[R2D2]

Quote:

Originally Posted by Su-47

Curious - what's your HW config like? Radius server and firewall on different machines, or VMs on a single HW?

With so many devices, users, and their general belief that internet is mostly safe, the thought of putting a proper firewall did cross my mind, but the effort and HW involved plays a dampener. And, I never thought one would put a radius server at home.

It could very well be that I don't know how to do it, so would be great to have some pointers.

I set up Radius server on the firewall box (links to box specs provided earlier) which consumes about 7W of power at idle. It more than suffices for home use and has enough grunt to serve a small office setup. No point setting up a separate PC/server. I am keen to save on power given Maharashtra's horrendously expensive KWH units.

pfSense has a Free Radius module that can be downloaded and setup/configured. As always with anything related to pfSense you will find plenty of online help to get your kit up and going.

What do you intend installing Radius server on? Can definitely point you to some online help on the setup procedure.

[Su-47]

Quote:

Originally Posted by R2D2

I set up Radius server on the firewall box (links to box specs provided earlier) which consumes about 7W of power at idle.
What do you intend installing Radius server on? Can definitely point you to some online help on the setup procedure.

I can't find your box specs. And, I don't intend to run the radius server. Was curious that someone was doing so at home, and so got interested in the HW. Sorry, if I was not clear.

Quote:

Originally Posted by prasadee

At Home, the Internal authentication WPA2-psk done on the AP is good enough. In terms of encryption, you can enable 4 way handshaking to be done on the AP.
...... If you are paranoid, you can setup AP to filter out based on mac addresses.

I'm under the impression that 4-way handshake is on by default if I use WPA2-AES. Let me know if this is not true. And, I also read that if someone can break WPA2, spoofing the MAC would be a cakewalk, so didn't bother to set it up.

[prasadee]

Quote:

Originally Posted by Thad E Ginathom

The lack of security of "Internet-of-things" devices seems to be the big issue today. How do you ensure your security? For a short time, a couple of years ago, I had a camera watching a birds' nest. I changed its default passwords, and did not set up any mechanism for communication except on my LAN.

My wife does not trust any software/firewall or security settings. All laptop cameras have a thick blue painters tape on them. When we are at home, my wife puts the blue tape on the security camera as well. I take it off when we are going to be out of town overnight. My NAS is my personal cloud. I use it instead of using Google/Amazon cloud. I physically power it off when not in continuous use. I guess our family pics and videos can be hacked, because I am such a celebrity .

Quote:

Originally Posted by Su-47

I'm under the impression that 4-way handshake is on by default if I use WPA2-AES. Let me know if this is not true. And, I also read that if someone can break WPA2, spoofing the MAC would be a cakewalk, so didn't bother to set it up.

You are right, the second sentence was redundant. WPA2-psk uses 4 way handshaking. You are right that Mac address filtering is not a security feature, I stand corrected. I do this on top of WPA2-psk. My security settings are mostly to make sure my kids do not get more of their devices connected on to Wifi. They know the Wifi password, so I need to know when they want to connect a new device.

[R2D2]

Quote:

Originally Posted by Su-47

I can't find your box specs. And, I don't intend to run the radius server. Was curious that someone was doing so at home, and so got interested in the HW. Sorry, if I was not clear.

No worries.

This is the box - http://store.netgate.com/ADI/RCC-VE-2440.aspx

I've added a 128 GB mSATA SSD to it. FreeBSD (on which pfSense runs) has a light footprint. So 4 GB of RAM will suffice for all but the most demanding of applications.

Quote:

Originally Posted by prasadee

My NAS is my personal cloud. I use it instead of using Google/Amazon cloud. I physically power it off when not in continuous use. I guess our family pics and videos can be hacked, because I am such a celebrity.

You are right, the second sentence was redundant. WPA2-psk uses 4 way handshaking. You are right that Mac address filtering is not a security feature, I stand corrected. I do this on top of WPA2-psk. My security settings are mostly to make sure my kids do not get more of their devices connected on to Wifi. They know the Wifi password, so I need to know when they want to connect a new device.

My NAS box is switched off when backup/sync jobs are complete. It is last thing I need hacked. I take PC and network security very seriously. MAC address filtering is only one of the steps to partially secure the WiFi. Which is why I am slowly shifting to enterprise type security including turning down AP/router radio output (there's one in each room so signal reach can be limited) scheduled radio switch off/on, etc. But among all these options RADIUS authentication is what makes it the safest from attacks.

PS - Guest networks are a no-no and always disabled. If a guest needs WiFi access in an emergency I use my mobile phone as a hotspot. Better the phone than the network as long as there are no heavy downloads.

[sukhoi]

Quote:

Originally Posted by sukhoi

Hello folks,

Am currently using TP Link Wireless Modem router TD-W8968 model.
TIA,
S

Quote:

Originally Posted by hserus

You may be facing channel interference with a nearby wifi device such as a wifi enabled printer (which has an access point) or with your neighbour's wifi routers.

Try to set the channel manually in the settings and experiment on where you get a strong and uninterrupted signal.

Thanks for the inputs Suresh. I did try this however there was no luck. WiFi signal would connect briefly and then again drop off. I double checked the internet from Airtel (by using plain modem n LAN cable) and it works fine. If I take that as input to the TP Link device and then pull out another LAN cable, am still able to access internet (wired). I even tried changing the setting to only wifi router but then also it did not work. Tried factory reset etc. too.

Suspect that the wifi capability has taken a hit (hardware problem) and am planning to get a new one now. Repair seems out of the option based on friendly neighborhood guy, will check with authorized center tomorrow if possible.

