securitygems.com

The automated system for building firmware for a specific devices allows including a first boot script. This can be very useful, for example a device with no physical port.
forum.openwrt.org/t/the-openwrt-firmware-selector/81721/341

egc dropped a useful writeup github.com/egc112/OpenWRT-egc-add-on/tree/main/stop-dns-leak

Low Cost Threat Intel Provider intelfinder.io
Identify threats such as:
– Similar Domain Registration: threat of Phishing, brand abuse and cybersquatting – Leaked Employee Credentials – Exposed Subdomains – Rogue Mobile Apps – Leaked Documents – Leaked Source Code – Domain Hijacking – Domain and SSL Certificate Expiration

Try it. github.com/horsicq/Detect-It-Easy
Detect It Easy, or abbreviated “DIE” is a program for determining types of files.
“DIE” is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.
Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.

Tools: Adblock Plus, Ublock, Ghostery
And use PiHole for your local DNS server

Freenom stopped domain registrations several months ago. Netcraft has reported a drop in phishing emails blocked with Freenom domains www.netcraft.com/blog/impact-of-freenom-halting-registrations-on-cybercrime/#:~:text=Freenom%2C%20which%20offers%20free%20domain,domain%20registrations%20in%20March%202023 .
Some are looking to other free domain providers such as pp.ua or eu.org nic.eu.org/
dyn.addr.tools has a simple DDNS method
There are other related tools challenges.addr.tools dns-01 ACME challenge helper zone dyn.addr.tools simple dynamic DNS for your own domains, no account required header-echo.addr.tools view HTTP request headers, modify HTTP response headers info.addr.tools explore identifying information for domain names and IP addresses ip.addr.tools construct domain names that resolve to any given IP address myip.addr.tools get your external IP address dnscheck.tools identifies your DNS resolvers, checks DNSSEC validation, and more
dyn.addr.tools/
dnscheck.tools/#more

It is useful to have an SSID for normally routed traffic and a separate one to connect to for VPN users. With OpenWrt, sometimes there are guides to all the different pieces, but not exactly put together in the way you want. This post does a great job of leveraging existing guides and knitting them all together for the desired solution.
A detailed guide is posted. One of the key steps is the uci set network.wgserver.route_allowed_ips=”1″ change it to uci set network.wgserver.route_allowed_ips=”0″
forum.openwrt.org/t/alternate-ssid-just-for-vpn-traffic/170908

There are some previous posts with similar topics

forum.openwrt.org/t/openwrt-21-02-1-multiple-vpn-with-multiple-ssid/113640 forum.openwrt.org/t/2-ssid-one-vpnd-one-not/99790 https://www.reddit.com/r/openwrt/comments/yyhm7i/one_router_one_wireguard_vpn_two_ssids/alter

You can use separate cables for untagged ports on each device. Or trunk tagged ports over one cable
A Master Designer has laid out the options forum.openwrt.org/t/one-network-interface-but-4-physical-ports/170892/6

The community knights of the route table have created a script to solve this problem. forum.openwrt.org/t/detecting-user-installed-pkgs/161588/16

You can try this script. Might want to add a uci commit wireless
forum.openwrt.org/t/changing-mac-address-presented-to-network/94215/3