Differences

This shows you the differences between two versions of the page.

--- basic_hardening [2026/01/09 23:47] – [VPN Connections] -Explain Stubby hogwild
+++ basic_hardening [2026/05/18 18:57] (current) – [Basic Steps to Harden FreshTomato] hogwild
@@ Line 1: / Line 1: @@
 ====== Basic Steps to Harden FreshTomato ======
-This HOWTO will provide some basic steps toward hardening your Freshtomato router. It is not intended to be a thorough or complete reference on securing your network. It is only a starting point.
+This HOWTO provides some basic steps toward hardening your Freshtomato router. It is not intended to be a thorough or complete reference on securing your network. It is only a starting point.
 Each small step will reduce your network's [[https://en.wikipedia.org/wiki/Attack_surface|attack surface]].  \\   \\
@@ Line 95: / Line 95: @@
 ===== VPN Connections =====
-  * Use a website to check for IP leaks. Recommended websites include: [[https://www.dnsleaktest.com|dnsleaktest.com]], [[https://controld.com/tools/dns-leak-test|controld.com]] and [[https://ipleak.net/|ipleak.net]]\\ If your real (physical) IP address leaks, your "cover is blown" and there's no point in using a VPN, as the main reason for using one is to hide that address. Avoid using most VPN providers' own test pages. Their "leak tests" almost always return a result of  "Unprotected". They do not display an IP address from their own VPN server pool, and in this way, can scare users into purchasing a "real secure VPN" \\ \\
+  * Use a website to check for IP leaks. Recommended sites include: \\ \\
-  * Use a website to check for DNS leaks. Also use them to test your DNS server information. If it leaks, you're not hiding your digital identity. Recommended websites include: [[https://www.dnsleaktest.com|dnsleaktest.com]], [[https://controld.com/tools/dns-leak-test|controld.com]] and [[https://ipleak.net/|ipleak.net]] \\ \\
+    * [[https://www.dnsleaktest.com|dnsleaktest.com]]
-  * Configure a kill switch.  A kill switch is basically a policy-based routing rule to ensure that when the VPN tunnel/encryption is dropped, FreshTomato will drop your Internet connection to the VPN provider. This prevents you from using the Internet while your real IP address is exposed.\\ \\
+    * [[https://controld.com/tools/dns-leak-test|controld.com]]
-  * Consider using a Stubby server for DNS resolution. Stubby enhances DNS privacy by allowing DNS over TLS (“DoT”). DoT sends DNS queries via a secure (TLS-encrypted) connection.
+    * [[https://ipleak.net/|ipleak.net]]
+ \\
+If your real (physical) IP address leaks, your "cover is blown". In that case, there's no point in using a VPN, as the main reason for using one is to hide that address. Avoid using most VPN providers' own test pages. Their "leak tests" almost always return a report of "Unprotected". They do not display an IP address from their own VPN server pool, and in this way, can scare users into purchasing a "real, secure VPN" \\  \\
+  * Use a website to test for DNS leaks. Also, use these sites to test your DNS server information. If it leaks, you're not hiding your digital identity.  \\ Recommended websites include: \\ \\
+    * [[https://www.dnsleaktest.com|dnsleaktest.com]]
+    * [[https://controld.com/tools/dns-leak-test|controld.com]]
+    * [[https://ipleak.net/|ipleak.net]] \\ \\ \\
+  * Configure a kill switch.  This is basically a policy-based routing rule to ensure that when the VPN tunnel is dropped, FreshTomato will drop your Internet connection to the VPN provider. This prevents you from using the Internet while your real IP address is exposed.\\ \\
+  * Consider using a Stubby server for DNS resolution. Stubby enhances DNS privacy by allowing DNS over TLS (“DoT”). DoT sends DNS queries via a secure (TLS-encrypted) connection. Note that network devices which use Stubby to resolve DNS queries, or point DNS queries to a router using Stubby will not have ads blocked by  the Adblock feature.

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools