gefvert.org

Set Up a Home Wifi

Friday, 14 October 2022 - 3 minutes to read

How to set up a home wifi that works well for your family:

  1. If your Internet Service Provider (Spectrum, Charter, Telia, whatever) has given you a modem:
    • Keep the modem.
    • Immediately turn off the wifi part of the modem and never, ever use it again. ISP routers are crap.
  2. Buy a mesh-capable wifi router system.
    • My recommendation is a Synology RT2600ac (slightly cheaper) - or a Synology RT6600ax (more expensive but newer and faster). 1
    • If you need additional wifi access points to cover a larger area, buy one or more Synology MR2200ac access points. They work very well with the RT series routers and provide a seamless Internet experience across a large area.
    • You can also look into the Ubiquity ecosystem, if you want to go the professional route (without enterprise pricing levels).
  3. Link up the mesh wifi units with cat5e ethernet cabling (or cat6 if you're really cool).
    • Do not use wifi to connect them unless you're desperate.
    • Also run cat5e (or cat6, cool boy) cabling to your office computer, your printer, and the TV.
    • Give your most common devices (printer, TV, etc) fixed IP addresses (reserved DHCP addresses) so they stay the same.
  4. Secure your router.
    • Replace the master password on the router immediately. Do not use the default password unless you have an urge to be part of a crime syndicate botnet and run cryptominers for other people.
    • Enable automatic updates.
    • Configure the router to restart weekly.
    • Disable external access (access to the system administration from the internet) unless you really, really need it.
  5. Configure the Wifi portion.
    • For 2.4 GHz networks, use channel 1, 6, or 11 for best results. This minimizes overlap with other possible Wifi networks (from your neighbors).
    • For 5 GHz networks, set it to auto.
    • Make sure you use WPA2-Personal security and a reasonably difficult password.
    • Disable WPS. Do not use. Many implementations of WPS may be insecure.
    • Feel free to set up a guest network. Make sure it's secured. Use time limits to block connectivity during the night.
  6. Configure parental controls.
    • Synology has best-in-class parental controls.
    • Change the DNS setting on the router to the IP address 1.1.1.3 and 1.0.0.3. This is a public DNS run by Cloudflare that protects against malware and pornography.
    • The IPv6 version of the above is 2606:4700:4700::1113 and 2606:4700:4700::1003, if you run IPv6. 2
    • While you're at it, you may want to configure your family's phones to use Private DNS and set it to family.cloudflare-dns.com - this is the same as 1.1.1.3 above but uses Private DNS, works over IPv4 and IPv6 networks, and effectively prevents DNS queries for any adult content - and it works regardless of whether you're on Wifi or not.

This should get you up and running with a decent system.

1) I would love to be sponsored by Synology, but alas, I am not.

2) I don't run IPv6 because Azure does weird things with IPv6 from time to time. Otherwise I would love to have it enabled. Synology routers handle IPv6 very well.


Add a comment

  to leave a comment. It's quick and painless.