Securing Home Network

I’m currently using my ISP Router, which is from TP-Link, which is well not a very privacy friendly company and I’m currently not in position to change the router yet, so what would be the best setup to maintain my privacy from ISP and secure it further?

I believe that DNS filtering would be the best solution to my privacy problem, and I think AdGuard Home would be able to solve that. But how do I set it up? From what I’ve seem on their website, it seems that I can install it on my windows laptop and it can act as DNS proxy, and when I turn off the laptop it’ll stop? Is that correct?

Also, I usually use proton vpn and mullvad , and from what I’ve read, using it over AdGuard will result in me standing out compared to all the other people using the same vpn? How do I avoid that? Or should I setup mullvad dns server or something like that? How can I do that?

As for securing, I’ve changed passwords for admin console and the router, and I give out guest wifi to the other people in the house which I don’t believe have the best privacy setup. What else can I do?

And while I’m at it, I’ve another problem with internet blot, if that’s the right term, like if one device is downloading something, the internet for the rest of the devices would slow down to point websites would start buffering, even though I’ve pretty good internet connection. How can I resolve that?

Again, I’m pretty new to all this and I might’ve mixed somethings up, sorry about it. Thanks

Is this router also a modem? ie: Does it provide xDSL service? or do you have a fibre termination device?

If you need the TP-Link for it’s DSL capabilities, then I would suggest setting it up so that it is in “bridge mode” and getting another router behind that. In this configuration your TP-Link is turned into a “dumb modem”. The routing is done by the router behind that, as is all the firewalling. The external IP address from your ISP is associated with one of the interfaces on your new router.

As for options there. The offering from Turris is often talked about as is GL.iNet. I have not used either of these as I personally have one of the OPNsense appliances. In this other thread we were talking about Firewalla, which could be okay, as long as you don’t load the device up to be some kind of “mini server”.

There’s two ways I can think of doing it. The first and likely easiest is to have Adguard running on a standalone device, like a raspberry pi, or something like that. What would happen then is your router would issue out the IP address of your local DNS resolver to the clients on your network.

Some of the above routers suggested may have packages that help you set this up.

If you’re using ProtonVPN or Mullvad use their DNS servers. ProtonVPN has their NetShield which includes many of these lists, as does do the Mullvad apps.

As for securing, I’ve changed passwords for admin console and the router, and I give out guest wifi to the other people in the house which I don’t believe have the best privacy setup. What else can I do?

It may be that this “guest” feature automatically segregates the network into separate VLANs but hides that from the operator (in this case you). The older TP-Link devices I have don’t have this option.

VLANs are a common networking feature, that allows you to segregate networks by a tagging packets as they enter a switch, or exit a computer’s network interface. With these tags you can apply firewall rules that prevent devices on one network, accessing those on another.

Typically we would use a VLAN to segregate, wifi guests, IoT devices, and if we’re routing over a VPN maybe certain clients are routed out via a VPN selectively.

I’m planning on writing an OPNsense guide for Setting up PIA VPN on pfSense for your whole network and Configuring Selective Routing - Lawrence Technology Services at some point.

The reason being is because we often do not want to use a VPN all the time. On my network, depending on the network switch port, or WiFi network you connect to, the router decides whether to route you over the VPN or not.

It’s all good, we’re always learning, and we welcome new people to our community.

3 Likes

I have been using Firewalla for about 6 months. If nothing else it has taught me a great deal more about networking than i previously new. For, example i have it configured where it is blocking about 76% of all hidden connections on my network. By using the stats provided by the app i am able to see the devices on my network, the number of times they try to connect and what they are connecting too. Its been a real eye opener to me. I use the Firewalla blue plus but would recoomend the purple or gold. Some of the features i use most are the VPN Server, VPN Client, Unbound DNS, Routing, and Rules. So i create rules that perform specific functions such as addind OISD.nl block list the one Adguard uses. With the VPN client i add multiple VPN profiles using Proton VPN. Then using the Routes feature i route different devices through different profiles. Forr example, i seperate iot devices to diffent vpn profiles. Then i use the vpn server with wiregaurd or opem vpn to route my mobile devices back through my home netwwork when im logging into places like my bank. I also use the vpn server to set up a client on my childrens phones set to always on to route back through my home network so that the content filtering i have at home works away from home ie block Instagram, youtube etc.

Anyway, the blue plus is cheap enough and works well enough to justify using it as a learning experience. IMO