• oatscoop
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    9 months ago

    Every single one of my “internet facing” devices is blocked from accessing the internet at the router. If I want to access them they either get added to my HomeAssistant instance or another computer that’s only accessible from the outside through my VPN.

    All of the convenience with the privacy concerns practically eliminated. It costs $6 a month in hosting for the VPS I set the wireguard server up on.

    • Patches@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      7
      ·
      9 months ago

      Every single one of my “internet facing” devices is blocked from accessing the internet at the router.

      This would be a lot more common if router software stopped being developed in the fuckin 80’s. Unless you get a commercial product they’re all so cryptic, and difficult to navigate.

      • towerful@programming.dev
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        9 months ago

        Routing, NAT and firewall are pretty complex things because its the backbone of everything: phones, websites, enterprises, government. It all uses the same tech. And very few networks are the same (the exception being consumer broadband home networks).
        The money for development is in the products for enterprise, so they have to have all the tuneables available and seem hugely complex to non-specialist users.

        So, there arent really any “easy” router/firewalls that are also flexible.

        Ubiquiti & TP-link do Software Defined Network stuff, abstracts away a lot of the complexity. But as soon as you want to do anything complex, you are digging into CLI and might as well use something designed for that.

        OpenWRT is apparently pretty good. Ive never used it.

        I now use OPNSense. Essentially freeBSD set up as a router/firewall, with a nice webGUI and loads of flexibility.
        I feel like this is what you are looking for

        I also dable in Mikrotik routers, and im considering moving to their RouterOS… Or even one of their appliances.

        openWRT, OPNSense, RouterOS can be installed on your own hardware. So you could use an old desktop, stick a decent network card in it and use that with a bridge modem.

        • Patches@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I got a Synology router which is absolutely far from the best hardware but it is so human readable. I don’t have to guess what anything does, or what sub menu it is under. That was worth the premium for me.

          I tried openWRT on a TM Ac1900. It is not an easy process to get that loaded - I can tell you that.