BT HH5 LEDE (OpenWRT)
- Thread starter Swiftz
- Start date
Can you set the DNS servers on the devices, that's how my things (in network adapter settings on pc for example) are set up and they use them instead of the isp's dns servers which are automatically set in the router (not a bt one). In the case of my pc's it even allows extra dns servers to be added for fall back etc.
You might want to look into things a little further, or at least confirm what you want/need and how fast your connection is/how much bandwidth you need encrypted. Big difference in terms of what you need between 3-5mbit of streams and general browsing privacy vs max profile line speed
How fast is the line?
How much encrypted bandwidth do you want/need?
What stats do you want/need access to?
What's the budget?
Do you have any existing hardware that may be relevant (server/NAS capable of VM/docker, old PC you can run pfsense on etc.)
Are you comfortable configuring a firewall and routing yourself or at least willing to learn? (Pfsense and RouterOS have a steep initial learning curve and are not user friendly unless you are willing to read/learn).
DNS: OpenDNS or a paid smart DNS provider who doesn't log, your VPN provider will usually handle DNS anyway while connected via VPN.
VPN: Do you really want/need/understand the implications of encrypting all traffic? It's generally not a good idea. Encryption generally reduces speed and increases latency, encrypt the traffic that needs to be encrypted, don't touch the traffic that deosn't. Paypal pulled the BNPL option on me via VPN, several online checkout's took exception to my VPN, more so if I used a non UK end point, it varies depending on who you use, but sooner or later you will run into issues.
Hardware: The HH5 is OK as a bundled router (which isn't saying much), but it's spec's are relatively poor, it lacks a hardware FPU or hardware cryptography acceleration, it's going to struggle to run a VPN using anything that would pass as meaningful encryption at near line speed unless you have a very slow connection. The build it'll be flashed with is a cut down ddwrt build, it's not officially supported and generally not something i'd personally choose as I can't see any good justification unless i've missed something?
Personally if i'm running a VPN it's because I value my privacy, running a VPN at the router level max line speed on a consumer grade router is not realistic unless you have a slow connection/profile, your options are:
Entry level business class router such as the RB750GR3 or the pfsense ARM box etc. plus AP
Bare metal install of pfsense on older hardware (cheap up front, but power isn't free and older hardware is generally less efficient).
Virtualisation e.g. a docker running VPN/services configured via iptables to only route to the VPN interface.
All of the above require a modem such as the HG612 or Vigor 1x0, you could also run a modified ECI. The other option that'll be slower is a high end consumer router and run slower speeds/lower strength (less secure) encryption. After that it's down to running per client software and hope that whatever method of maintaining the connection/routing traffic you use doesn't fail and traffic goes out unencrypted (hint: Don't trust software kill switches).
How fast is the line?
How much encrypted bandwidth do you want/need?
What stats do you want/need access to?
What's the budget?
Do you have any existing hardware that may be relevant (server/NAS capable of VM/docker, old PC you can run pfsense on etc.)
Are you comfortable configuring a firewall and routing yourself or at least willing to learn? (Pfsense and RouterOS have a steep initial learning curve and are not user friendly unless you are willing to read/learn).
DNS: OpenDNS or a paid smart DNS provider who doesn't log, your VPN provider will usually handle DNS anyway while connected via VPN.
VPN: Do you really want/need/understand the implications of encrypting all traffic? It's generally not a good idea. Encryption generally reduces speed and increases latency, encrypt the traffic that needs to be encrypted, don't touch the traffic that deosn't. Paypal pulled the BNPL option on me via VPN, several online checkout's took exception to my VPN, more so if I used a non UK end point, it varies depending on who you use, but sooner or later you will run into issues.
Hardware: The HH5 is OK as a bundled router (which isn't saying much), but it's spec's are relatively poor, it lacks a hardware FPU or hardware cryptography acceleration, it's going to struggle to run a VPN using anything that would pass as meaningful encryption at near line speed unless you have a very slow connection. The build it'll be flashed with is a cut down ddwrt build, it's not officially supported and generally not something i'd personally choose as I can't see any good justification unless i've missed something?
Personally if i'm running a VPN it's because I value my privacy, running a VPN at the router level max line speed on a consumer grade router is not realistic unless you have a slow connection/profile, your options are:
Entry level business class router such as the RB750GR3 or the pfsense ARM box etc. plus AP
Bare metal install of pfsense on older hardware (cheap up front, but power isn't free and older hardware is generally less efficient).
Virtualisation e.g. a docker running VPN/services configured via iptables to only route to the VPN interface.
All of the above require a modem such as the HG612 or Vigor 1x0, you could also run a modified ECI. The other option that'll be slower is a high end consumer router and run slower speeds/lower strength (less secure) encryption. After that it's down to running per client software and hope that whatever method of maintaining the connection/routing traffic you use doesn't fail and traffic goes out unencrypted (hint: Don't trust software kill switches).