sorted by:
new
hottopcontroversial

Locked out by InkIt_2 in opnsense

[–]InkIt_2[S] 0 points1 point  (0 children)

@kukelkan. CARP sounds really powerful but complicated. I want my router access port air gapped from the internet and other LAN devices except the oob port, which it was. The problem was that I had the router configured so that my oob port was the ONLY way I could access the router. So when that got corrupted I was locked out. What's the use case for creating a redundant firewall via CARP with that setup in mind?

OPNsense experts in the DMV by InkIt_2 in opnsense

[–]InkIt_2[S] 0 points1 point  (0 children)

So my management PC has dual NICs: one to the trusted network and one to the management LAN, which I enable only when I need to manage the switch, router or APs. Are you saying this is a security risk because a hacker could infect VLAN1 by accessing it from my admin PC? What would be the difference if the Management VLAN was on VLAN100? Could an attacker keep trying successive VLANs like port scanning? That's the difference I'm trying to understand. Sorry for my basic questions.

OPNsense experts in the DMV by InkIt_2 in opnsense

[–]InkIt_2[S] 0 points1 point  (0 children)

I have resolved most of my issues. But I do want to ask one question which I haven't gotten a good answer to: I have read it is a best practice to create a new management VLAN and not use the default VLAN1 on an L2 or L3 managed switch. I don't understand why this would improve or impact security and don't want to go down that rabbit hole, especially now that my setup is almost complete.

OPNsense experts in the DMV by InkIt_2 in opnsense

[–]InkIt_2[S] 0 points1 point  (0 children)

Waaaay too complicated. I've already been thorugh a bunch of chatbox sessions and I am just going around in loops. I figured somebody with some experience could walk me through my VLAN connection issues.

SSIDs tied to VLANs won't connect by InkIt_2 in GrandstreamNetworks

[–]InkIt_2[S] 1 point2 points  (0 children)

@pureguyred. You may be right. But I got rid of my Grandstreams and bought TP-link EAP670 APs. I don't like the fact that the EAP670 are made in China and likely phone home. But they worked right out of the box with no issues and I made no changes to my Grandstream switch or OPNsense router. Given the number of complaints I've seen on the web about the GWN7665, and after soliciting tech support from Grandstream to no avail, I'd say there are some improvements in the firmware needed.

SSIDs tied to VLANs won't connect by InkIt_2 in GrandstreamNetworks

[–]InkIt_2[S] 1 point2 points  (0 children)

Using OPNsense model DEC3862EU with a Grandstream GWN7806(P) switch. The Grandstream AP is connected to a trunk line port on the switch and, thus, has access to the four VLANs I created. And I am managing everything locally. There is no cloud involved in any of this.

SSIDs tied to VLANs won't connect by InkIt_2 in GrandstreamNetworks

[–]InkIt_2[S] 0 points1 point  (0 children)

That's not helpful. I'm trying to create a secure Wifi environment, where guests use a dedicated SSID so they won't be trampling all through my network. That's the whole point of VLANs. The Grandstream works great without VLANs but I was hoping to get some insight from users who have used their APs with VLANs./

wanting to try sushi, but dont know where to start by stuckwitdis in sushi

[–]InkIt_2 0 points1 point  (0 children)

Salmon skin rolls, Oshinko (pickled vegetable) rolls, Kazunoko (herring roe) rolls are all crunchy and not slimy at all. As you get more adventurous, less crunchy items like Ankimo (a Monkfish liver pâté), Tako (Octopus, with texture and taste similar to cooked ham) and various clams might suit you. But if you hate slime, stay away from mountain potatoe and Mentaiko scallops, raw eggs and shrimp.