Am confused about which one to go for now. Some reading on the internet suggests that the 802.11ac is the new standard and hence should be considered (TP Link Archer D20 is one @ INR 3550). But the reviews about it are mixed and some say that the 5 GHz band is not effective much. Am thinking of reverting back to TD W8968 only (version 4 or 5, which ever is latest available). Any inputs would be much appreciated please.

While I do have airtel provided modem, and a plain router would also suffice, am planning to get a modem+router device to avoid having to run two devices simultaneously.

Cheers,
S

[NetfreakBombay]

Quote:

Originally Posted by sukhoi

Am thinking of reverting back to TD W8968 only (version 4 or 5, which ever is latest available).

Since it costs just 1800 Rs, switching back to it makes sense. In this price range, a router that works beyond 2 - 3 years is just luck. If it was working fine before hardware issue, just get the same unit and use for another 2 - 3 years.

[sandeepmohan]

Quote:

Originally Posted by sukhoi

Some reading on the internet suggests that the 802.11ac is the new standard and hence should be considered

It is the new standard for high speed wi fi for sure but severe limitations when it comes to range, especially in our homes, which have thick walls. I've spent time with a Asus RT-AC3200, a very expensive multi band, multi antenna router. Did it improve connectivity over the regular dual antenna TP Link AC router that I own? Not one bit. I use an AC router but none of my devices are connected over AC. It is still connected on N and I face no problems on range or speed. Netflix HD does stall once in a while and this problem is specific to the conditions in my home. For the most part, heavy HD content streams easily over wireless N. Range is a serious issue with wireless AC so be careful with your choice.

[sdp1975]

Need a router with good range. I currently have a Binatone - DT-850W ADSL modem+router that I got when I took the Airtel connection. I find the range to be very poor.

The router is in my hall and the signal strength strength in my 2 rooms is almost nil. There are some 3 walls in between. Any recommendations ? Should I try an repeater/extender instead ?

[motorpsycho]

Guys,

My parents use a BSNL router and lately they have had a lot of issues with the router, BNSL tech have been of no help and told them to buy another one.

So, kindly suggest some routers.

[sandeepmohan]

Quote:

Originally Posted by sdp1975

Need a router with good range.

Quote:

Originally Posted by motorpsycho

BNSL tech have been of no help and told them to buy another one.

Both of you require a ADSL router.

Listing two options. I highly recommend the more expensive one for the sake of a little more future proofing. Range should not be a concern with both the models.

http://www.tp-link.in/products/detai..._TD-W8970.html approx Rs. 4800

http://www.tp-link.in/products/detai..._TD-W8968.html approx Rs. 2000

I don't have much experience with other brands of router so can't recommend.

[dre@ms]

Have been using the TP Link WR740N for my Act internet and exactly after completing 2 years have been facing a bizarre issue of frequent/long disconnects during night time. Did a factory reset, firmware upgrade to no avail. Seems WAN port is the culprit as per Google.

Time to replace it and looking for the best. Budget < 2k. Any suggestions?

[diyguy]

Quote:

Originally Posted by dre@ms

Have been using the TP Link WR740N for my Act internet and exactly after completing 2 years have been facing a bizarre issue of frequent/long disconnects during night time.

I believe TP-Link has a three year warranty and you should just send it in for replacement. I have recommended TP-Link models to my friends and three of them are using it without any complaints. I have netgear R7000 myself as well a a linksys, and Asus. Only the netgear is a recent purchase while the others are > 5 years old

[sumathindra]

I have a dlink dir615 router and since a week now it is just not connecting to the net! However the dlink modem is connected and if i use a cable i am done.

I have tried resetting/re configuring the router however no luck. Any pointers please?

[kutoos]

Dear Friends,

I have a DSL-2750U ADSL modiem. Recently i switched to YOU broadband, and this required a WAN port on the router. While browsing i came across an article on youtube which spoke about turning your ADSL model to support WAN interface.

However teh catch was the Indian firmware was not supported, and had to use the Middle East firmware. Post the FW update, things wee honky-dory, and i was able to use the same modem with both BSNL & YOU exclusively.

The challenge that i have now is that whne i use the YOU broadband connection, the wireless speeds drop down to pre 1990 era speeds.

The wireless range is excellent. For testing I've used teh router and the mobile/laptop in the same room.

I've bridged the WAN port as well, any pointers on why the speeds are slow only on the WAN interface and not on teh BSNL ADSL interface?

Thanks

[hserus]

That is the ASUS model right, that has both a wan ethernet as well as a phone jack input.

You don't need any middle eastern etc firmwares for it, just the local firmware will work fine, stick the ethernet cable you get into the first WAN port.

At least that was what I did in one of my past ASUS routers that was a previous generation of your model.

For your slow speeds I would check the WAN ethernet cable. Either loose at your end, or on a switch port with a lot of congestion / nearby port has noisy traffic etc, at the provider's end. Check if it is loose at your end, or ask the provider to check at his end.

Quote:

Originally Posted by kutoos

Dear Friends,

I have a DSL-2750U ADSL modiem. Recently i switched to YOU broadband, and this required a WAN port on the router. While browsing i came across an article on Youtube which spoke about turning your ADSL model to support WAN interface.

However teh catch was the Indian firmware was not supported, and had to use the Middle East firmware. Post the FW update, things wee honky-dory, and i was able to use the same modem with both BSNL & YOU exclusively.

The challenge that i have now is that whne i use the YOU broadband connection, the wireless speeds drop down to pre 1990 era speeds.

The wireless range is excellent. For testing I've used teh router and the mobile/laptop in the same room.

I've bridged the WAN port as well, any pointers on why the speeds are slow only on the WAN interface and not on teh BSNL ADSL interface?

Thanks