from HiddenLayer555@lemmy.ml to privacy@lemmy.ml on 29 Nov 08:00
https://lemmy.ml/post/39620855
I use Linux on all my personal computers and privacy respecting ROMs on phones, and Pi-Hole, but a part I haven’t really taken a look at is my network at home.
I currently have my ISP’s smart router in bridge mode connected to a brand name Wi-Fi 6 router with a wireless “mesh” range extender. I really like the range extender because it has an Ethernet port so it’s basically a “free” Ethernet plug for that room connected to a high power Wi-Fi transceiver that’s faster than a lot of on board Wi-Fi antennas.
But I feel like it’s probably not the best thing privacy and security wise? I already don’t use the app and luckily it still has a web interface for management, but I don’t know how secure the firmware is or if it has any corporate “analytics” or not. I’m thinking a PFsense or similar router software on Linux box to connect to the bridge port of my ISP’s router since I was told the “Ethernet” cable connecting from it to the fiber modem won’t work with a store bought router, I assume it has some kind of DRM?
I already have an old PC in mind to convert to a router. I assume I could just use the onboard Ethernet port to talk to the router and add my own USB NIC to connect to the main switch?
I don’t know what to do for Wi-Fi though, could I buy two dedicated access points and put them on different floors, and have them both connected to the wired network? How hard would it be to have those be the same Wi-Fi network and have devices actually switch between them depending on location?
Also, most of my NICs and switches are from the thrift store or eBay for higher end used server parts. Is that bad? As in how worried should I be about the firmware running in those being tampered with by whoever owned it last?
threaded - newest
Ahh, another cultured person. The only thing you’ll get out of having a pfSense or Open sense box is a better firewall. If you want to properly segment your network with vlans and what can talk to what. My setup sounds like the same as yours. ISP box in bridge mode > Asus RT-AX86 (stock firmware cause I’ve been lazy) > pi-hole > network. I have a little Asus travel router in the garage in mesh mode.
I have two avenues to travel for an upgrade. I could grab on of those N100 boxes that they have on Amazon with the dual NIC and throw pfSense on it and AP mode the Asus router or I can spend money, cause I like nice things and grab a Ubiquity UDMpro and one of there PoE switches, cause I like PoE, and then throw the Asus stuff in AP mode.
I personally like Ubiquity cause it isn’t Chineseium or Cisco with their shitty patching. Both options also give me experience messing around with industry standard firewalls (for the job experience). It really comes down to if you wanna stick with open source or not.
Sorry, I don’t understand your Ethernet cable from the fiber box to router question.
I also have one of those USB NICs, never tried it like that though. I’d assume it’ll work. Only one way to fins out.
I haven’t meshed with many straight APs that aren’t Ubiquity. The have a network controller app that has a webpage that let’s you set them all up. I’m surprised your WiFi router doesn’t have an AP mode.
Buying used is good, just factory reset everything you get. Keep that stuff out of the landfill.
Set up some computer with a pair of nics to run pfsense. Get two wireless routers that are supported by openwrt/tomato/whatever. Get a switch that operates at the highest link rate in your network. Plug it all up and configure the two wireless routers to operate their wireless network as either access point&wds or wds, I can’t remember which.
It depends on your threat model or how I like to call it: the paranoia level. Since all connections go through the ISP router anyway you won’t really gain that much privacy unless you directly put a VPN on your router.
Here is what you could potentially stop leaking:
Also theoretically, the router could be an entry point to do attacks against your devices.
People who use pfsense mostly do that because they want more features. For example I have an IoT VLAN that cannot talk to the internet.
For privacy the simplest thing would be to try and put a custom firmware on your WiFi router, like OpenWRT.
Everything else is a bit of an overhaul. And in the end, you always have to trust that the WiFi access points manufacturers firmware does not exfiltrate data.
Also, I would just try plugging in to the modem and see what happens. Most likely you’re just wasting power right now with that ISP router.
For wifi what you can do to break free from the proprietary black box “mesh” networks is to build it youself using openwrt. I’d only recommend it if you find learning networking fun, not a chore, as it takes some fiddling.
openwrt.org/docs/guide-user/network/wifi/roaming
Having a pfsense between your LAN and the ISP means the ISP won’t know as much about your LAN devices, they are usually the true admin of the ISP router and can see what it sees.
I imagine you’ve run factory reset on the switches you bought second hand, should be enough.
Bonus: If you want to break ip cameras free check out thingino.com and frigate.video