Sender | Message | Time |
---|---|---|
26 Jan 2023 | ||
Even a single PAW is probably over kill for most home setups but then again I build my own rack mount router, ran managed switches, and POE enterprise AP so..... Ya might say over kill is a thing for me | 15:46:19 | |
* I follow the concept of least privilege, if something doesn't need to talk to something it doesn't. Also I think in threat modeling terms, so not so much trusted/untrusted but more what bad behavior do I expect and how to mitigate said bad behavior | 15:46:56 | |
* Even a single PAW is probably over kill for most home setups but then again I built my own rack mount router, ran managed switches, and POE enterprise AP so..... Ya might say over kill is a thing for me | 15:47:44 | |
One thing I will say is that while I love that OpenWRT is a thing it drives me nuts trying to do more advanced things. OPNSense uses much more standard terminology and (in my opinion) is easier to admin Also you may want to go the route of an actual AP+router. Many APs will be able to advertise multiple SSIDs and dump them into the appropriate VLAN. It also allows for optimum placement of the AP | 15:53:13 | |
A few brands to check out are https://protectli.com/ and Omada APs (from TP link), there is of course the well known ubiquity gear but personally not a fan | 15:56:13 | |
19:57:56 | ||
21:13:22 | ||
23:32:51 | ||
27 Jan 2023 | ||
AtypicalKernel: what hardware/device would run open sense on? The protectli? I assume that per AP I should run either openwrt or open sense? Because I'm both looking for the hardware as well as the software in the stack. I love your separation! | 16:30:43 | |
OPNSense on the protectli or any other x86 box (I built my own), WiFi Access Points (AP) typically run an embedded os and do nothing more than provide WiFi | 16:33:29 | |
Also keep in mind if you are going to be using switches with vlans they need to be at least layer 2 managed | 16:34:31 | |
18:49:43 | ||
18:51:28 | ||
28 Jan 2023 | ||
In reply to @splintter:matrix.orgI bought a couple Sophos hardware firewalls from eBay then loaded pfsense on them. Works wonderfully. I did have Opnsense sense on there before but it was easier to find tutorials for pfsense when you move into LAN tagging and network isolation for IoT | 00:09:22 | |
In reply to @dcossey014:matrix.orgThose are another good option as well for hardware, unfortunately simply due to PFSense being around longer there is more "brand recognition" and tutorials out there. Ive run it in the past, never will again. OPNSense all the way for me | 03:52:47 | |
In reply to @SnarkTest:matrix.orgI thought that way too. Until I couldn’t get VLAN separation working right. Then I had to jump ship back to pfsense | 04:36:08 | |
In reply to @dcossey014:matrix.orgI hear putting an "allow any<>any" at the top of the firewall rules tends to get things working 😆🤣🤦🏻😜 | 05:11:39 | |
05:43:56 | ||
"deny all" is more secure, and the only firewall rule you need. 😜 | 05:48:30 | |
09:52:52 | ||
“You shall not pass” | 14:56:49 | |
17:25:11 | ||
29 Jan 2023 | ||
17:07:58 | ||
23:17:51 | ||
30 Jan 2023 | ||
01:17:58 | ||
08:17:46 | ||
12:37:53 | ||
13:48:51 | ||
18:19:02 | ||
18:25:28 |