FreshTomato Wiki

User Tools

Site Tools

Trace:
basic_hardening

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
basic_hardening [2026/05/18 18:54] – [VPN Connections] hogwildbasic_hardening [2026/05/18 18:57] (current) – [Basic Steps to Harden FreshTomato] hogwild
Line 1: Line 1:
 ====== Basic Steps to Harden FreshTomato ====== ====== Basic Steps to Harden FreshTomato ======
  
-This HOWTO will provide some basic steps toward hardening your Freshtomato router. It is not intended to be a thorough or complete reference on securing your network. It is only a starting point.+This HOWTO provides some basic steps toward hardening your Freshtomato router. It is not intended to be a thorough or complete reference on securing your network. It is only a starting point.
  
 Each small step will reduce your network's [[https://en.wikipedia.org/wiki/Attack_surface|attack surface]].  \\   \\ Each small step will reduce your network's [[https://en.wikipedia.org/wiki/Attack_surface|attack surface]].  \\   \\
Line 96: Line 96:
  
   * Use a website to check for IP leaks. Recommended sites include: \\ \\    * Use a website to check for IP leaks. Recommended sites include: \\ \\ 
-  * [[https://www.dnsleaktest.com|dnsleaktest.com]] +    * [[https://www.dnsleaktest.com|dnsleaktest.com]] 
-  * [[https://controld.com/tools/dns-leak-test|controld.com]]  +    * [[https://controld.com/tools/dns-leak-test|controld.com]]  
-  * [[https://ipleak.net/|ipleak.net]]+    * [[https://ipleak.net/|ipleak.net]]
  
  \\  \\
Line 104: Line 104:
 If your real (physical) IP address leaks, your "cover is blown". In that case, there's no point in using a VPN, as the main reason for using one is to hide that address. Avoid using most VPN providers' own test pages. Their "leak tests" almost always return a report of "Unprotected". They do not display an IP address from their own VPN server pool, and in this way, can scare users into purchasing a "real, secure VPN" \\  \\ If your real (physical) IP address leaks, your "cover is blown". In that case, there's no point in using a VPN, as the main reason for using one is to hide that address. Avoid using most VPN providers' own test pages. Their "leak tests" almost always return a report of "Unprotected". They do not display an IP address from their own VPN server pool, and in this way, can scare users into purchasing a "real, secure VPN" \\  \\
  
-  * Use a website to test for DNS leaks. Also, use them to test your DNS server information. If it leaks, you're not hiding your digital identity.  Recommended websites include: \\ \\ +  * Use a website to test for DNS leaks. Also, use these sites to test your DNS server information. If it leaks, you're not hiding your digital identity.  \\ Recommended websites include: \\ \\ 
     * [[https://www.dnsleaktest.com|dnsleaktest.com]]     * [[https://www.dnsleaktest.com|dnsleaktest.com]]
     * [[https://controld.com/tools/dns-leak-test|controld.com]]      * [[https://controld.com/tools/dns-leak-test|controld.com]] 
-    * [[https://ipleak.net/|ipleak.net]] \\ \\ +    * [[https://ipleak.net/|ipleak.net]] \\ \\ \\ 
-  * Configure a kill switch.  A kill switch is basically a policy-based routing rule to ensure that when the VPN tunnel/encryption is dropped, FreshTomato will drop your Internet connection to the VPN provider. This prevents you from using the Internet while your real IP address is exposed.\\ \\ +  * Configure a kill switch.  This is basically a policy-based routing rule to ensure that when the VPN tunnel is dropped, FreshTomato will drop your Internet connection to the VPN provider. This prevents you from using the Internet while your real IP address is exposed.\\ \\ 
   * Consider using a Stubby server for DNS resolution. Stubby enhances DNS privacy by allowing DNS over TLS (“DoT”). DoT sends DNS queries via a secure (TLS-encrypted) connection. Note that network devices which use Stubby to resolve DNS queries, or point DNS queries to a router using Stubby will not have ads blocked by  the Adblock feature.   * Consider using a Stubby server for DNS resolution. Stubby enhances DNS privacy by allowing DNS over TLS (“DoT”). DoT sends DNS queries via a secure (TLS-encrypted) connection. Note that network devices which use Stubby to resolve DNS queries, or point DNS queries to a router using Stubby will not have ads blocked by  the Adblock feature.
  
  
basic_hardening.1779126850.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki