhfPgJZRFjrYVezy/Z2Ssd18s3/FFNQ+2iV1KC2K
z8eSPr50u+l9vEKsKiNGkJTdlWjoDKZM2C15i/h8Smi+PdJlx7WMTtYoVC1Fzq0r
aCPDQl18kspu11b6d8ECPWghKcDIIKuA0r0nGqF1GvH1AmbC/xUaNrKgz9AfioZL
MP/l22tVG3KKM1ku0eYHX7NzNHgkM2JKnBBannImQQBGTAcvvUlnfF3AHx4vzx7H
ahpBz8ebThx2uv+vzu8lCVEcKjQObGwLbAONJN2enug8hwSSZQv7tz7onDQWlYh0
El5fnkrEQGbukNnSyOqTwfobvBllIPzBqdO38eZFA0YTlH9plYjIjPjGl931lFAA
3G9t0x7nxAauLXN5QVp1yoF1tzXc5kN0SFAasM9VtVEOSMaGHLKhF+IMyVX8h5Iu
IRC8u5O672r7cHS+Dtx87LjxypqNhmbf1TWyLJSoh0qYhMr+BbO7+N6zKRIZPI5b
MXc8Be2pQwbSA4ZrDvSjFC9yDXmSuZTyVo6Bqi/KCUZeaXKof68oNxVYeGowNeQd
g/znAgMBAAGjUzBRMB0GA1UdDgQWBBR44WtTuEKCaPPUltYEHZoyhJo+4TAfBgNV
HSMEGDAWgBR44WtTuEKCaPPUltYEHZoyhJo+4TAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBBmzCQlHxOJ6izys3TVpaze+rUkA9GejgsB2DZXIcm
4Lj/SNzQsPlZRu4S0IZV253dbE1DoWlHanw5lnXwx8iU82X7jdm/5uZOwj2NqSqT
bTn0WLAC6khEKKe5bPTf18UOcwN82Le3AnkwcNAaBO5/TzFQVgnVedXr2g6rmpp9
gdedeEl9acB7xqfYfkrmijqYMm+xeG2rXaanch3HjweMDuZdT/Ub5G6oir0Kowft
lA1ytjXRg+X+yWymTpF/zGLYfSodWWjMKhpzZtRJZ+9B0pWXUyY7SuCj5T5SMIAu
x3NQQ46wSbHRolIlwh7zD7kBgkyLe7ByLvGFKa2Vw4PuWjqYwrRbFjb2+EKAwPu6
VTWz/QQTU8oJewGFipw94Bi61zuaPvF1qZCHgYhVojRy6KcqncX2Hx9hjfVxspBZ
DrVH6uofCmd99GmVu+qizybWQTrPaubfc/a2jJIbXc2bRQjYj/qmjE3hTlmO3k7V
EP6i8CLhEl+dX75aZw9StkqjdpIApYwX6XNDqVuGzfeTXXclk4N4aDPwPFM/Yo/e
KnvlNlKbljWdMYkfx8r37aOHpchH34cv0Jb5Im+1H07ywnshXNfUhRazOpubJRHn
bjDuBwWS1/Vwp5AJ+QHsPXhJdl3qHc1szJZVJb3VyAWvG/bWApKfFuZX18tiI4N0
EA==
-----END CERTIFICATE-----
</ca>

<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
6acef03f62675b4b1bbd03e53b187727
423cea742242106cb2916a8a4c829756
3d22c7e5cef430b1103c6f66eb1fc5b3
75a672f158e2e2e936c3faa48b035a6d
e17beaac23b5f03b10b868d53d03521d
8ba115059da777a60cbfd7b2c9c57472
78a15b8f6e68a3ef7fd583ec9f398c8b
d4735dab40cbd1e3c62a822e97489186
c30a0b48c7c38ea32ceb056d3fa5a710
e10ccc7a0ddb363b08c3d2777a3395e1
0c0b6080f56309192ab5aacd4b45f55d
a61fc77af39bd81a19218a79762c3386
2df55785075f37d8c71dc8a42097ee43
344739a0dd48d03025b0450cf1fb5e8c
aeb893d9a96d1f15519bb3c4dcb40ee3
16672ea16c012664f8a9f11255518deb
-----END OpenVPN Static key V1-----
</tls-crypt>
Back to top View user's profile Send private message
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum