How to secure the actual router itself in case it gets stolen?

So i have an openvpn client configured and fully operational on my GL.inet 750 device. What if i happen to lose the device? Someone else can plug into it via ethernet and get access to my internal network.

Is there a way to create a captive portal in the device itself so that if someone else were to steal the device and connect to it, even after connecting to it via ethernet, they would have to enter additional credentials before gaining access to my openvpn?

RIght now, openvpn makes me save the username/password into the device, which doesn’t help with security if the device were to be taken from me.

Seems like you are self hosting the openvpn server on in your network?
If so, you can use a key pair. If you loose the device just revoke the openvpn keypair.
You also want to have passwords on any network shares on your network, and not have anything running you don’t want anyone to see (even a guest at your home).

Unfortunately there is nothing you can really do if you loose the device. Even if you set up some kind of security, the device is not encrypted. Anyone can just dump the memory of the device and access any keys, usernames, passwords stored.

Ok thank you. That’s what I thought, just simple CA certificate revocation. But it doesn’t help with the security of dumping the configuration and getting all the openvpn info.

Maybe in the future they can encrypt the HD on this thing and work towards a more secure solution should it get lost

There is not much that can be done until the wireless router chipsets come with hardware accelerated crypto and a secure enclave. Even if you do encrypt the drive now, the key has to be stored somewhere and will be found.

I have never seen a single wireless router with those features.

You will just have to make sure you don’t loose it. If you do, like i said just revoke the keypair, maybe change mac address towards your ISP to force an IP change as well (won’t help much if you have a DDNS host in your config though).