To preface, my networking knowledge is a bit limited. What I initially wanted to do was just change my DNS to use Adguard to filter out streaming service(s) ads. But then I started diving into my network setup and it opened another can of worms. What I have are two routers: one is a Technicolor C2000t required to connect to my ISP. The second is an ASUS RT-AC68U which I already owned prior to switching to this ISP, to which all clients are connecting. Everything works now but I suspect that I have more services enabled on both routers than I really need. What I would like to do is use the ASUS as both a hardwired (PC) and Wi-Fi (mobile, etc.) device access point (assuming that's the correct terminology) that also supports VPN clients on those devices (not configuring VPN on the router(s) per se). The C200t would be just the Internet on-ramp -- no wireless enabled. What I'm needing help with is what is a recommended minimal, secure way to configure these? I.e WAN, LAN, firewall, NAT, DHCP, WPA2, IP addresses / ranges, DNS, DMZ, etc. I know, I'm asking a lot.