Node: Router Setup

20 Oct, 2025

Tip jar 🫙 expatriotic@walletofsatoshi.com

Donations
Bitcoin paynym = +expatriotic
Monero QR

88D6SZFBA6fFhYGdnY4c57dTAJD6jyqRTfCKwHjZrfdnhd8phAMYnDQWSJrqyAmgVHV7mDU6soaHogZvno1AUXp79DwtWvK

GL.iNet Flint 2 (GL-MT6000)

ISP-provided routers are insecure, limit control, and are often used for network-level monitoring. A high-performance, user-controlled router is a non-negotiable component for a secure network.

The GL.iNet Flint 2 (GL-MT6000) is the recommended hardware. It runs a stable, open-source OpenWrt core, providing granular, auditable control over your network. Its CPU and RAM are powerful enough to handle high-speed, encrypted VPN traffic for your entire network without creating a bottleneck.

This guide covers the two essential configurations for your router: network-wide privacy and static IP assignment for your server.

Router-Level Privacy (VPN & DNS)

This configuration ensures all traffic from all devices on your network is encrypted and private by default.

Mullvad VPN Configuration

Running a VPN at the router level is superior to client-side applications. It enforces encryption for all devices on your network (including servers and IOT devices) and prevents common IP leaks.

Mullvad is the recommended provider. It is demonstrably privacy-focused:

• It maintains a strict, audited no-logging policy.
• It requires no email; accounts are identified by an anonymous number.
• It accepts private payments, including Monero, Bitcoin, and cash by mail.

Setup Steps:

1. Go to https://mullvad.net/
2. Acquire a Mullvad account, funding it with Monero for maximum privacy.
3. Log in to your Flint 2 dashboard (default: 192.168.8.1).
4. Navigate to VPN > WireGuard > WireGuard Client.
5. Select Mullvad and input your account number
6. Start the VPN connection.
7. Crucially, enable the VPN Kill Switch. This setting blocks all internet traffic if the VPN tunnel drops, ensuring your server's real IP address is never exposed.

Custom DNS Configuration (Quad9)

Do not use your ISP's DNS, as this logs your entire browsing history. We will use Quad9, a free, non-profit, privacy-focused service that also blocks malicious domains at the DNS level.

Setup Steps:

1. In the Flint 2 dashboard, navigate to Network > DNS.
2. Enable "DNS Rebinding Attack Protection".
3. Enable "Override DNS Settings for All Clients".
4. Select "Custom DNS" and input the Quad9 addresses:
   • 9.9.9.9
   • 149.112.112.112

Server Static IP Assignment

Servers require a stable, predictable IP address. Your router's DHCP service (which assigns temporary IPs) is built for transient clients, not permanent infrastructure. Assigning a static IP is mandatory for reliability.

We will configure this static IP on the Ubuntu server itself, not in the router's settings.

Ubuntu Network Configuration

During the Ubuntu Server installation, you will reach the Network Configuration screen. Follow these steps precisely.

1. Your Ethernet interface (e.g., eth0) will show an IP address assigned by your router (DHCP).
2. Select it, navigate to Edit IPv4, and change the method from Automatic (DHCP) to Manual.
3. Enter the following network details. This example assumes your Flint 2 router is at its default address, 192.168.8.1.

• Subnet: 192.168.8.0/24
• Address: 192.168.8.50
• Gateway: 192.168.8.1
• Name servers: 9.9.9.9, 149.112.112.112

Why This Is Necessary

A static IP ensures your server is always reachable at the same address on your local network (e.g., 192.168.8.50).

If you relied on DHCP, the server's IP could change after a reboot, breaking all SSH connections, internal service communication (e.g., your node to an electrum server), and any port-forwarding rules. This manual configuration is the professional standard for any server.