John Adams
New Around Here
Hi all,
Long time lurker and fan. Merlin if you are reading this I've used your firmware for a while now, love it and thank you.
That said ... the recent DNS over TLS support that has been added looks so promising I'm willing to rethink my network configuration to get it. I've always meant to tighten up security in our home network, and this looks like a good next step. I'm not sure how to get it though with what I have and I'm looking for any suggestions on how to do better.
Hardware config...
- Canadian, have a bell modem issued HomeHub2000. Currently the wifi is off, it's acting as my DHCP server and I've configured the DNS to Cloudflare. It's statically configured as 192.168.2.1. I can't put it into bridge mode myself, but I could call tech support to do it. I *hate* their tech support, so i've avoided that because I have been working fine without it, but I'm not above it. The modem does not support DNS over TLS or IPV6.
- Two Asus routers running Merlin firmware, respectively 192.168.2 & 3. Wifi is on for both, configured for the same ssid's, non overlapping channels. Routers are 87U & 86U respectively, I have a fairly large house but the two routers seem to cover it well.
- All are hardwired together with Cat5. Lan ports are plugged into 2 & 3. modems.
- Bell has PPOE connections, I have the password for those connection. I used to have PPOE configured for all the routers in the past, but I couldn't see a benefit so I'm just using the bell modem to get the WAN IP's to keep it simple.
- I have some services accessible over wireless that I want to have working through the house ... NAS, Sonos, Plex media server etc
- no real good reason for the .2.1 subnet, other than it feels a little more secure to be non standard
So with all that ... any suggestions on a good way to migrate to getting to a good DNS over TLS configuration for all the wireless clients ? I know not everyone will have it, so I would set it optimistic, but it would be really nice to beef up privacy where I can.
A few other wish list items ...
- I'd like to turn on IPv6 for the network and use it. Only a nice to have.
- It would be nice to have the option to run a VPN on the 86u. (look US based)
Thanks in advance for any suggestions,
John
ps Yes I know I can setup my browsers to be better, run a VPN cient etc. I want the network to protect not only my pc's priacy, but the kids, their phones, my wife's phone by default. I know enough about security to know this is a small step, but it feels like an important one.
Long time lurker and fan. Merlin if you are reading this I've used your firmware for a while now, love it and thank you.
That said ... the recent DNS over TLS support that has been added looks so promising I'm willing to rethink my network configuration to get it. I've always meant to tighten up security in our home network, and this looks like a good next step. I'm not sure how to get it though with what I have and I'm looking for any suggestions on how to do better.
Hardware config...
- Canadian, have a bell modem issued HomeHub2000. Currently the wifi is off, it's acting as my DHCP server and I've configured the DNS to Cloudflare. It's statically configured as 192.168.2.1. I can't put it into bridge mode myself, but I could call tech support to do it. I *hate* their tech support, so i've avoided that because I have been working fine without it, but I'm not above it. The modem does not support DNS over TLS or IPV6.
- Two Asus routers running Merlin firmware, respectively 192.168.2 & 3. Wifi is on for both, configured for the same ssid's, non overlapping channels. Routers are 87U & 86U respectively, I have a fairly large house but the two routers seem to cover it well.
- All are hardwired together with Cat5. Lan ports are plugged into 2 & 3. modems.
- Bell has PPOE connections, I have the password for those connection. I used to have PPOE configured for all the routers in the past, but I couldn't see a benefit so I'm just using the bell modem to get the WAN IP's to keep it simple.
- I have some services accessible over wireless that I want to have working through the house ... NAS, Sonos, Plex media server etc
- no real good reason for the .2.1 subnet, other than it feels a little more secure to be non standard
So with all that ... any suggestions on a good way to migrate to getting to a good DNS over TLS configuration for all the wireless clients ? I know not everyone will have it, so I would set it optimistic, but it would be really nice to beef up privacy where I can.
A few other wish list items ...
- I'd like to turn on IPv6 for the network and use it. Only a nice to have.
- It would be nice to have the option to run a VPN on the 86u. (look US based)
Thanks in advance for any suggestions,
John
ps Yes I know I can setup my browsers to be better, run a VPN cient etc. I want the network to protect not only my pc's priacy, but the kids, their phones, my wife's phone by default. I know enough about security to know this is a small step, but it feels like an important one.