[libreCMC] Can anyone help me with a router-behind-router setup?

7 replies [Last post]
c95
c95
Offline
Joined: 03/21/2020

Hi, I hope someone here is familiar with libreCMC because I don't really know where else to look for help.

I bought a Netgear WNDR3800 running libreCMC which I want to use in a router-behind-router setup. The goal is to connect the WNDR3800 to my roommates ISP router so I have my own network and some kind of firewall.

I have a few questions:

1. Does libreCMC have sane defaults? I am not familiar with most of the features and want to know if the defaults are secure and sane.

2. Before I connect the routers I would like to spoof the mac address of the WNDR3800. How can I achieve this?

3. LAN to WAN would be the way to go for my setup, right? What do I have to change in the LuCI web interface in order to make the whole thing work and isolate the networks?

zapper
Offline
Joined: 11/29/2019

1: Most likely,
2: I have no idea,
3A: yes I think so,
3B: No clue

c95
c95
Offline
Joined: 03/21/2020

This doesn't really help me zapper but thanks for bumping the thread, I guess...

zapper
Offline
Joined: 11/29/2019

Yeah, sorry I only know that the first answer is yes, although it could be made more secure...

ps, you picked the right router. :)

MistahDarcy
Offline
Joined: 03/18/2016

Not an expert here, just a casual user, but...

1. Does libreCMC have sane defaults? I am not familiar with most of the features and want to know if the defaults are secure and sane.

I would say yes. I've been using it for over a year now with no issues. Every now and then you have to manually flash a new firmware update. That's about it. Using the software tab you can easily install packages like DynamicDNS or an adblocker - all easily configurable through Luci (the web interface).

2. Before I connect the routers I would like to spoof the mac address of the WNDR3800. How can I achieve this?

Well you need to connect to the router itself to change settings. After connecting to the hotspot (or direct connecting through ethernet) you access the router at 192.168.10.1. To spoof your MAC go to Network > Interfaces, select your interface (LAN/WAN, whatever you want to change), Advanced Settings > Override MAC Address. The web interface is honestly is very very easy to use. You can see the option referenced in the image below.

3. LAN to WAN would be the way to go for my setup, right? What do I have to change in the LuCI web interface in order to make the whole thing work and isolate the networks?

Yes. You should just be able to plug in your libreCMC router to the other router and have it working right away after you go through your initial setup (SSID name, passwords, etc.). I have a raspberry pi connected to my libreCMC router that creates a VPN wifi hotspot separate from the main router, so it should work the same.

Hope that helps!

librecmc.png
c95
c95
Offline
Joined: 03/21/2020

First of all thank you for this helpful reply!

Did you do any changes in terms of security and/or firewall? Default login for the webinterface is root, should I create a user instead? Also do I have to set restrictions for SSH access? Just some concerns I have due to lack of knowledge.

By "spoofing the MAC address before connecting the router" I meant spoofing before connecting it to the ISP router. Already connected the router to my laptop and flashed the latest firmware. I just don't want the ISP router to log the WNDR3800 MAC address. So changing the MAC for the WAN interface would be necessary to achieve this, correct? Simply editing the interface in LuCI will do the trick?

I initially bought the WNDR3800 to run OpenVPN but realized the CPU is way too weak for decent speeds. Could you give me some info on your VPN WiFi hotspot setup?

MistahDarcy
Offline
Joined: 03/18/2016

I haven't touched my firewall settings on the router besides port forwarding configuration. Using root as your default user is fine (I am) as long as you've changed the default password. SSH Access can be managed under System > Administration, default settings are adequate. If you want additional security you can add an OpenSSH key in the settings.

I can't guarantee that your spoofed MAC will be hidden from the ISP completely as I have no way of knowing for sure. I would *assume* you're fine just making the changes through LuCI. Again - I'm just a basic user and have learned everything I know about libreCMC by just experimenting myself.

My VPN WiFi hotspot is pretty straightforward. I have a Raspberry Pi 3 Model B running YunoHost (you could install it on any PC, doesn't have to be a Pi. Just need Ethernet and WiFi). Through the admin panel I installed "VPN Client" and added the config file from my VPN host. The other component is called "WiFi Hotspot" and is installed from the same admin panel. It automatically shares the VPN connection over WiFi. Very simple, but reliable setup. Whenever internet goes out or I need to reboot, it automatically comes back up with no hassle. As a bonus it functions as a PirateBox when there's no net.

c95
c95
Offline
Joined: 03/21/2020

Thank you, I feel confident now using libreCMC with its defaults.

I might have to do some more research on the MAC spoofing. Maybe I will test if the changes are applied correctly by connecting the WNDR3800 to a spare router first.

Never heard of YunoHost before, I will definitely look into it.