penetration test – Securing the home network using third-party firmware / access points

I had some problems on my home network and I thought having a router as an access point would help repair those attacks. At first it was, but now it seems that the attackers managed to pass. As far as I know, it could be a pesky script not necessarily an "attacker" – simply using this term as a general descriptor of an unauthorized device or worm on my network.

The most obvious signs of outdoor activity are incoming DHCP connection attempts when using OpenVPN with certain IP addresses and DNS failover on an Indonesian server when using certain ports. Some questions with a basic map of my connection below (using Ethernet):

[MODEM/ROUTER] -> [ROUTER/AP] -> [My Computer]

  • Would using OpenVPN on my router or my computer help deter these types of attacks?

  • Is there an advantage to using two routers versus one to prevent traffic from passing? Does the overlay of access points help in this situation? I had the impression that a DMZ would help to isolate my machine from others … but it is possible that the configuration of the DMZ is not strict enough.

  • Would the configuration of pFSense on a standby computer be more secure than using a third-party firmware on a router? (eg Tomato, Gargoyle, OpenWRT, DD-WRT) I thought that packages such as DNSCrypt / DNSMasq would help to solve the DNS problems described above. I do not know how to reinforce DHCP beyond a definition of authority, and so on.