!kDYMmhJUsdeGgGGYwz:matrix.org

Networking

307 Members
74 Servers

Load older messages


SenderMessageTime
26 Jan 2023
@SnarkTest:matrix.orgAtypicalKernelEven a single PAW is probably over kill for most home setups but then again I build my own rack mount router, ran managed switches, and POE enterprise AP so..... Ya might say over kill is a thing for me15:46:19
@SnarkTest:matrix.orgAtypicalKernel* I follow the concept of least privilege, if something doesn't need to talk to something it doesn't. Also I think in threat modeling terms, so not so much trusted/untrusted but more what bad behavior do I expect and how to mitigate said bad behavior15:46:56
@SnarkTest:matrix.orgAtypicalKernel* Even a single PAW is probably over kill for most home setups but then again I built my own rack mount router, ran managed switches, and POE enterprise AP so..... Ya might say over kill is a thing for me15:47:44
@SnarkTest:matrix.orgAtypicalKernel

One thing I will say is that while I love that OpenWRT is a thing it drives me nuts trying to do more advanced things.

OPNSense uses much more standard terminology and (in my opinion) is easier to admin

Also you may want to go the route of an actual AP+router. Many APs will be able to advertise multiple SSIDs and dump them into the appropriate VLAN. It also allows for optimum placement of the AP

15:53:13
@SnarkTest:matrix.orgAtypicalKernelA few brands to check out are https://protectli.com/ and Omada APs (from TP link), there is of course the well known ubiquity gear but personally not a fan15:56:13
@sleuth:rexrobotics.orgSleuth joined the room.19:57:56
@marksort:matrix.orgMark joined the room.21:13:22
@erik_red:matrix.orgerik_red joined the room.23:32:51
27 Jan 2023
@splintter:matrix.orgAndreas AtypicalKernel: what hardware/device would run open sense on? The protectli? I assume that per AP I should run either openwrt or open sense? Because I'm both looking for the hardware as well as the software in the stack. I love your separation! 16:30:43
@SnarkTest:matrix.orgAtypicalKernelOPNSense on the protectli or any other x86 box (I built my own), WiFi Access Points (AP) typically run an embedded os and do nothing more than provide WiFi16:33:29
@SnarkTest:matrix.orgAtypicalKernelAlso keep in mind if you are going to be using switches with vlans they need to be at least layer 2 managed16:34:31
@kasperlitheater:matrix.orgKasperli Theater joined the room.18:49:43
@kasperlitheater:matrix.orgKasperli Theater changed their display name from Sergej Lettiva to Kasperli Theater.18:51:28
28 Jan 2023
@dcossey014:matrix.orgDavid
In reply to @splintter:matrix.org
AtypicalKernel: what hardware/device would run open sense on? The protectli? I assume that per AP I should run either openwrt or open sense? Because I'm both looking for the hardware as well as the software in the stack. I love your separation!
I bought a couple Sophos hardware firewalls from eBay then loaded pfsense on them. Works wonderfully. I did have Opnsense sense on there before but it was easier to find tutorials for pfsense when you move into LAN tagging and network isolation for IoT
00:09:22
@SnarkTest:matrix.orgAtypicalKernel
In reply to @dcossey014:matrix.org
I bought a couple Sophos hardware firewalls from eBay then loaded pfsense on them. Works wonderfully. I did have Opnsense sense on there before but it was easier to find tutorials for pfsense when you move into LAN tagging and network isolation for IoT
Those are another good option as well for hardware, unfortunately simply due to PFSense being around longer there is more "brand recognition" and tutorials out there. Ive run it in the past, never will again. OPNSense all the way for me
03:52:47
@dcossey014:matrix.orgDavid
In reply to @SnarkTest:matrix.org
Those are another good option as well for hardware, unfortunately simply due to PFSense being around longer there is more "brand recognition" and tutorials out there. Ive run it in the past, never will again. OPNSense all the way for me
I thought that way too. Until I couldn’t get VLAN separation working right. Then I had to jump ship back to pfsense
04:36:08
@SnarkTest:matrix.orgAtypicalKernel
In reply to @dcossey014:matrix.org
I thought that way too. Until I couldn’t get VLAN separation working right. Then I had to jump ship back to pfsense
I hear putting an "allow any<>any" at the top of the firewall rules tends to get things working 😆🤣🤦🏻😜
05:11:39
@drasticmatchbox:matrix.orgdrasticmatchbox joined the room.05:43:56
@warped:linuxdelta.comWarped "deny all" is more secure, and the only firewall rule you need. 😜 05:48:30
@playback2396:matrix.orgplayback2396 joined the room.09:52:52
@lukebouch:matrix.orglukebouch “You shall not pass” 14:56:49
@goldenboy101:matrix.orggoldenboy101 joined the room.17:25:11
29 Jan 2023
@aaburger85:matrix.orgWirelesslyWired joined the room.17:07:58
@eraisuithon:matrix.orgEraisuithon joined the room.23:17:51
30 Jan 2023
@gromboli:blabber.casa@gromboli:blabber.casa left the room.01:17:58
@dannym:balooga.xyzDanny joined the room.08:17:46
@pepin:globohomo.co@pepin:globohomo.co left the room.12:37:53
@routenot:matrix.orgroutenot joined the room.13:48:51
@pedro_91:matrix.orgpedro_91 joined the room.18:19:02
@safstrom:matrix.orgOliver Säfström joined the room.18:25:28

There are no newer messages yet.


Back to Room List