| 26 Jan 2023 |
 AtypicalKernel | Even a single PAW is probably over kill for most home setups but then again I build my own rack mount router, ran managed switches, and POE enterprise AP so..... Ya might say over kill is a thing for me | 15:46:19 |
| AtypicalKernel | * I follow the concept of least privilege, if something doesn't need to talk to something it doesn't.
Also I think in threat modeling terms, so not so much trusted/untrusted but more what bad behavior do I expect and how to mitigate said bad behavior | 15:46:56 |
| AtypicalKernel | * Even a single PAW is probably over kill for most home setups but then again I built my own rack mount router, ran managed switches, and POE enterprise AP so..... Ya might say over kill is a thing for me | 15:47:44 |
| AtypicalKernel | One thing I will say is that while I love that OpenWRT is a thing it drives me nuts trying to do more advanced things.
OPNSense uses much more standard terminology and (in my opinion) is easier to admin
Also you may want to go the route of an actual AP+router. Many APs will be able to advertise multiple SSIDs and dump them into the appropriate VLAN. It also allows for optimum placement of the AP | 15:53:13 |
| AtypicalKernel | A few brands to check out are https://protectli.com/ and Omada APs (from TP link), there is of course the well known ubiquity gear but personally not a fan | 15:56:13 |
|  Sleuth joined the room. | 19:57:56 |
|  Mark joined the room. | 21:13:22 |
|  erik_red joined the room. | 23:32:51 |
| 27 Jan 2023 |
 Andreas | AtypicalKernel: what hardware/device would run open sense on? The protectli? I assume that per AP I should run either openwrt or open sense?
Because I'm both looking for the hardware as well as the software in the stack.
I love your separation! | 16:30:43 |
| AtypicalKernel | OPNSense on the protectli or any other x86 box (I built my own), WiFi Access Points (AP) typically run an embedded os and do nothing more than provide WiFi | 16:33:29 |
| AtypicalKernel | Also keep in mind if you are going to be using switches with vlans they need to be at least layer 2 managed | 16:34:31 |
|  Kasperli Theater joined the room. | 18:49:43 |
| Kasperli Theater changed their display name from Sergej Lettiva to Kasperli Theater. | 18:51:28 |
| 28 Jan 2023 |
 David | In reply to @splintter:matrix.org
AtypicalKernel: what hardware/device would run open sense on? The protectli? I assume that per AP I should run either openwrt or open sense?
Because I'm both looking for the hardware as well as the software in the stack.
I love your separation! I bought a couple Sophos hardware firewalls from eBay then loaded pfsense on them. Works wonderfully. I did have Opnsense sense on there before but it was easier to find tutorials for pfsense when you move into LAN tagging and network isolation for IoT | 00:09:22 |
| AtypicalKernel | In reply to @dcossey014:matrix.org
I bought a couple Sophos hardware firewalls from eBay then loaded pfsense on them. Works wonderfully. I did have Opnsense sense on there before but it was easier to find tutorials for pfsense when you move into LAN tagging and network isolation for IoT Those are another good option as well for hardware, unfortunately simply due to PFSense being around longer there is more "brand recognition" and tutorials out there. Ive run it in the past, never will again. OPNSense all the way for me | 03:52:47 |
| David | In reply to @SnarkTest:matrix.org
Those are another good option as well for hardware, unfortunately simply due to PFSense being around longer there is more "brand recognition" and tutorials out there. Ive run it in the past, never will again. OPNSense all the way for me I thought that way too. Until I couldn’t get VLAN separation working right. Then I had to jump ship back to pfsense | 04:36:08 |
| AtypicalKernel | In reply to @dcossey014:matrix.org
I thought that way too. Until I couldn’t get VLAN separation working right. Then I had to jump ship back to pfsense I hear putting an "allow any<>any" at the top of the firewall rules tends to get things working 😆🤣🤦🏻😜 | 05:11:39 |
|  drasticmatchbox joined the room. | 05:43:56 |
 Warped | "deny all" is more secure, and the only firewall rule you need. 😜 | 05:48:30 |
|  playback2396 joined the room. | 09:52:52 |
 lukebouch | “You shall not pass” | 14:56:49 |
|  goldenboy101 joined the room. | 17:25:11 |
| 29 Jan 2023 |
|  WirelesslyWired joined the room. | 17:07:58 |
|  Eraisuithon joined the room. | 23:17:51 |
| 30 Jan 2023 |
|  @gromboli:blabber.casa left the room. | 01:17:58 |
|  Danny joined the room. | 08:17:46 |
|  @pepin:globohomo.co left the room. | 12:37:53 |
|  routenot joined the room. | 13:48:51 |
|  pedro_91 joined the room. | 18:19:02 |
|  Oliver Säfström joined the room. | 18:25:28 |
